random quote Link: Publications Forum Link: About DLF Link: News
Link: Digital Collections Link: Digital Production Link: Digital Preservation Link: Use, users, and user support Link: Build: Digital Library Architectures, Systems, and Tools
photo of books






Please send the DLF Director your comments or suggestions.

Assessing Shibboleth as a means of authenticating and authorizing access to electronic scholarly publications. A DLF/CNI workshop

Peter Brantley (NYU), D Greenstein (DLF), Clifford Lynch (CNI)
February 2, 2002


Shibboleth has been proposed by Internet2 as a technology to support inter-institutional authentication and authorization for access to Web pages. Its intent is to support, as much as possible, the heterogeneous security systems in use on campuses today, rather than mandating use of particular schemes like Kerberos or X.509-based PKI.

The technology is intended as a generic one and as such has yet to be evaluated in any particular applied domain.

The purpose of this workshop is to evaluate Shibboleth as a possible technology for authenticating and authorizing access to electronic scholarly publications

This document provides a problem statement that will frame workshop discussion

Problem statement

In the academic and business worlds, there is rapidly growing interest in resource-sharing among institutions and the concomitant need to manage access to many of those resources. In academia, the focus is on inter-university collaboration to support both research and education, and the access of licensed information resources from external content-holding organizations.

Shibboleth, a joint project of Internet2 and IBM, is developing an architectural framework and an associated open-source software prototype to support inter-institutional resource sharing subject to access restrictions. Shibboleth enables the secure exchange of interoperable authorization information, working hand-in-hand with existing campus-level authentication systems. Shibboleth combines a high level of granularity over the release of user attributes with robust logging support, meeting both academic expectations for privacy and publisher needs for accountability.

Developed within a framework of industry-supported security standards, such as SAML for attribute assertion, Shibboleth does not impose client-side software requirements aside from a common web browser. Its component-based design delivers a low overhead and a rapid implementation for content-providers and universities.

Now that the project has reached a stable architectural stage and coding is commencing, the DLF and CNI are inviting a cross section of publishers and resource providers to comment on the design and goals of Shibboleth.

return to top >>