Appended below is a call for participation in an alpha test of the new
Shibboleth distributed access management protocol.  Shibboleth promises a
dramatically enhanced  model for securing access to distributed library
resources over the current practice of filtering on IP address and use of
proxy servers.  The DLF Steering Committee discussed Shibboleth at its last
meeting, and agreed upon Shibboleth's strategic importance for the
Federation and for digital libraries.

We hope that one or more DLF members will be interested and willing to
participate in this important pilot project.

Call For Participation:
Using Shibboleth to Improve Collaboration and Management of Content Access
This is an invitation to a modest number of universities to participate in
a pilot to explore the use of Shibboleth in a variety of academic settings.
Shibboleth is an initiative by Internet2 member universities to develop and
deploy new middleware technologies that can facilitate inter-institutional
collaboration and access to digital content. It supports a new model for
access management control that is designed to be both scalable and easily
administered for both campuses and content providers. More information on
Shibboleth can be found on the Internet2 middleware web site
1. Goals for the pilot phase include:
a)..Work with the Coalition for Networked Information (CNI), the Digital
Library Foundation (DLF) and digital library resource providers to evaluate
the use of Shibboleth in enhancing management of content access. Five major
academic service providers, including EBSCO, Elsevier, and SFX, are
interested in evaluating the use of Shibboleth and will install target
services to support the pilot. RLG and OCLC will be investigating the
installation of target services to support the pilot. Together the service
providers share a number of similar access control requirements, though
each provider has some specific functionalities (such as role-based
cataloging) with their customers that they would like to exercise in the
pilot. The DLF has endorsed Shibboleth as a standard in which the DLF has
significant interest. CNI views Shibboleth as an extremely important and
promising emerging technology to meet some critical needs within the
research and education community.
b)..Facilitate sharing of instructional materials between
institutions. Classes often want to share instructional web site materials
on a restricted basis (e.g. class notes, preprints, copyrighted materials,
etc.) and find current mechanisms cumbersome and a barrier.
c)..Develop approaches to multi-institutional services and processes. Many
research groups draw members from multiple institutions. Many universities
have research data centers that aggregate and disseminate information from
other institutions, whether administrative (sharing of budget information)
or academic (retention information, transcripts, etc).

2. Participants in the pilot must have the following capabilities:
a)..Meet the technical requirements (see Section 5. below)
b)..Be willing to install and manage Shibboleth alpha-code.
c)..Be willing to help shape, and then implement, policies required to
permit the exchange of information about members of university communities.
d)....Campuses may deploy either origin services (i.e. campus members
gaining access to external resources) or target services (i.e. allowing
external users to gain access to campus-based resources). We are most
interested in sites intending to operate in both roles.

3. Timeframes and resource commitments: It is anticipated that the pilot
will begin July 26, 2002, with alpha-code being made available to sites
when selected. The pilot will be active throughout the summer, with release
of the Shibboleth v1.0 code scheduled for the end of September, 2002. If
the pilot services prove of value, it is likely that the service models
developed will emerge as a production service.

4. Selection criteria: University participants will be selected by three
a)..Participants will need to meet the requirements of the testbed
specified in Section 2 above. (Please refer to Section 5 for further
b)..Participants will be selected partially on the basis of presenting a
diversity of technical and organizational environments in which to refine
Shibboleth policies and tools.
c)..The number of interactions that may be served with Shibboleth among the
participants with the content providers and each other.

5. Technical Requirements:
a. Technical Requirements for Resource Providers
Solaris (2.6 or 2.8) or Linux platform
Apache Web Server 1.3.x with dynamic loadable module support (mod_so)
and compiled with EAPI turned on
Java JDK 1.3
Tomcat 3.3
Will need to provide a certificate corresponding to the signing
key provided to Shibboleth
b. Technical Requirements for Origin Sites
Solaris (2.6 or 2.8) or Linux Platform
Apache Web Server 1.3.x with dynamic loadable module support (mod_so)
and compiled with EAPI turned on
Java JDK 1.3
Tomcat 3.3
An enterprise authentication system, connected to web server
An enterprise directory, preferably ldap based, supporting eduPerson
1.0 or 1.5
(optional) MySQL
Will need to provide a certificate corresponding to the signing
key provided to Shibboleth
Interested institutions are asked to submit brief letters of interest to
George Brett ([log in to unmask]) or Renee Frost ([log in to unmask]) by
July 12. Letters should include a short description of the campus
authentication and web service authorization environment, identification
of technical and management project leads, a description of the
institutional involvement with the set of content providers in Section 1.a
above, as well any other projects where you intend to evaluate the
application of Shibboleth, both inter and intra campus.