 |
 |
Appended below is a call for participation in an alpha test of the new Shibboleth distributed access management protocol. Shibboleth promises a dramatically enhanced model for securing access to distributed library resources over the current practice of filtering on IP address and use of proxy servers. The DLF Steering Committee discussed Shibboleth at its last meeting, and agreed upon Shibboleth's strategic importance for the Federation and for digital libraries. We hope that one or more DLF members will be interested and willing to participate in this important pilot project. ---------------- Call For Participation: Using Shibboleth to Improve Collaboration and Management of Content Access This is an invitation to a modest number of universities to participate in a pilot to explore the use of Shibboleth in a variety of academic settings. Shibboleth is an initiative by Internet2 member universities to develop and deploy new middleware technologies that can facilitate inter-institutional collaboration and access to digital content. It supports a new model for access management control that is designed to be both scalable and easily administered for both campuses and content providers. More information on Shibboleth can be found on the Internet2 middleware web site (http://middleware.internet2.edu/shibboleth). 1. Goals for the pilot phase include: a)..Work with the Coalition for Networked Information (CNI), the Digital Library Foundation (DLF) and digital library resource providers to evaluate the use of Shibboleth in enhancing management of content access. Five major academic service providers, including EBSCO, Elsevier, and SFX, are interested in evaluating the use of Shibboleth and will install target services to support the pilot. RLG and OCLC will be investigating the installation of target services to support the pilot. Together the service providers share a number of similar access control requirements, though each provider has some specific functionalities (such as role-based cataloging) with their customers that they would like to exercise in the pilot. The DLF has endorsed Shibboleth as a standard in which the DLF has significant interest. CNI views Shibboleth as an extremely important and promising emerging technology to meet some critical needs within the research and education community. b)..Facilitate sharing of instructional materials between institutions. Classes often want to share instructional web site materials on a restricted basis (e.g. class notes, preprints, copyrighted materials, etc.) and find current mechanisms cumbersome and a barrier. c)..Develop approaches to multi-institutional services and processes. Many research groups draw members from multiple institutions. Many universities have research data centers that aggregate and disseminate information from other institutions, whether administrative (sharing of budget information) or academic (retention information, transcripts, etc). 2. Participants in the pilot must have the following capabilities: a)..Meet the technical requirements (see Section 5. below) b)..Be willing to install and manage Shibboleth alpha-code. c)..Be willing to help shape, and then implement, policies required to permit the exchange of information about members of university communities. d)....Campuses may deploy either origin services (i.e. campus members gaining access to external resources) or target services (i.e. allowing external users to gain access to campus-based resources). We are most interested in sites intending to operate in both roles. 3. Timeframes and resource commitments: It is anticipated that the pilot will begin July 26, 2002, with alpha-code being made available to sites when selected. The pilot will be active throughout the summer, with release of the Shibboleth v1.0 code scheduled for the end of September, 2002. If the pilot services prove of value, it is likely that the service models developed will emerge as a production service. 4. Selection criteria: University participants will be selected by three criteria: a)..Participants will need to meet the requirements of the testbed specified in Section 2 above. (Please refer to Section 5 for further detail.) b)..Participants will be selected partially on the basis of presenting a diversity of technical and organizational environments in which to refine Shibboleth policies and tools. c)..The number of interactions that may be served with Shibboleth among the participants with the content providers and each other. 5. Technical Requirements: a. Technical Requirements for Resource Providers Solaris (2.6 or 2.8) or Linux platform Apache Web Server 1.3.x with dynamic loadable module support (mod_so) and compiled with EAPI turned on Java JDK 1.3 Tomcat 3.3 OpenSSL Will need to provide a certificate corresponding to the signing key provided to Shibboleth b. Technical Requirements for Origin Sites Solaris (2.6 or 2.8) or Linux Platform Apache Web Server 1.3.x with dynamic loadable module support (mod_so) and compiled with EAPI turned on Java JDK 1.3 Tomcat 3.3 OpenSSL An enterprise authentication system, connected to web server authentication An enterprise directory, preferably ldap based, supporting eduPerson 1.0 or 1.5 (optional) MySQL Will need to provide a certificate corresponding to the signing key provided to Shibboleth Interested institutions are asked to submit brief letters of interest to George Brett ([log in to unmask]) or Renee Frost ([log in to unmask]) by July 12. Letters should include a short description of the campus authentication and web service authorization environment, identification of technical and management project leads, a description of the institutional involvement with the set of content providers in Section 1.a above, as well any other projects where you intend to evaluate the application of Shibboleth, both inter and intra campus.