The 29th IPP Symposium

Shibboleth--A New Model for Controlling Access to Web-Based Resources

Steven Carmody, Brown CIS

Shibboleth is an Internet2-sponsored project that is developing an architecture, policy structures, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. It is a functioning SAML (security attributes markup language) instantiation supporting federated administration with privacy built into the design. While the norm on the Internet has been to control access via identity, Shibboleth has developed a framework that more closely mirrors the physical world, where a wide variety of attributes (separate from identity) can be used to gain access to services .A key issue for Shibboleth has been to explore how people manage their privacy and when they are willing to trade off privacy for services.