For Snapshot file, see attachments.
Summary:
The WebSSO project has three clearly targeted customers for piloting:
- Stellar 3
- Thalia
- Confluence Wikis
- MAP (which will encapsulate Shibboleth in Acegi for Spring apps, and be used by the other applications)
The scope includes Single Sign-on for MIT community users via certificate or Kerberos username/password, as well as external users that log on through another mechanism. Both Stellar 3 and Thalia have the external user requirement. External users are defined as people who need access to MIT web resources, but who do not (and should not) have MIT accounts and the full provisioning that goes with MIT accounts (email, AFS lockers, MIT ID, etc).
The general approach is to use Shibboleth at the application level and to provide two Identity Providers (IdP) that federate through Shibboleth so as to allow both MIT community users and external users. Th two Identity Providers being used for the pilot are:
- MIT version of WebAuth (open source from Stanford), which will support Kerberos username/password and certificate logins
- ProtectNetwork an external identity provider
In a later production version, MIT may develop its own Identity Provider.
The overall timeline is:
August 2007: pilot Shibboleth/WebAuth/ProtectNet with the 3 applications above, in a non-critical way
Jan 2008: begin development on MIT external user IdP
June 2008: development ends, testing for high availability begins
Aug 2008: production, open to MIT community
The most recent meeting to review this timeline is here: WebSSO Update Meeting - 5.8.07