Technical Background Reading
Identity Management
Identity management (IdM) refers to all processes and systems that are involved in the management of identities and information relating to identities, including authentication and authorization. Federated Identity Management deals with these processes and systems across organisations.
Animation about Federated IdM
Unfamiliar with the concept of federated IdM? This animation from JISC and the UK Access Federation explains what an IdM federation is all about.
IdM Toolkit
For more information how to do IdM within your organisation we refer to the excellent IdM Toolkit created by JISC (UK).
Shibboleth
Shibboleth is an Internet2 project, part of their middleware activities.
Shibboleth has been chosen as the architecture to use for the NZ Access Federation.
Key concepts of Shibboleth are:
- Federated administration
- Access control based on attributes
- Privacy management
- A framework for multiple, scalable trust and policy sets (federations)
- A standard (yet extensible) attribute value vocabulary
The original Internet2 Shibboleth documentation links to installation and configuration guides on the Shibboleth Wiki. However, for deployment of Shibboleth within the NZ federation, follow the NZ specific deployment information for Identity Providers and Service Providers.
More Internet2 information:
- Shibboleth Technology Deployers Info
- Shibboleth Security Advisories
SAML2
SAML stands for Security Assertion Markup Language. Shibboleth 2.x is an implementation of the SAML 2.0 Web SSO and attribute exchange profiles. For the SAML specifications, see the OASIS website.
uApprove
uApprove is Shibboleth add-on that enables user consent on attribute release. Visit the uApprove website for more information. Implementation instructions for the NZ federation can be found in the IdP 2.x set-up guide.