Identity and Access Management
Identity and Access Management (IAM) refers to the processes and systems that are involved in the management of identities and information relating to identities, including authentication and authorization. Federated identity management deals with these processes and systems across organisations.
Shibboleth is an Internet2 project, part of their middleware activities. Shibboleth has been chosen as the architecture to use for Tuakiri.
Key concepts of Shibboleth are:
- Federated administration
- Access control based on attributes
- Privacy management
- A framework for multiple, scalable trust and policy sets (federations)
- A standard (yet extensible) attribute value vocabulary
Internet2 provide in-depth information on how Shibboleth works. They also provide detailed configuration information for Shibboleth identity and service providers on their wiki. However, for deployment of Shibboleth in Tuakiri, there are Tuakiri-specific installation guides for identity providers and service providers.
SAML stands for Security Assertion Markup Language. Shibboleth 2.x is an implementation of the SAML 2.0 Web SSO and attribute exchange profiles. SAML specifications can be found on the the OASIS website.
uApprove is a Shibboleth IdP add-on that shows the user which of their attributes will be released to the service they are trying to access. Visit the uApprove website for more information. Implementation instructions for Tuakiri can be found in the IdP 2.x installation guide.