Child pages
  • Technical Background Information
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Technical Background Reading

Identity Management

Identity management (IdM) refers to all processes and systems that are involved in the management of identities and information relating to identities, including authentication and authorization. Federated Identity Management deals with these processes and systems across organisations.

Animation about Federated IdM

Unfamiliar with the concept of federated IdM?

Unknown macro: {link-window}

This animation

from JISC and the UK Access Federation explains what an IdM federation is all about.

IdM Toolkit

For more information how to do IdM within your organisation we refer to the excellent

Unknown macro: {link-window}

IdM Toolkit

created by JISC (UK).


Shibboleth is an Internet2 project, part of their middleware activities.

Shibboleth has been chosen as the architecture to use for the NZ Access Federation.

Key concepts of Shibboleth are:

  • Federated administration
  • Access control based on attributes
  • Privacy management
  • A framework for multiple, scalable trust and policy sets (federations)
  • A standard (yet extensible) attribute value vocabulary

The original Internet2 Shibboleth documentation links to installation and configuration guides on the Shibboleth Wiki. However, for deployment of Shibboleth within the NZ federation, follow the NZ specific deployment information for Identity Providers and Service Providers.

More Internet2 information:


SAML stands for Security Assertion Markup Language. Shibboleth 2.x is an implementation of the SAML 2.0 Web SSO and attribute exchange profiles. For the SAML specifications, see the OASIS website.


uApprove is Shibboleth add-on that enables user consent on attribute release. Visit the uApprove website for more information. Implementation instructions for the NZ federation can be found in the IdP 2.x set-up guide.

  • No labels