Identity management (IdM) refers to all processes and systems that are involved in the management of identities and information relating to identities, including authentication and authorization. Federated Identity Management deals with these processes and systems across organisations.
Unfamiliar with the concept of federated IdM?
from JISC and the UK Access Federation explains what an IdM federation is all about.
For more information how to do IdM within your organisation we refer to the excellent
created by JISC (UK).
Shibboleth has been chosen as the architecture to use for the NZ Access Federation.
Key concepts of Shibboleth are:
- Federated administration
- Access control based on attributes
- Privacy management
- A framework for multiple, scalable trust and policy sets (federations)
- A standard (yet extensible) attribute value vocabulary
The original Internet2 Shibboleth documentation links to installation and configuration guides on the Shibboleth Wiki. However, for deployment of Shibboleth within the NZ federation, follow the NZ specific deployment information for Identity Providers and Service Providers.
More Internet2 information:
SAML stands for Security Assertion Markup Language. Shibboleth 2.x is an implementation of the SAML 2.0 Web SSO and attribute exchange profiles. For the SAML specifications, see the OASIS website.
uApprove is Shibboleth add-on that enables user consent on attribute release. Visit the uApprove website for more information. Implementation instructions for the NZ federation can be found in the IdP 2.x set-up guide.