Penn State Intercom......November 21, 2002

Shibboleth links University to N.C. State

By Heather Herzog
and Debbie Ingram
Information Technology Services

This fall semester Information Technology Services (ITS) and the Department of Physics are piloting an Internet2-sponsored project called Shibboleth -- a sophisticated computer architecture designed to facilitate the secure sharing of resources between institutions.

The pilot represents the first time Shibboleth has been used successfully by two universities to facilitate college course transactions, and is currently enabling 1,200 Penn State students enrolled in Physics 001, 213 and 214 to access resources at North Carolina State University to complete their course assignments.

The Shibboleth system, developed as a separate initiative by member schools and corporate partners of the Internet2 consortium, was conceived to provide education, government and business organizations with a solution for exchanging digital information in a secure and privacy-preserving manner. Shibboleth was selected for the Penn State/North Carolina pilot due to its unique ability to ensure the security of students' electronic interactions, while simultaneously enabling institutions with different security and authentication systems to communicate with one another.

"The core concept of Shibboleth is federated administration, which among other functions employs a 'trust model' of security," said Reneé Shuey, systems engineer at ITS. This trust model uses "attributes" about the user, rather than the user's actual identity, to determine who can and cannot access targeted information, according to Shuey.

When a student or staff member at one institution tries to use a resource at another, Shibboleth sends attributes about the person (for example, "physics faculty member" or "Penn State student") to the remote destination. In turn, the destination uses the same attributes to decide whether or not to grant access, thereby protecting the user's identity.

The pilot has been enormously successful, commented John Hopkins, who instructs physics students at Penn State.

"In the past, we used a different system to access information at North Carolina and at the beginning of every semester our help desks would be inundated with student questions. After two months of using Shibboleth (which replaced the old system) we saw an 80 percent to 85 percent drop in our help desk calls. That's an incredible return, freeing up instructors and staff for other responsibilities."

Another important aspect of Shibboleth is that it allows institutions with different types of IT architecture and security systems to easily collaborate with each other on Web-based projects.

The Shibboleth software was developed under the auspices of the National Science Foundation's Middleware Initiative. The National Science Digital Library, a major NSF educational initiative, will use Shibboleth in its infrastructure for accessing customized or restricted content and services.

The Penn State Shibboleth project and other implementations of the new system were recently demonstrated at the Fall 2002 Internet2 Member Meeting.

For more information about Shibboleth and Internet2, check the Web at http://internet2.edu/. For more information about Information Technology Services, check the Web at http://its.psu.edu/.


Heather Herzog can be reached at heh4@psu.edu. Debbie Ingram can be reached at dfi1@psu.edu.

Back