A University Shibboleth Glossary: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(Created)
(Fixed table layout)
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{shib-project}}
This is an attempt to map terms commonly used in the wider Shibboleth community onto words or phrases for use within the University of Cambridge, notably in the Raven/Shibboleth service itself and in its documentation.
This is an attempt to map terms commonly used in the wider Shibboleth community onto words or phrases for use within the University of Cambridge, notably in the Raven/Shibboleth service itself and in its documentation.


<table border="1" cellpadding="5">
<table class="wikitable" cellpadding="5">


<tr valign="top">
<tr valign="top">
Line 10: Line 8:
<th>Description, notes</th>
<th>Description, notes</th>
</tr>
</tr>
<tr valign="top">
<td>Athens</td>
<td>Athens</td>
<td>An authentication system, run on JISC's behalf by EduServ, used to protect many (mainly Library-related) '''web sites'''.</td>
<tr>
<tr valign="top">
<td>Athens resource</td>
<td>Athens resource</td>
<td>A '''web site''' protected by Athens. Until October 2007, an 'Athens ID and password' (administered by the Library) was required to access Athens resource; access is now available using the '''Raven/Shibboleth''' service.</td>
<tr>


<tr valign="top">
<tr valign="top">
<td>Attribute</td>
<td>Attribute</td>
<td>Attribute</td>
<td>Attribute, or Information when used collectively</td>
<td></td>
<td>Items of information about people made available by the '''Raven/Shibboleth service''' to a '''web site'''</td>
<tr>
<tr>


Line 20: Line 30:
<td>eduPersonEntitlement,<br />ePE</td>
<td>eduPersonEntitlement,<br />ePE</td>
<td>Entitlement</td>
<td>Entitlement</td>
<td>An '''attribute''' carrying an arbitrary entitlement, typically specified by a resource, asserted on the user's behalf by '''the Raven-Shibboleth service'''. Or the value of such an '''attribute'''.</td>
<td>An '''attribute''' carrying an arbitrary entitlement, typically specified by a resource, asserted on the user's behalf by '''the Raven/Shibboleth service''', or the value of such an '''attribute'''.</td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td>eduPersonPrincipalName,<br />ePPN</td>
<td>eduPersonPrincipalName,<br />ePPN</td>
<td>Unique Identifier</td>
<td>eduPerson Principal Name</td>
<td>An '''attribute''' containing a persistent, unique user identifier which for a given user is the same for any '''resource''' to which it is released. Or the value of such an '''attribute'''.</td>
<td>An '''attribute''' containing a persistent, unique user identifier which for a given user is the same for any '''resource''' to which it is released, or the value of such an '''attribute'''. Has the form ''crsid''@cam.ac.uk.  We retain the 'eduPerson' part since the term eduPersonPrincipalName is likely to be used by external services.</td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td>eduPersonScopedAffiliation,<br/>ePSA</td>
<td>eduPersonScopedAffiliation,<br/>ePSA</td>
<td>Affiliation</td>
<td>Status</td>
<td>An '''attribute''' carrying one of a number of standard values reflecting a person's association with the University. Currently only carries the value ''member'' which is assigned to anyone in lookup. May eventually also carry ''staff'' and/or ''student'' as apropriate. Or the value of such an '''attribute'''.</td>
<td>An '''attribute''' carrying one of a number of standard values reflecting a person's association with the University. Currently only carries the value ''member'' which is assigned to anyone in lookup. May eventually also carry ''staff'' and/or ''student'' as appropriate, or the value of such an '''attribute'''.</td>
</tr>
</tr>


Line 38: Line 48:
<td>eduPersonTargetedID,<br />ePTID</td>
<td>eduPersonTargetedID,<br />ePTID</td>
<td>Anonymous identifier</td>
<td>Anonymous identifier</td>
<td>An '''attribute''' carrying a user identifier allocated at random and different for each combination of user and '''resource'''. Or the value of such an '''attribute'''.</td>
<td>An '''attribute''' carrying a user identifier allocated at random and different for each combination of user and '''resource''', or the value of such an '''attribute'''.</td>
<tr>
 
<tr valign="top">
<td>Service Provider,<br />SP</td>
<td>Resource</td>
<td>A web-based resource (web site, e-journal, databae, etc.) accessed via '''the Raven-Shibboleth service'''.</td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td>Shibboleth,<br />Shibboleth IdP</td>
<td>Raven</td>
<td>The Raven-Shibboleth service</th>
<td>Raven</td>
<td>As in "you need to authenticate using the Raven-Shibboleth service", used where it is necessary to  distinguish this from the Raven-Webauth service.</td>
<td>The University's authentication system for web-based resources. Since October 2007, '''Raven''' has provided both '''the Raven/Webauth service''' and '''the Raven/Shibboleth service'''.</td>
</tr>
 
<tr valign="top">
<td></td>
<td></td>
<td></td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td></td>
<td>The Raven/Webauth service</td>
<td></td>
<td>The Raven/Webauth service</td>
<td></td>
<td>The original service offered by '''Raven''' since it's release in 2004. This provides an authenticated CRSid (only), mainly to University web sites, using the Ucam-Webauth protocol. Used only where it is necessary to distinguish between this and '''the Raven/Shibboleth service'''.</td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td></td>
<td>Service Provider,<br />SP</td>
<td></td>
<td>Web site</td>
<td></td>
<td>A web-based resource (web site, e-journal, database, etc.) accessed via '''the Raven/Shibboleth service'''.</td>
<tr>
<tr>


<tr valign="top">
<tr valign="top">
<td></td>
<td>Shibboleth,<br />Shibboleth IdP,<br />IdP</td>
<td></td>
<td>The Raven/Shibboleth service</td>
<td></td>
<td>As in "you need to authenticate using the Raven/Shibboleth service", used only where it is necessary to  distinguish this from '''the Raven/Webauth service'''. This provides both authentication and authorisation information to web sites, currently mainly outside the University, using the Shibboleth protocol.</td>
<tr>
</tr>


</table>
</table>

Latest revision as of 15:29, 20 June 2012

This is an attempt to map terms commonly used in the wider Shibboleth community onto words or phrases for use within the University of Cambridge, notably in the Raven/Shibboleth service itself and in its documentation.

Shibboleth term Local term Description, notes
Athens Athens An authentication system, run on JISC's behalf by EduServ, used to protect many (mainly Library-related) web sites.
Athens resource Athens resource A web site protected by Athens. Until October 2007, an 'Athens ID and password' (administered by the Library) was required to access Athens resource; access is now available using the Raven/Shibboleth service.
Attribute Attribute, or Information when used collectively Items of information about people made available by the Raven/Shibboleth service to a web site
eduPersonEntitlement,
ePE
Entitlement An attribute carrying an arbitrary entitlement, typically specified by a resource, asserted on the user's behalf by the Raven/Shibboleth service, or the value of such an attribute.
eduPersonPrincipalName,
ePPN
eduPerson Principal Name An attribute containing a persistent, unique user identifier which for a given user is the same for any resource to which it is released, or the value of such an attribute. Has the form crsid@cam.ac.uk. We retain the 'eduPerson' part since the term eduPersonPrincipalName is likely to be used by external services.
eduPersonScopedAffiliation,
ePSA
Status An attribute carrying one of a number of standard values reflecting a person's association with the University. Currently only carries the value member which is assigned to anyone in lookup. May eventually also carry staff and/or student as appropriate, or the value of such an attribute.
eduPersonTargetedID,
ePTID
Anonymous identifier An attribute carrying a user identifier allocated at random and different for each combination of user and resource, or the value of such an attribute.
Raven Raven The University's authentication system for web-based resources. Since October 2007, Raven has provided both the Raven/Webauth service and the Raven/Shibboleth service.
The Raven/Webauth service The Raven/Webauth service The original service offered by Raven since it's release in 2004. This provides an authenticated CRSid (only), mainly to University web sites, using the Ucam-Webauth protocol. Used only where it is necessary to distinguish between this and the Raven/Shibboleth service.
Service Provider,
SP
Web site A web-based resource (web site, e-journal, database, etc.) accessed via the Raven/Shibboleth service.
Shibboleth,
Shibboleth IdP,
IdP
The Raven/Shibboleth service As in "you need to authenticate using the Raven/Shibboleth service", used only where it is necessary to distinguish this from the Raven/Webauth service. This provides both authentication and authorisation information to web sites, currently mainly outside the University, using the Shibboleth protocol.