Net-people and CSS-DEV subscribers:
As discussed at last Thursday's net-people meeting, we are beginning the
process of phasing out the Central Authentication Hub (a/k/a CAH or
"Internet Login") web authentication service in favor of the newer,
standards-based Shibboleth service.
This week, we will be sending email to contacts for applications using
CAH requesting information on the languages, platforms, and packages
that they are using to implement CAH authentication. We will use this
information in developing the timelines for retiring CAH and for
anticipating and focusing needs for transition support.
We strongly encourage everyone who is responsible for a CAH-protected
service to watch for these emails and to respond to them. If you
expected to get one but still haven't by the end of Thursday, June 17,
then please contact us at [log in to unmask] with a list of your servers and/or
modules that you expected to hear about, and we'll try to track down
where it was sent.
We have created a site on UMWiki as a place to collect information about
the Shibboleth service:
We have seeded the site with some links to Shib and SAML, as well as a
few other bits of information that might be useful. We will continue to
add more content to the wiki over time, and encourage everyone to
participate in updating it with information you think others would find
One advantage that Shib has over CAH is that it is based on the SAML
standard. Thus, there are several commercial and open-source
implementations, toolkits, and app plugins that you can use to
Shibbolize your application. The wiki is a great place to share links
to this software.
The timeline for retiring CAH has not been finalized yet. It will
probably be at least a year before the plug is pulled, but now is the
time to learn about Shib/SAML and start thinking about application
conversion. Also, new applications should be set up to use Shib instead
of CAH, to avoid having to convert them later.
So please keep an eye out for our information request email, and send
questions to us at [log in to unmask] If you feel they might be of interest
to the broader community, feel free to reply here. Either way, we will
try to incorporate answers into the wiki as appropriate. Future
announcements regarding this change will be sent to these lists
(net-people and CSS-DEV), and perhaps other places.
%% Christopher A. Bongaarts %% [log in to unmask] %%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%