On March 16, 2011, BCcampus and Simon Fraser University(SFU) went into production with a new mechanism that will permit SFU students and employees to use the SFU login system in order to access BCcampus services that require authentiation. This federated identity system is called Shibboleth:
“The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.”
An immediate use for SFU faculty is the ability to use their SFU identity credentials to log into the BCcampus SOL*R learning object repository. There are several advantages to this approach:
- This is more convenient for SFU users as they need not maintain a separate BCcampus account;
- It enhances privacy and security because only SFU systems are accessed to verify user credentials and to supply the user information that is needed for BCcampus to provide the requested service (such as name, student #, employment status); No user credentials (such as passwords, birthdates) need to be known to or stored by BCcampus systems;
- BCcampus user account maintenance processes are streamlined (no need to expire accounts when user status changes, support lost passwords, etc.);
- Significantly, SFU will not need to implement custom authentication in order for SFU students/employees to be able to utilize some BCcampus services that they would be authorized to use. Basically, the Shibboleth mechanism put in place performs the key functions of the Validate Student Connector transaction that would otherwise require considerable institutional effort, server implementation and associated ongoing maintenance.
Next steps will include adding more BCcampus services to this capability (such as Adobe Connect), and discussing with HEITBC members options for implementing Shibboleth at other B.C. post-secondary institutions.