terena networking conference 2010


Virtual Organizations: A New Implementation Approach Using SAML Attribute Aggregation

There have been many approaches to implement Virtual Organizations (VOs) for SAML based infrastructures. Most of them are either relying on proprietary protocols, force VO applications to use a library and thus require application modifications or their administration interfaces were initially designed for different purposes.

We show a new approach to implement VOs mainly using Shibboleth's attribute aggregation feature. The solution is based on pure SAML, won't require an API or library and uses standard Shibboleth components in combination with a specifically designed administration interface. Applications have only to be modified to make use of additional information available in the environment (aka domestication).

With our approach we provide VOs for collaborating users from multiple institutions.