Shibboleth Attribute Release Policy Editor (ShARPE)

New ShARPE v1.b is now available, please check http://www.mams.org.au/confluence/display/SHA/ShARPE for more information. ShARPE is developed as part of the collaboration between MAMS and Shibboleth. ShARPE's aim is to manage the creation and maintenance of user's attributes as defined by Attribute Release Policy (ARP) mechanism of Shibboleth. In particular, ShARPE allows admins and users to easily manage their release attribute policy in a way that conforms to their privacy and satisfaction of users in gaining the services that they want (on service provider end) To do the crosswalk between different directory schemas mappings have to be defined. This can be achieved using the Crosswalker.

ShARPE is also an extension of Shibboleth providing other functionalities that are not existence in current Shibboleth, such as:

• ability for admin to manage ARPs without manual editing of XML files
• ability for users to manage their ARPs and extending what admin has set for them (institutional and group/community wide policy)
• ability to process group policy for users, i.e. Physics administrator may allow or disallow certain attributes to be released for all members in the Physics department
• ability to perform mapping of attributes from different schemas from simple mapping to complex one, i.e. IdP may define the attribute as mail but SP may understand it as email
• inform admin and users on services they receive in return for their attributes, before they release anything
• visualization of user's attributes (what user has, what rules in ARP, what released), via WebSharpe

ShARPE and Autograph are part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

ShARPE and Autograph are licensed under Apache License, Version 2.0

ShARPE is composed of 3 components, SharpeCore, WebSharpe, and Autograph.

WebSharpe is a web interface for Sharpe to allow user and admin to interact with ShARPE. ShARPE can be fully functional without WebSharpe, however its use as user interface to ShARPE is recommended.

WebSharpe allows user and admin to:

• create/manipulate ARP to govern release of attributes from IdP to a particular service at SP
• modify the release of a particular attribute
• overrule the release of particular attribute when it was set by admin
• visualize what attributes released and how the ARPs affect the attributes

Autograph is another web interface that interacts with SharpeCore to illustrate the usage of idCard. The idea is that user would have lots of idCard to be use when s/he visits a SP. User can specify at the IdP which idCard to use for certain SP. Each idCard would have certain details containing user's attributes specifically agreed by user to be released for the SP. For example, I am a professor at university A and also a member of IEEE. When I visit an online bookshop (SP), I may choose idCard with some attributes that reveal the fact I am working in university environment only, however when I go to university's affiliated sites, I may use another idCard that specifies my membership in IEEE.

SharpeCore is the core component of ShARPE. It sits ontop of current Shibboleth IdP and access/manipulate configuration files as used by the IdP. Introduction of SharpeCore would enable any IdP to benefit Sharpe's capabilities.

What to do next

1. Download page to fetch the software
2. Installation of ShARPE
3. Uninstallation of ShARPE
4. How to use ShARPE
5. How to use Autograph
6. Visual tours of ShARPE
7. Installation of SP Description Editor (optional)
8. Test-drive at OpenShARPE
9. Extra (advanced) configuration of ShARPE
10. ShARPE Mailing List
11. Identity Provider Management Suite

-- BrucLiong - 24 Apr 2006
to top