2 Software

2.1 Choice of Software

The UK federation uses the Security Assertion Markup Language (SAML) standards1 for the communication of authentication, entitlement and attribute information. The core of the federation is implemented using the Shibboleth software2 from the Shibboleth Consortium. It is recognised, however, that any particular software implementation may not be suitable for all participants, and federation members may deploy any software that meets their specific service goals.

It is likely that organisations which regularly update their implementations to use the latest version of the Shibboleth software will continue to benefit from the widest range of interoperability options with other federation members. Other software, however, may well be better suited to particular operating environments. It is the member organisation’s responsibility to ensure that the software chosen for their deployment can interoperate with those other members of the federation that are important to their service aims.

Whichever software you choose, you should maintain it by, for example, applying security patches to it in a timely fashion. We strongly recommend upgrading your software as necessary, to stay current with software versions for which security patches are available from the vendor.

This applies not only to the identity and access management layer (Shibboleth or other software) but also to the underlying system software such as web servers, database and directory software, and operating systems.

  1. See http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security 

  2. See http://shibboleth.net/