Extending the Shibboleth identity management model with a networked user profile

In this paper we describe an extension of the Shibboleth (Internet2 federated identity management middleware) model that allows different Service Providers (SP) to manage the shared user profiles. Such profiles may be shared among multiple instances of the same SPs (e.g. multiple digital libraries) or by several different SPs (e.g. a digital library and an educational portal). The XML-encoded profiles are stored and managed by our Shibboleth extension - the profile provider (PP). It consists of two layers: a RESTful service for the profile management, and a communication module responsible for integration with the Shibboleth infrastructure. This way the PP provides a secure interaction also with systems that are not compatible with Shibboleth and is especially useful in Web 2.0 applications.