Authentication and Authorization with Shibboleth

Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a federation. This allows for cross-domain single sign-on and removes the need for content providers to maintain user names and passwords. Identity providers (IdPs) supply user information, while service providers (SPs) consume this information and get access to secure content. (Source: wikipedia.com)
The Assertions which are issued after authentication are valid for a limited period of time (similar to a Kerberos-ticket) and are saved in the user's browser. This way, a Web-SSO (Single Sign On) is rendered possible. There are organisations which employ Shibboleth just because of this Web-SSO feature without even joining a federation.
DAASI International has aquired great expertise in using Shibboleth over the years: Not only were we consultants in the development of the DFN-AAI, a germany-wide federation of universities and academies, but we also developed the Nds-AAI, a federation of all universities and academies in Lower Saxony (German federal State).