1 / 42

Connecting People to Resources

Connecting People to Resources. Federated Access Management within the UK. Nicole Harris Senior Services Transition Manager, JISC. Connecting People to Resources. OVERVIEW. A summary.

romney
Télécharger la présentation

Connecting People to Resources

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Connecting People to Resources Federated Access Management within the UK Nicole HarrisSenior Services Transition Manager, JISC

  2. Connecting People to Resources OVERVIEW

  3. A summary • JISC has published its intention to centrally support federated access management from July 2008 as the preferred access management system within UK Higher and Further education. • This will be enabled by the UK Access Management Federation, to be run by UKERNA: www.ukfederation.org.uk. • The federation is ‘technology neutral’ in terms of what systems an institution uses as long as it is SAML compliant: Shibboleth, Guanxi, AthensIM, Athens gateways (but potentially iChain and other commercial systems). • JISC will fund Athens until July 2008, after which institutions will be required to pay a subscription for ‘classic’ Athens and AthensDA (and other new Athens resources such as ‘Atacama’). • JISC is funding Eduserv to provide gateways between Athens and the UK Access Management Federation to allow Service Providers and Institutions to continue using Athens if they so chose. • Authentication is devolved to the institution: the institution needs to be able to authenticate every user who is entitled to access institutional resources. • Authorisation is handled by an exchange of information between an institution and service provider: the institution needs to know exactly what each and every user is entitled to access.

  4. Why federated access management? • Moves closer to the single sign-on ideal. Users need not remember so many passwords as they use their institutional username and password to access external, internal and collaborative resources • Aligns with international convergence on Shibboleth/SAML - wider market for suppliers • Avoids the need to maintain a central Athens-type database of registered users- by JISC/Eduserv and by participating libraries • Open Source tools are available- so tools can be developed by participants and shared • Commercial tools are available - for those who do not wish to use open source solutions • Can be used for collaborative access to institutional resources - solves problem of how you allow access to your resources to other institutions WITHOUT having to register people as members of your institution. • Free at the point of use for all members of the UK Access Management Federation.

  5. Why Has JISC Chosen this Route? • Extensive research proved this to be the most appropriate technology. Meets the defined criteria for an access management system within the UK: • Internal (intra-institutional) applications (mostly through SSO system) • Management of access to third-party digital library-type resources (as now) • Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios) • Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs) • International take-up secures future of development and support. • International take-up provides economies of scale through work in partnership.

  6. Why Is this Strategically Important?Key Messages • Federated access management system key deliverable within the current JISC strategy. • Implementation will require institutional effort, and should be recognised within institutional IT strategies. • Federated access management is required to meet other strategic requirements: • DfES e-Strategy and e-Learning goals (such as e-Portfolios and e-Learning collaborations) • HEFCE e-Learning Strategies • Science and Innovation Investment Framework • National take-up: interaction with BECTA and the schools sector, and increasingly with NHS. • International take-up: importance of cross-working with Europe, US and Australia.

  7. IMPACT • CHANGE • JISC support for Athens will not be available to institutions after July 2008. • INSTITUTIONAL / SERVICE PROVIDER EFFORT • To put in place the relevant parts of the system to allow devolved authentication. • CHOICE • Of technologies. The federated access management system will not dictate the choice of single sign-on, directory system or environment in which you work. • JOIN-UP • Across domains (e-Learning, e-Research and Information Environments) and across systems (for internal, external and collaborative access management) • IMPROVEMENTS • Standards based approach to access management improving flexibility. • Real single sign-on, improved directory systems, foundation blocks for secure collaboration.

  8. Connecting People to Resources STATISTICS

  9. Reviewing Readiness: Independent Review How many institutions will adopt federated access by July 2008? (FE figures: Scotland, Wales and Northern Ireland only) “ The Sunday Times University Guide was used as a measure of the top 20 Universities. Of the top 20, information on institutional position was obtained for 18. Of the 18, 8 are early adopters of FAM, 9 plan to adopt by July 2008, 1 is interested but has no current plans to adopt. “

  10. Federation Stats: 16th April 2007 • 51 MEMBERS. • 29 ‘Core’ Institutional Members.

  11. Predicted Adoption

  12. Connecting People to Resources CHOICES

  13. Option 1 and 2: Roadmap for Institutions

  14. Choices for Service Providers

  15. Option 3: The Gateways ATHENS INSTITUTION ATHENS CENTRAL ATHENS PROTECTED RESOURCE SP Gateway IdP Gateway UK ACCESS MANAGEMENT FEDERATION FEDERATED RESOURCE FEDERATED INSTITUTION

  16. UK Federation Core Attributes

  17. Gateway Attributes • Athens Identity Providers accessing Shibboleth Service Providers can use: • eduPersonScopedAffiliation. • eduPersonTargetedID. • Shibboleth Identity Providers accessing Athens Service Providers can use: • eduPersonTargetedID. • eduPersonEntitlement (full permission set). • All other scenarios can make use of appropriate attributes as required. Not limited to core set.

  18. Connecting People to Resources EXAMPLES

  19. Connecting People to Resources INDEX TO THE TIMES: EDINA

  20. Shibboleth Access via a WAYF for external services And where they are from

  21. Connecting People to Resources JSTOR

  22. JSTOR Example: Service Provider Developed WAYF

  23. Connecting People to Resources SCIENCE DIRECT

  24. Shibboleth behind a library portal for external services

  25. Shibboleth behind the library portal

  26. Shibboleth behind the library portal

  27. Connecting People to Resources LANDMAP: MIMAS With thanks to Ross Macintyre

  28. Connecting People to Resources SUPPORT

  29. Support Resources • www.jisc.ac.uk/federation and jisc-shibboleth@jiscmail.ac.uk. • ‘shib-enable-vendor’ lists: contact Jane Charlton @ JISC for more information. • Briefing Paper – available on the JISC stand. • Federated Access Management Animation. • Service Provider process map: available on the JISC website.

  30. www.ukfederation.org.uk www.jisc.ac.uk/federation.html n.harris@jisc.ac.uk j.charlton@jisc.ac.uk

More Related