190 likes | 376 Views
Joining the UK Access Management Federation. 4th April 2007 Mark Tysom, UKERNA. Overview. What is the UK Federation? Benefits Eligibility Suggested approach Methods of participation Application process Membership. What is the UK Federation?. A set of Rules that binds members:
E N D
Joining the UK Access Management Federation 4th April 2007 Mark Tysom, UKERNA
Overview • What is the UK Federation? • Benefits • Eligibility • Suggested approach • Methods of participation • Application process • Membership
What is the UK Federation? • A set of Rules that binds members: • Make accurate statements to other members • Keep federation systems and data secure • Use personal data correctly (inc. DPA1998) • Resolve problems within the Federation • Not by legal action • Assist Federation Operator and other members
What is it used for? • Allows a browser user to access protected online resources based on information asserted by their home organisation. • Allows providers of online resources to control access to their services.
The UK Federation • Launched November 2006 • For UK schools, FE, HE and research • Organisations and providing online services to these sectors • Funded by JISC and Becta • Operational management by UKERNA
What are the benefits? • Centrally funded • Access to resources from anywhere • Provides consistency across the whole of education for AuthN & AuthZ • Can be used to protect internal resources • At least one less password to remember • Improves the user experience • Facilitates sharing of content and collaboration across sectors
Who is eligible to join? • Colleges and universities • Local Authorities with responsibility for the schools sector • Research council funded establishments • Other publicly funded bodies subject to support from relevant authorities • Commercial and other organisations providing online services to these sectors
Considerations • Review your identity management strategy • for example, how many directories you have and who owns them? • Build the business case • JISC will cease to centrally fund Athens in July 2008
The six steps • Review ID management strategy 2. Develop user directories: to hold user’s status/entitlements/etc 3. Authentication development: implement an institutional web authentication system
The six steps 4. Implement compatible Identity provider software linked to organisational directory and authentication systems 5. Join the federation: apply for membership and sign up to federation rules. 6. Deployment and roll out: staff training, user guides, etc.
Participation • In-house • Deploy own IdP infrastructure • Out-source • Purchase IdP service from a third party
Pros and cons: In-house • Benefits • Retain strategic control over ID management • Convergence of internal/external ID management • Easier to comply with data protection regulations • Considerations • May require significant effort to consolidate authentication and authorisation infrastructure • New technology to learn and deploy
Pros and cons: Outsourced • Benefits • Enables participation in the Federation with less effort than taking the in-house route • Considerations • Effort required to manage user information • Both the organisation and outsourcing third party must be federation members • User experience may be impaired – less intuitive • Diminution of strategic control
What do I need to do to join? • Identify your host organisation (the legal body that will sign the rules of membership) • Arrange for your host organisation to sign the rules of membership and nominate • Executive liaison who agrees, on behalf of the organisation, to be bound by the rules of membership • Management liaison who registers entities • Obtain an X.509 server certificate • Once membership accepted, management liaison can register entities • Details of the entity added to federation metadata
Support • JANET Customer Services Helpdesk: - Joining the federation - Registering entities - Trouble shooting metadata • Internet 2 team and Shibboleth community: - general Shibboleth and Shib-related queries
Current Membership • 22 institutional IdPs • 13 SPs • 18 in the pipeline
Further Information • Website • www.ukfederation.org.uk • E-mail lists • Ukfederation-announce@jiscmail.ac.uk • Ukfederation-discuss@jiscmail.ac.uk
Questions? • Website • www.ukfederation.org.uk • E-mail lists • Ukfederation-announce@jiscmail.ac.uk • Ukfederation-discuss@jiscmail.ac.uk