Trans-Atlantic Shibbing

1. “The critical requirement, to enable advanced role-based access management to licensed resources, is agreement that we all call a student a student” Adoption of standard directory descriptions by F&HEIs, for all their registered members, will enable use of Shibboleth and other role-based access management technologies, as part of a growing global community UKeduPerson: www.angel.ac.uk/UKeduPerson delivered by funded by Trans-Atlantic Shibbing Supporting British Institutions Towards Better Access Management • Middleware and Shared Services Studies (2004) • Digital Rights Management (Intrallect Ltd) • Institutional Profiling and Terms and Conditions (EDINA) • Evaluation of single sign-on technologies (Edinburgh) • Feasibility of a national certificate issuing service (EDINA) • Policy creation tools for the PERMIS authorisation framework (Salford) • UK assessment of eduPerson and related schemas (LSE) • www.jisc.ac.uk/index.cfm?name=prog_middss_studies • Core Middleware: Technology Development Programme • DYCOM - collaborations within dynamic Virtual Organisations • DYVOSE: Dynamic Virtual Organisations in e-Science Education • Groups Manager • KC-ROLO - Kidderminster College Repository of Learning Objects • PERSEUS: Portal-Enabled Resources via Shibbolized End-User Security • SDSS: Shibboleth Development and Support Services • SIPS: Seamlessly Integrating PERMIS and Shibboleth • www.jisc.ac.uk/index.cfm?name=programme_middleware • Core Middleware: Infrastructure • Shibbolized National Data Services • Athens  Shibboleth Transitional Planning • Campus Preparation & Support • www.jisc.ac.uk/index.cfm?name=programme_middleware • Implications for UK infrastructure • No more dependency on the VERY LARGE centralised database of Athens • Need for implementation of a national WAYF service (better than current end-user interface models) • Lower shared costs? (but greater costs devolved to institutions) • Scoping the need • HE support: Documents, Helpdesk, Installation support, Existing services • FE support: Managed services? Existing support services (InfoNet etc) • Survey of directory management policies & technologies used • Foundations for long-term support • Continuous self-evaluation & feedback from early-adopters • Establishing national measures of Shibbolization • Refining estimates of resources and timescale for full transition to a new National Middleware Infrastructure • A pilot support service • What can (and can’t) be re-used from NMI-EDIT CAMP programme? • Models & materials from other European adopters (SWITCH etc) • Opportunity to try different approaches with early-adopter institutions • Close working with national Data Service Providers • Testing different transitional interop models with Athens • Implications (problems?) for Institutions • Less duplicated end-user admin than with Athens (similar to AthensDA) • Need for agreement on role attributes (eduPerson) for end-user description • Many don’t yet have standards-based supporting services (SSO, enterprise directories) • …but new costs would largely replace & improve, rather than add-to, existing ad-hoc AM mechanisms) • How much do we spend, now, on piecemeal access management??? www.angel.ac.uk/SECURe