1 / 22

An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK). Overview. What is access management? What is Shibboleth? UK Access Management Federation The Benefits How to Apply Participation options Support Membership. What is Access Management?.

dulcea
Download Presentation

An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

  2. Overview • What is access management? • What is Shibboleth? • UK Access Management Federation • The Benefits • How to Apply • Participation options • Support • Membership

  3. What is Access Management? In this context = Controlling access to online resources Authentication • Is a user who they say they are? - Identity Authorisation • What is the user allowed to access? - Rights

  4. Legacy access management Are you a licensed user? I’m “AJones/T,t<*?I1” ? Site Licence • User’s identity and personal data are known to all • Publisher knows more than it wants and less than it needs Identity Provider (IdP) Service Provider (SP)

  5. Federated Access Management I’m “AJones/T,t<*?I1”, am I? Are you a licensed user? They say I’m licensed Yes, you’re licensed OK! Site Licence Identity Provider (IdP) Service Provider (SP) • User’s identity and personal data are protected • Publisher knows exactly what it needs

  6. How is this achieved? • Through the use of attributes • Permits fine grained Authorisation • “Law Student” or “Staff Member” not individual username and password • Service Providers can only ask for what they need

  7. What is Shibboleth? • An open source, standards-based solution to meet the needs for organisations to exchange information about their users in a secure, privacy-preserving manner • Recommended software for UK federation participation

  8. What is the UK federation? • A set of Rules that binds members • For UK schools, FE, HE and research • Organisations and institutions providing services to these sectors • Joint funded by JISC and Becta • Operational management by JANET(UK)

  9. What is the UK federation? A secure framework that allows: • students to access protected online web resources based on information asserted by their home organisation. • providers of online resources to control access to their services.

  10. Benefits: for Users • Much less need to disclose your identity • Personal data kept between you and your home organisation • Service providers can tailor services better • (At least) one less password to remember • Access to online resources from anywhere

  11. Benefits: for Organisations • Uses existing authentication infrastructure • Can be used to protect internal resources • No annual subscription fee • Software free to download and use • Easier to comply with regulatory requirements • Data Protection Act 1998

  12. Benefits: for Service Providers • No need to maintain your own user database • Authentication is done for you by home organisation • Can authorise per institution, role, and/or entitlement • Reduction in user support • No annual subscription fee • Software free to download and use • Reduced data protection compliance burden • Less storage/processing of personal data • Users take better care of credentials

  13. Howto apply? • Senior member of organisation signs up to federation Rules of Membership • JANET(UK) verify contact details • Membership confirmed. • Organisation (usually IT staff) registers participating servers with the federation

  14. How to participate • a) In-house: run and support your own Identity Provider (IdP) b) Hybrid: run your own IdP, provided and supported by a third party • Outsource: Third party run IdP under contract http://www.jisc.ac.uk/publications/publications/identityprovidersbpv1.aspx

  15. In-house Approach • Shibboleth IdP is a Java application • Runs on Linux, Unix, Windows, Mac. • Installation is straightforward. • Some configuration is required. • Community support

  16. Shibboleth on Windows • Project Commenced March 08. • Case Studies + documentation. • Free to community. • Release end of May.

  17. Who does what? • Internal Collaboration is essential • IT department must be involved from the outset • Senior management may require a business case (see JISC Business Case Toolkit) • Senior management sign the membership agreement

  18. What help is available? • JANET(UK) helpdesk • Website: www.ukfederation.org.uk/ • Mailing lists • Training courses: http://www.ja.net/services/training/ http://www.netskills.ac.uk/content/products/workshops/range/accman.html • Regional events (Brighton, 29th April)

  19. Who has joined? 247 members (10th March) Sector breakdown 75 FE 106 HE 7 LA/RBC 19

  20. What services are available? • 47 Commercial Service Providers or Publishers • Ovid, Elsevier, Microsoft, BBC, Digimap, JISCmail, JVCS Booking Services, • Full list of Services: http://www.ukfederation.org.uk/content/Documents/AvailableServices • Dialogue with Service Providers http://access.jiscinvolve.org/federated-access-and-publishers

  21. When should you join? • Now! (get the admin out of the way) • Audit your existing infrastructure and assess organisation’s readiness • Implement your IdP • Roll out within organisation • Consider federating internal services

  22. Questions? • More info: • www.ukfederation.org.uk • E-mail lists: • Ukfederation-announce@jiscmail.ac.uk • Ukfederation-discuss@jiscmail.ac.uk • JISC-shibboleth@jiscmail.ac.uk • JISC-shibboleth-libriaries@jiscmail.ac.uk

More Related