1 / 17

JISC Metaleth Project

JISC Metaleth Project. Athens, Shibboleth and the University of Bristol 29 th January 2007. Outline. What changes to access management are JISC proposing? What is Shibboleth? What will these changes mean For end-users? For UoB staff? What are the timescales? What are the UoB plans?.

gerald
Download Presentation

JISC Metaleth Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29th January 2007

  2. Outline • What changes to access management are JISC proposing? • What is Shibboleth? • What will these changes mean • For end-users? • For UoB staff? • What are the timescales? • What are the UoB plans?

  3. What is happening? • JISC is aiming to improve theway in which users access resources throughout the UK educational sector • Goal: to allow users to access internal and external resources seamlessly using a single, institutionally controlled identity • Reduce substantially (if not eliminate altogether) current problems in which users are required to maintain multiple passwords for multiple resources in multiple domains

  4. What is happening? (2) • JISC support for Athens will cease • Athens will be available as a paid-for service • New JISC strategy based on Shibboleth technology, a new standards-based approach in this area

  5. Why the move from Athens? • Relies on separate credentials • Forgotten or written down (a security issue) • Shibboleth uses local credentials • Demand for more sophisticated systems for enabling access to materials and resources • Shibboleth’s flexible design provides a good basis for meeting these demands.

  6. What is Shibboleth? • Federated access management framework • Federation of Identity Providers (IdPs) and Service Providers (SPs) • No central identity service • SPs talk to user’s IdP • Authorisation decisions based on IdP-provided information • Federation provides trust fabric • Allows SPs and IdPs to trust each other

  7. What is Shibboleth? (2) • Acknowledgement: • Taken from SWITCH AAI

  8. What is Shibboleth? (3) • For web services only • Integrated with localauthentication • Single Sign OnCAS in UoB case • Location independent • Won’t necessarily provide UoB IP address to those services that use IP addresses to make authorisation decisions

  9. What changes will there be for end-users? • Single Sign On extended • To UoB resources protected by CAS SSO • To third-party resources protected by Athens or Shibboleth • Users will have to negotiate new WAYF step • Techniques to reduce the impact of this

  10. What changes will there be for UoB staff? • No more separate Athens identity management • Users will login to UoB SSO when visiting external protected resources • In time, no separate account management for non-UoB users • e.g. external Blackboard users

  11. What changes will there be for UoB staff? (2) • UoB will have to run (or outsource) a Shibboleth IdP • Linked to LDAP and CAS SSO • One for the techies • Attribute exchange with resource providers will have to be managed • Again, one for the techies

  12. What support is there? • JISC-provided UK AccessManagement Federation forEducation and Research • UoB experience from JISC-funded pilot project • Metaleth (Metalib + Shibboleth) • A Shibboleth to Athens gateway • Provided by Eduserv

  13. What is the time frame? • JISC asking institutions to recognise this change within their IT strategies for the next two years • Athens contract with JISC renewed until July 2008 • Will run in parallel to the UK access management federation and the Athens/Shibboleth gateway • From July 2008, JISC will support access management through the UK access management federation • Athens will become a paid-for service

  14. What are the next steps we need to take? • UoB currently evaluating alternate approaches • Run the Shibboleth infrastructure ourselves • Identity provision, Attribute Authority • Outsource to Eduserv

  15. What are the next steps we need to take? (2) • Project starts in April • Goal: replace Athens at UoB for the Autumn • Tasks: • A production Shibboleth IdP • Transfer of current Athens-protected resources • Shibboleth directly or via Athens/Shibboleth gateway • Policy decisions to be taken regarding attribute release and privacy • Managing the change-over for end-users • Documentation, awareness raising

  16. Further Information • JISC Access Management • http://www.jisc.ac.uk/whatwedo/themes/access_management.aspx • UK Access Management Federation for Education and Research • http://www.ukfederation.org.uk/ • Shibboleth • http://shibboleth.internet2.edu/

  17. Questions? • Jasper.Tredgold@bris.ac.uk

More Related