420 likes | 432 Views
Learn about JISC's initiative to support federated access management for UK Higher and Further education institutions. Find out why this system is strategically important and how it aligns with international standards.
E N D
Connecting People to Resources Federated Access Management within the UK Nicole HarrisSenior Services Transition Manager, JISC
Connecting People to Resources OVERVIEW
A summary • JISC has published its intention to centrally support federated access management from July 2008 as the preferred access management system within UK Higher and Further education. • This will be enabled by the UK Access Management Federation, to be run by UKERNA: www.ukfederation.org.uk. • The federation is ‘technology neutral’ in terms of what systems an institution uses as long as it is SAML compliant: Shibboleth, Guanxi, AthensIM, Athens gateways (but potentially iChain and other commercial systems). • JISC will fund Athens until July 2008, after which institutions will be required to pay a subscription for ‘classic’ Athens and AthensDA (and other new Athens resources such as ‘Atacama’). • JISC is funding Eduserv to provide gateways between Athens and the UK Access Management Federation to allow Service Providers and Institutions to continue using Athens if they so chose. • Authentication is devolved to the institution: the institution needs to be able to authenticate every user who is entitled to access institutional resources. • Authorisation is handled by an exchange of information between an institution and service provider: the institution needs to know exactly what each and every user is entitled to access.
Why federated access management? • Moves closer to the single sign-on ideal. Users need not remember so many passwords as they use their institutional username and password to access external, internal and collaborative resources • Aligns with international convergence on Shibboleth/SAML - wider market for suppliers • Avoids the need to maintain a central Athens-type database of registered users- by JISC/Eduserv and by participating libraries • Open Source tools are available- so tools can be developed by participants and shared • Commercial tools are available - for those who do not wish to use open source solutions • Can be used for collaborative access to institutional resources - solves problem of how you allow access to your resources to other institutions WITHOUT having to register people as members of your institution. • Free at the point of use for all members of the UK Access Management Federation.
Why Has JISC Chosen this Route? • Extensive research proved this to be the most appropriate technology. Meets the defined criteria for an access management system within the UK: • Internal (intra-institutional) applications (mostly through SSO system) • Management of access to third-party digital library-type resources (as now) • Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios) • Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs) • International take-up secures future of development and support. • International take-up provides economies of scale through work in partnership.
Why Is this Strategically Important?Key Messages • Federated access management system key deliverable within the current JISC strategy. • Implementation will require institutional effort, and should be recognised within institutional IT strategies. • Federated access management is required to meet other strategic requirements: • DfES e-Strategy and e-Learning goals (such as e-Portfolios and e-Learning collaborations) • HEFCE e-Learning Strategies • Science and Innovation Investment Framework • National take-up: interaction with BECTA and the schools sector, and increasingly with NHS. • International take-up: importance of cross-working with Europe, US and Australia.
IMPACT • CHANGE • JISC support for Athens will not be available to institutions after July 2008. • INSTITUTIONAL / SERVICE PROVIDER EFFORT • To put in place the relevant parts of the system to allow devolved authentication. • CHOICE • Of technologies. The federated access management system will not dictate the choice of single sign-on, directory system or environment in which you work. • JOIN-UP • Across domains (e-Learning, e-Research and Information Environments) and across systems (for internal, external and collaborative access management) • IMPROVEMENTS • Standards based approach to access management improving flexibility. • Real single sign-on, improved directory systems, foundation blocks for secure collaboration.
Connecting People to Resources STATISTICS
Reviewing Readiness: Independent Review How many institutions will adopt federated access by July 2008? (FE figures: Scotland, Wales and Northern Ireland only) “ The Sunday Times University Guide was used as a measure of the top 20 Universities. Of the top 20, information on institutional position was obtained for 18. Of the 18, 8 are early adopters of FAM, 9 plan to adopt by July 2008, 1 is interested but has no current plans to adopt. “
Federation Stats: 16th April 2007 • 51 MEMBERS. • 29 ‘Core’ Institutional Members.
Connecting People to Resources CHOICES
Option 3: The Gateways ATHENS INSTITUTION ATHENS CENTRAL ATHENS PROTECTED RESOURCE SP Gateway IdP Gateway UK ACCESS MANAGEMENT FEDERATION FEDERATED RESOURCE FEDERATED INSTITUTION
Gateway Attributes • Athens Identity Providers accessing Shibboleth Service Providers can use: • eduPersonScopedAffiliation. • eduPersonTargetedID. • Shibboleth Identity Providers accessing Athens Service Providers can use: • eduPersonTargetedID. • eduPersonEntitlement (full permission set). • All other scenarios can make use of appropriate attributes as required. Not limited to core set.
Connecting People to Resources EXAMPLES
Connecting People to Resources INDEX TO THE TIMES: EDINA
Shibboleth Access via a WAYF for external services And where they are from
Connecting People to Resources SCIENCE DIRECT
Connecting People to Resources LANDMAP: MIMAS With thanks to Ross Macintyre
Connecting People to Resources SUPPORT
Support Resources • www.jisc.ac.uk/federation and jisc-shibboleth@jiscmail.ac.uk. • ‘shib-enable-vendor’ lists: contact Jane Charlton @ JISC for more information. • Briefing Paper – available on the JISC stand. • Federated Access Management Animation. • Service Provider process map: available on the JISC website.
www.ukfederation.org.uk www.jisc.ac.uk/federation.html n.harris@jisc.ac.uk j.charlton@jisc.ac.uk