Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence

Similar presentations


Presentation on theme: "Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence"— Presentation transcript:

1 Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence

2 Overview COLIS and access management Access management challenges MAMS MAMS and other projects Access management framework

3 COLIS and access management Demonstrator project based on open standards –IMS CP, IMS DRI, IMS LRM, ODRL Five universities and five vendors –Many different conceptions of the problem –Language difficulties The COLIS Demonstrator is not the solution –Work in progress to help uncover practical issues –Functioning Demonstrator for discussion

4 Systems Chunks in COLIS Learning Space Application Integration Content Management Library E-Services E-Reserve E-Journals Integration Services Learning Management Digital Rights Management Directory Services Learning Content Management

5 COLIS and access management Access management requirements –No modification to target systems –SSO Deep linking –Support multiple windows Different approaches to solving access management –Large scale corporate solution –Small scale pragmatic approach, legacy systems

6 SSO Proxy + Scripting COLIS SSO Model User Browser User hasnt logged in Application URL Application Web Server Authentication Challenge Login Form Authentication Token Web Page 1 User has logged in User hasnt logged in LDAP Authentication Authorisation DBase

7 Access management challenges Need for practical, incremental solutions Recognition of education systems environment –Many legacy systems, impractical to change/remove No single solution will be sufficient –Need more than one way of accessing targets –Multi-modal Single Sign On Intra-institutional and inter-institutional needs Role of identity management –Directories, unique identifiers, extensible attributes

8 MAMS MAMS - Meta Access Management System An umbrella system with numerous modules for access to different systems as required Inter-institutional communication between MAMS Originally a proposal to DEST SII in 2002 Now a consortium bid for ARIIC 2003 common technical services Demonstrator

9 Current University Access Management Challenge Access System (eg, Portal) One type of SSO mechanism (eg, Kerberos) Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) xxx ? Directories

10 Meta Access Management System (MAMS) Architecture Access System (eg, Portal) Local MAMS Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) Scripting module Reverse proxy modules IP address restriction module Kerberos module Other Institution MAMS Directories

11 Example MAMS Implementation (Type 4) Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled)

12 MAMS and other projects MAMS has liaisons with: –COLIS partners (MQ, UNE, USQ, Tas, Newcastle) Indirect liaison to OTEN and WestOne from IIS&R project –WALAP partners (UWA, Curtin, EC, Murdoch, ND) –Telstra Research Labs, National Library of Australia, education.au –Vendors: Sun, Microsoft, Novell –Internet2/MACE Shibboleth project (US) –Open Knowledge Initiative (OKI) (US) –Various JISC/CETIS projects (UK) –University of Ulster/Athens (UK) –National Library of New Zealand (NZ)

13 MAMS and other projects MAMS open standards research covers: –Security Assertion Markup Language (SAML) –eXtensible Access Control Markup Language (XACML) –Directory Assertion Markup Language (DAML) –Service Provisioning Markup Language (SPML) –Various components of the Web Services family of standards (WS-*) –EduPerson Directory Schema –Open Archives Initiative Protocol for Metadata Harvesting (OAI PMH) –Dublin Core (DCMI) –Australian Government Locator Service (AGLS) –IMS Learning Resource Metadata (IMS LRM) –IEEE Learning Object Metadata (IEEE LOM) –Metadata Encoding and Transmission Standard (METS) –Open Digital Rights Language (ODRL) –MPEG Rights Expression Language (MPEG REL) –Open Grid Services Architecture (OGSA) –Open Knowledge Initiative Open Service Interface Definitions (OSID) –ISO 2146 Collection Agencies Directory Standard –Z39.50 (ISO 23950) Search protocol –IMS Digital Repository Interoperability (IMS DRI)

14 MAMS and Shibboleth Shibboleth is an Internet2/MACE project –Best practice at cross-authentication for education Standards basis to Shibboleth, especially SAML Common elements –MAMS umbrella and Shibboleth –Shibboleth resource handlers and MAMS modules –Shibboleth inter-institutional federation Crucial importance of anonymity and privacy within foundation architectural model

15 Example MAMS Implementation (Type 4) + Recent Projects overlay Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled) MAMS (Resource Handlers) PKI or other Digital Certificates Shibboleth WALAP

16 A Framework for Access Management The following slides provide a high level, (very) crude framework for thinking about different components of access management

17 Sophistication of component Breadth of access management solution Authen- tication Author- isation Single Sign On Identity & Attributes (Directories) Federated Trust

18 Breadth of access management solution Authen- tication Identity & Attributes Sample PKI approach Sophistication of component

19 Breadth of access management solution Authen- tication Single Sign On Identity & Attributes COLIS approach Sophistication of component

20 Integrated, federated access and identity management infrastructure Breadth of access management solution Authen- tication Author- isation Single Sign On Identity & Attributes Federated Trust MAMS goals Sophistication of component

21 Conclusion Access management as a key element of research and education infrastructure Need for Demonstrator, incremental development, recognition of current education sector realities No one SSO method will be sufficient Importance of open standards Architectural challenge of privacy and anonymity Common ground between MAMS and VET


Download ppt "Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence"

Similar presentations


Ads by Google