Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Similar presentations


Presentation on theme: "Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning."— Presentation transcript:

1 Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning Centre Of Excellence (MELCOE)

2 Overview COLIS and access management COLIS and DRM Access management challenges MAMS Shibboleth and MAMS Repository federation – search and access

3 COLIS and access management Demonstrator project based on open standards –IMS CP, IMS DRI, IMS LRM, ODRL Five universities and five vendors –Many different conceptions of the problem –Language difficulties The COLIS Demonstrator is not “the solution” –Work in progress to help uncover practical issues –Functioning Demonstrator for discussion

4 Systems Chunks in COLIS Learning Space Application Integration Content Management Library E-Services E-Reserve E-Journals Integration Services Learning Management Digital Rights Management Directory Services Learning Content Management

5

6 COLIS and access management Access management requirements –No modification to target systems –SSO “Deep linking” –Support multiple windows Different approaches to solving access management –Large scale “corporate” solution –Small scale pragmatic approach, legacy systems

7 SSO Proxy + Scripting COLIS SSO Model User Browser User hasn’t logged in Application URL Application Web Server Authentication Challenge Login Form Authentication Token Web Page 1 User has logged in User hasn’t logged in LDAP Authentication Authorisation DBase

8 Access management challenges Need for practical, incremental solutions Recognition of university systems environment –Legacy systems No single solution will be sufficient –Need more than one way of accessing targets –“Multi-modal Single Sign On” Intra-institutional and inter-institutional needs Role of identity management –Directories

9 MAMS MAMS - “Meta Access Management System” An umbrella system with numerous modules for access to different systems as required Inter-institutional communication between MAMS

10 Current University Access Management Challenge Access System (eg, Portal) One type of SSO mechanism (eg, Kerberos) Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) xxx ? Directories

11 Meta Access Management System (MAMS) Architecture Access System (eg, Portal) Local MAMS Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) Scripting module Reverse proxy modules IP address restriction module Kerberos module Other Institution MAMS Directories

12 Example MAMS Implementation (Type 4) Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled)

13 Shibboleth and MAMS Shibboleth as best practice for cross-institutional connections Standards basis to Shibboleth, eg SAML Common elements –MAMS umbrella and Shibboleth –Shibboleth “resource handlers” and MAMS modules –Shibboleth inter-institutional federation Links to other Internet2 projects, eg eduPerson

14 Example MAMS Implementation (Type 4) + Recent Projects overlay Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled) MAMS (Resource Handlers) PKI or other Digital Certificates Shibboleth WALAP

15 MAMS Project Components (1) Iterative demonstrations to help drive the gathering of user requirements (2) Development of common services prototypes –Intra-institutional multi-modal SSO –Inter-institutional access management Attribute exchange (Shibboleth) Automation of policy –Federated and extensible identity –Other common services: DRM, search, metadata (3) Implementation advice and programs

16 Repository Federation - Search The problem of “portal envy” Search as an “anonymous” service, rather than building “one portal to rule them all” –No one may know of the existence of your repository until they access a specific item from someone’s search gateway (based on harvesting/federation of your MD) The importance of Federated Search Gateways –COLIS experiences

17 LOM Metadata OAI Server SRW Server OAI Server OAI Harvest Library Catalogues Web Content InfoSeefer Z39.50 SRU Z39.50 Search Intermediary LOM Metadata CP XML E-Reserve DC+ext Metadata Repository Federation - Search - COLIS

18 Repository Federation - Access If content is free to the world (including no restrictions on potential commercial use), then access restrictions are not normally a concern Otherwise…. Traditional access restrictions across repositories –Endless names and password, management nightmare Or…federated access using attribute exchange –The next generation - but requires important changes to how repositories handle access issues –Non trivial technical challenges to repository architecture

19 Conclusion Access management is a key element of research (and other) common services infrastructure Need for Demonstrator, incremental development, recognition of current university realities No single SSO method will be sufficient Importance of open standards Common ground between –MAMS and Shibboleth –MAMS and repository projects –MAMS and vendors


Download ppt "Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning."

Similar presentations


Ads by Google