Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London."— Presentation transcript:

1 Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC m.williams@jisc.ac.uk federated access management London

2 Joint Information Systems Committee 04/06/2015 | slide 2

3 Joint Information Systems Committee 04/06/2015 | slide 3

4 Joint Information Systems Committee 04/06/2015 | slide 4

5 Joint Information Systems Committee 04/06/2015 | slide 5 www.bricktestament.com

6 Joint Information Systems Committee 04/06/2015 | slide 6 Update Shibboleth update

7 Joint Information Systems Committee 04/06/2015 | slide 7 Update Shibboleth update Focus on Federated Access Management –Shibboleth just one of / part of the technologies

8 Joint Information Systems Committee 04/06/2015 | slide 8 Introduction What is access management? The Situation The Choices The Business case The Support Discussion

9 Joint Information Systems Committee 04/06/2015 | slide 9 Explaining federated access management Video highlights: –Issues –Advantages –Situation Video Audience: –SMT –Curriculum –LRC Tool for YOU to use

10 Joint Information Systems Committee 04/06/2015 | slide 10 The Situation: JISC Announcement March 2006 July 2008 Athens post July 2008 JISC funded resources / Federation JISC and BECTA Transition Gateways

11 Joint Information Systems Committee 04/06/2015 | slide 11 What is Federated Access Management? Current Athens service is a centralised service: –Institution provides information about users to Athens (identity information). –Athens brokers both authentication and authorisation on the part of the institution with service providers. Federated Access Management devolves authentication back to the institution: –Authentication achieved through normal institutional log-on. –Service Providers trust institutions to appropriately authenticate. –Service Providers and institutions exchange information about users to determine what they can access (attributes: staff, student, law). –Same system can be used for internal, external and collaborative access (e- learning partnerships with other institutions, e-portfolios).

12 Joint Information Systems Committee 04/06/2015 | slide 12 The Push JISC Collections access IDENTITY ISSUES 3rd Party pricing pricing structure Focus on legitimate use – Emphasis on correct use- non sharing of passwords etc Expiry policy Policy for populating user directory

13 Joint Information Systems Committee 04/06/2015 | slide 13 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only

14 Joint Information Systems Committee 04/06/2015 | slide 14 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only

15 Joint Information Systems Committee 04/06/2015 | slide 15 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only

16 Joint Information Systems Committee 04/06/2015 | slide 16 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only GATEWAY ISSUE

17 Joint Information Systems Committee 04/06/2015 | slide 17 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only The cessation of funding for the Federation Gateway Services means that JISC can no longer guarantee the compliance of Athens products within the UK Access Management Federation.

18 Joint Information Systems Committee 04/06/2015 | slide 18 Institutional Options BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only JISC is exploring a new solution for off-campus access to IP protected resources in the form of a national proxy that accepts shibboleth credentials for authentication.

19 Joint Information Systems Committee 04/06/2015 | slide 19 Implementation Third parties –Guide

20 Joint Information Systems Committee 04/06/2015 | slide 20 Third party guide

21 Joint Information Systems Committee 04/06/2015 | slide 21 Implementation Training –Netskills –JANET

22 Joint Information Systems Committee 04/06/2015 | slide 22 Implementation Support materials –Nottingham Trent –JANET MS installer –JIAMPS studies

23 Joint Information Systems Committee 04/06/2015 | slide 23 Implementation

24 Joint Information Systems Committee 04/06/2015 | slide 24 Federation official documentation http://www.ukfederation.org.uk/ Support: UK Federation Website

25 Joint Information Systems Committee 04/06/2015 | slide 25 Strategic Plan –College Vision statements 24/7 Collaboration Remote learning Lifelong learning Work based learning Regional partnership Content sharing Thirdstream

26 Joint Information Systems Committee 04/06/2015 | slide 26 The Strategic Case: Questions to Ask Are there institutional drivers for: The implementation of an enterprise directory / identity management solution? –Need to manage ‘non-standard’ users more efficiently, need to manage all users more efficiently! Single (simplified) sign-on / devolved authentication? –System for both internal and external resources. Collaborative access to resources within other institutions? –HE / FE collaboration; franchises in other countries. Research collaboration? Private sector collaboration? –‘Virtual Organisation’ support; third-stream funding opportunities.

27 Joint Information Systems Committee 04/06/2015 | slide 27 Institutional Audit Strategic fit: Aims of the College –Mission statement, Capability, Staff up-skilling, Collaboration, Costs Options appraisal: which choice meets business need –How many resources do you access? –What do you want to do? Affordability Capability What will your choice solve?

28 Joint Information Systems Committee 04/06/2015 | slide 28 Elements of the toolkit Strategic fit: identifying strategic issues and drivers for access management Options appraisal: considering the range of access management options available and conducting an options appraisal to identify which option best meets the business need Affordability: assessing the affordability of the option identified by considering available funding, existing commitments and estimating whole-life project and operating costs. Where the identified option requires an external procurement, the commercial arrangement should be assessed to ensure value for money can be obtained. Achievability: assessing the achievability of the option identified, within current capability and capacity and the intended business change.

29 Joint Information Systems Committee 04/06/2015 | slide 29 Affordability: commercial Can value for money be obtained from the proposed partner or supplier? Is the through-life cost understood? Are likely support costs clear? Are there “hidden costs” like supplier lock-in or restrictive terms and conditions? Is current and future pricing agreed? If not, can the project be made attractive to a wider market? Is there sufficient competition to get a good deal? What controls on release and use of identity information are there? Are they consistent with institutional strategy? Are the skills in place to deal with the commercial aspects? Is it an existing, trusted supplier?

30 Joint Information Systems Committee 04/06/2015 | slide 30 Skills Skill areaMinimum requirements Operating SystemSecurity policy management for controlling port use Where to install applications, configuration files. Syslogd operation, writing startup services, obtaining and inspecting packet dumps, writing scripts to monitor and control multiple log files in many windows and using filtering, sorting and pattern matching to reformat output. Webserver (Apache, IIS) Knowledge of the configuration files for the webserver and being able to correctly specify values for all directives. Virtual host configuration with SSL. Adding modules, building modules Configuring a content management system to host documentation about procedures and configuration file changes. SSLPKI Use of the openssl command and every option Trust stores and certificate stores Obtaining certificates, installing them, converting to/from different encoded methods. Building certificate chains. HTTP and HTMLWriting simple web pages Meaning of every HTTP code CSS authoring TomcatConfiguration files: server.xml, workers2.properties, tomcat-users.xml Application WAR deployment Use of conf, webapps, WEB-INF and classes directories. Mod_jk use and Tomcat modification to use it “ant command” and editing build.properties and build.xml files. Build WAR and dist files. JavaLog4j and log4cpp configuration options Analyzing stack traces and locating configuration errors. XMLFormat and content of XML files Namespace (xmlns) definition and use XML Schema definitions SAMLProfiles, bindings and extensions CVSSetting up a CVS Repository. Populating (importing) new data Check out/in.

31 Joint Information Systems Committee 04/06/2015 | slide 31 Federation official documentation http://www.ukfederation.org.uk/ Support: UK Federation Website

32 Joint Information Systems Committee 04/06/2015 | slide 32 JISC Website –Case studies –Business case (May) –Awareness events –Netskills training –Institutional audit support –Mailing list Support: JISC Website

33 Joint Information Systems Committee 04/06/2015 | slide 33 Casestudies

34 Joint Information Systems Committee 04/06/2015 | slide 34 Casestudies

35 Joint Information Systems Committee 04/06/2015 | slide 35 Casestudies

36 Joint Information Systems Committee 04/06/2015 | slide 36 First port of call www.jisc.ac.uk/federation Jisc-shibboleth@jiscmail.ac.uk Jisc-shibboleth- announce@jiscmail.ac.uk Jisc-shibboleth- libraries@jiscmail.ac.uk International mailing lists JISC blog RSC’s JISC infornet

37 Joint Information Systems Committee 04/06/2015 | slide 37 FEDERATION – does need to be addressed sooner or later Don’t let this happen to your institution

38 Joint Information Systems Committee 04/06/2015 | | Slide 38 Mark Williams Services Outreach, JISC m.williams@jisc.ac.uk Images courtesy of EIG and CC federated access management JISC RSC SE

Download ppt "Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London."

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
ICT Services Suppliers Briefing Thursday, 17 September 2009.

ICT Services Suppliers Briefing Thursday, 17 September 2009.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Financing of OAS Activities Sources of cooperation Cooperation modalities Cooperation actors Specific Funds management models and resources mobilization.

Financing of OAS Activities Sources of cooperation Cooperation modalities Cooperation actors Specific Funds management models and resources mobilization.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
RIPPLL Regional Interoperability Project on Progression for Lifelong Learning Dr Angela Smallwood, Project Director Sandra.

RIPPLL Regional Interoperability Project on Progression for Lifelong Learning Dr Angela Smallwood, Project Director Sandra.
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
A centre of expertise in digital information management Developing a Quality Culture For Digital Library Programmes Author & Presenter Brian Kelly UKOLN.

A centre of expertise in digital information management Developing a Quality Culture For Digital Library Programmes Author & Presenter Brian Kelly UKOLN.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
COMBASE: strategic content management system Soft Format, 2006.

COMBASE: strategic content management system Soft Format, 2006.
Using New Technologies and Approaches Pamela Bigart World Bank.

Using New Technologies and Approaches Pamela Bigart World Bank.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
A centre of expertise in digital information management A QA Framework To Support Your Library Web Site Review Brian Kelly UKOLN University of Bath Bath.

A centre of expertise in digital information management A QA Framework To Support Your Library Web Site Review Brian Kelly UKOLN University of Bath Bath.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.

Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.

1 Professionalising Programme & Project Management Developing programme & project management capacities for UNDP and national counterparts External Briefing.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
How to Document A Business Management System

How to Document A Business Management System
INITIATING THE PLANNING PROCESS. CONTENT Outputs from this stage Stage general description Obtaining government commitment Raising awareness Establishing.

INITIATING THE PLANNING PROCESS. CONTENT Outputs from this stage Stage general description Obtaining government commitment Raising awareness Establishing.

Similar presentations

Ads by Google