Presentation is loading. Please wait.

Presentation is loading. Please wait.

MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005.

Similar presentations

Presentation on theme: "MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005."— Presentation transcript:

1 MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005

2 Where We Are From - Eduserv Eduserv is a not-for-profit IT services group –born from services developed within universities The Eduserv Foundation –funds initiatives supporting application of IT in education Over 10 years experience delivering Access Management –Athens Contracted by the JISC to provide the MATU service –assist HE & FE with early adoption of Shibboleth

3 MATU Objectives Middleware Assisted Take Up Service –A JISC sponsored Eduserv Service Support JISC Core Middleware Project Early Adopters Provide a central repository –information –advice –training

4 The Problem Shibboleth ® Addresses Users accessing many different systems –proliferation of credentials –one pair of credentials per resource –forgotten passwords –Security & Integrity compromised abc123 issue –passwords sent in the clear and shared –proprietary systems – locked in –no organisational control centre

5 What Shibboleth ® is NOT NOT an all-in-one identity management solution –one of many components NOT an authentication or a SSO system –need to plug one in (CAS, pubcookie, …) NOT an Attribute Store –need to plug one in (Directory, Database, …) NOT a fixed specification –ongoing evolution

6 Internet2 Collection of over 200 U.S. Universities involved in a wide variety of initiatives: –advanced network applications –research and higher education –creating tomorrows Internet Wide variety of: –Groups Working, Specialist Interest, Advisory, … –Initiatives

7 Internet2 - Middleware Initiative Initiatives: –Shibboleth ® –eduPerson both of which are under umbrella of MACE Others MACE activities: –Grouper –Middleware End-To-End Diagnostics Advisory Group –Signet

8 Internet2 - Shibboleth ® Share secured online services Control access to restricted digital content Leverages campus identity and access management infrastructures –authenticate individual users –sends information about users to resource site –enables resource provider to make authorisation decisions Common SSO layer over existing systems

9 What is a Federation … Group of organizations sharing set of agreed policies, rules for access to online resources –enable the members to establish trust and shared understanding of language or terminology –provide a structure / legal framework that enables authentication and authorization Supporting technologies: –Shibboleth –SAML

10 SWITCHaai - Switzerland Useful demo SWITCHaai: -

11 SWITCHaai - Process Demo

12 Adoption History - World Wide … Europe –SWITCH - AAI - Switzerland Authentication & Authorization Infrastructure 8 universities, > 110k users –integrated user directories into AAI e-learning shared resources –> 10k users on a regular basis –HAKA - Finland Identity Federation of Universities

13 … Adoption History - World Wide USA –widespread adoption by educational and commercial organisations Australia –MAMS Meta Access Management System Macquarie - lead University

14 Adoption History - UK … Started with Core Middleware Programme –started July 2004 / first trial November 2004 –strategic initiative A subset - Early Adopters –over 20 H.E. institutions –includes e-Learning strand –interim reports available

15 … Adoption History - UK Bodington –open source Virtual Learning Environment / Learning Management System –supports teaching and learning across entire range of learning institutions –UK and worldwide Guanxi Project –UHI - University of Highlands and Islands –institutional collaborations –e-learning & e-delivery

16 UK Federations Athens UK Shibboleth Federation –production federation SDSS project at EDINA –building development Shibboleth federation … academic online resources –put in place essential technical components –provide environment to assist other projects JISC –Core Middleware: Infrastructure Programme –SWISh, Gilead,

17 JISC - Shibboleth ® The Joint Information Systems Committee –UK HE / FE support organisation JISC - Middleware Adoption –funding a major initiative - 4 years –access to internally and externally produced resources is a one step process for users –development of next generation access management system based on Shibboleth –UK Federation

18 MATU Support - Ethos / Approach "One Stop Shop" –Informed –Authoritative –Impartial Avoid dilution of message and advice Long term individual relationships Mutual support – cyclical –we also need assistance & feedback –returned to early adopters community

19 MATU People Service Manager- Richard Dunning –operations and project specialist Service Analyst- Richard Annett –formerly DSP and AthensDA support Trainer- Steve Edwards –consulting & development: J2EE, XML, Web Services –International activities: IBM, BEA, … Others involved include: –James Mulhern project director, head of R & D –David Orrell technical architect heavily involved in the middleware arena nationally & internationally

20 MATU Service A Comprehensive Website –FAQS, Guidance, Installation guides, business cases, downloads Software downloads –Internet2 software –Eduserv software –Other software e.g. Guanxi Service desk –Telephone and Email support –Access to some of the leading experts on Access Management and Shibboleth –Test infrastructure Training –Seminars / Workshops –Conferences

21 MATU Assisted Projects Twenty projects in total comprising of: –Over 20 early adopter projects 16 institutions –9 e-learning strand early adopter projects 11 institutions 15-18 new projects to be announced mid-November 2005


23 Workshops & Events October –Introduction to Shibboleth: v1.3 - IdP & SP November –JISC Conference December –Introduction to Shibboleth: v1.3 - IdP & SP October workshop repeated for new project intake January –Deploying Shibboleth: v1.3 IdP –Deploying Shibboleth: v1.3 SP –LDAP - Lightweight Directory Access Protocol February –Federations and the Law

24 Current Activities Getting to know the projects –aims: give early adopters confidence –get early adopters to outline their projects –form relationships –help with problem solving at an early stage One-to-one meetings with project owners include: –University of Essex (Chimera) –London School of Economics –University of Essex (UK Data Archive (SAFARI)) –Liverpool University –University of Nottingham –University of Bristol –University of Exeter –University of Cardiff –University of Staffordshire

25 Shibboleth / Athens Interoperability Eduserv's JISC contract for Access Management services to UK HE & FE, commits us to delivering full Shibboleth Athens interoperability: Athens Federation –providing a governance framework for Athens registered organisations and online resources Athens Identity Manager (AthensIM) –fully supported and standalone Shibboleth Identity Provider (origin) software Shibboleth to Athens Gateway –providing Shibboleth-enabled organisations access to Athens-enabled resources

26 Prerequisites Users IDs and credentials –Database –Directory –Flat files A web-based Single Sign-On System –e.g. Pubcookie Yale CAS Bespoke Network & Server Infrastructure Skilled People

27 Getting Started? MATU Support Think carefully about how you are going to use Shibboleth –who and where are your users –what are you looking to access / share / protect –what Federation is best for you Make sure you know who you and your stakeholders are! –Identity Provider –Service Provider –both! Align your Access Management to your IT strategy –and adapt Align your Attribute Release Policy with Institutional DP & Privacy Ensure you have all the necessary building blocks –A populated Information Store –A Web SSO system Plan how you are going to deliver and resource your new service Decide what software is best for you

28 Advice to Projects Plan –especially access to institutional data Keep it simple –limit the use of user attributes at least initially Try, test, prototype –but avoid live kit Put the necessary prerequisites in place Weigh up privacy v. personalisation Do not go it alone

29 And Now? MATU is here to support early adopters in using Shibboleth We want to: –talk to them –understand their requirements to ensure a smoother start to assist with minimising problems

30 Contact Us Contact the MATU team at: – Postal address: –Eduserv MATU Queen Anne House 11 Charlotte Street Bath BA1 2NE Phone:01225 474373 Fax:01225 474332 Website: –

Download ppt "MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005."

Similar presentations

Ads by Google