Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

Published byRudolf Porter Modified over 8 years ago

Similar presentations

Presentation on theme: "Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure."— Presentation transcript:

1 Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure Manager (Leeds City Council) pvkirk@leedslearning.net

2 Benefits of a unified AAAI Ease of access – a unified AAAI should simplify the process and make it easier for all users to access resources. The potential to enable ‘anytime anywhere’ access subject to the validity of licences. The reduction of administrative burdens for managers and users in schools. The personalisation of portals, based on identity and location. To enable publishers to concentrate on protecting their assets rather than separately implementing access procedures with each purchasing authority or user.

3 Requirements for AAAI There will need to be a trusted registration process to manage user access. Content delivery must respect Digital Rights Management (DRM). There should be the flexibility to allow purchases at the school, LEA and RBC levels and eventually on a per individual basis. The infrastructure should be location-independent to permit access from homes, libraries etc. as well as schools – subject to DRM issues. The process will need to be simple to use to encourage users and content providers to adopt it.

4 Requirements for AAAI There will have to be ‘trust’ between users, content providers and infrastructure managers. Content providers will have to trust the information that is provided to them and users will have to be assured that no more information is provided than is necessary and that they have given consent for the transaction.

5 RAAAI and the learning environment

6 What if there was no standard framework for AAA? Duplication of effort across multiple schools, LEAs and RBCs without many sharing opportunities. Publishers and network providers would have to interface with multiple systems. It would be more difficult to share resources between schools/LEAs/RBCs as there would not be a common method for establishing identity.

7 At what level should authentication and authorisation take place? Currently the smallest ‘unit’ is probably a school It could be a key stage especially at the pre- 16 / post16 boundary Do we authenticate users or administrative units? How do we maintain security?

8 Where should authentication take place? Within FE / HE each participating college or university to administer its own part of the user database. Within a schools’ environment the smallest practical unit is likely to be an LEA. Do we need a nationally agreed unique identifier?

9 How could AAAI be achieved within schools? Currently there are at least four models in place. These have evolved without reference. Although they are ever more versatile they have not necessarily followed an evolutionary path.

10 Model 1

11 Model 2 The content provider wishes to track the progress/use of its resource by individual users It has provided the school with a unique username and password for each user of its resource Typically there will be a different username/password combination for each user of each resource

12 Model 3

13 Model 4

14 Schools, LEAs and RBCs working towards a national system Two basic models for AAAI appear plausible and are in use elsewhere within the academic community. In the first a remote resource ‘asks’ the AAAI authority whether a user is allowed access to its resource and receives a yes/no response. In the second the remote resource requests an attributes set for the user (agreed in advance) and then makes its own decision based on an examination of the attributes.

15 Model 5

16 Model 6

17 Model 7

18

19 Shibboleth Model 7, evolved from the prior models, has very close parallels with the ‘Shibboleth’ system – a federated authentication system in use across a number of academic institutions in the United States. Jon Browne will now explain how Shibboleth would work in our environment.

Download ppt "Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure."

Similar presentations

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Developing a framework for cross sectoral partnership working University of Abertay Dundee and Dundee City Council.

Developing a framework for cross sectoral partnership working University of Abertay Dundee and Dundee City Council.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.

Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.

Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)

THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.

Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.

Similar presentations

Ads by Google