UK Access Management Federation Joining the federation 5 December 2006 Mark Tysom, UKERNA
Overview Eligibility Steps to membership Options and considerations Outsourced identity management Application process
Who is eligible to join? All UK education and research institutions and commercial organisations providing services to those sectors.
Steps to membership Review ID management strategy 2. Develop user directories: to hold user’s status/entitlements/etc 3. Authentication development: implement an institutional authentication system
Steps to membership 4. Implement compatible Identity provider software linked to organisational directory and authentication systems 5. Join the federation: apply for membership and sign up to federation rules. 6. Deployment and roll out: staff training, user guides, etc.
Participation How? In-house Out-source Deploy own IdP infrastructure Purchase IdP service from a third party
Participation In-house: Benefits Considerations Retain strategic control over ID management Convergence of internal/external ID management Gain flexibility of AuthN info Considerations May require significant effort to consolidate authentication and authorisation infrastructure New technology to learn and deploy
Participation Out-source: Benefits Considerations Enables participation in the Federation with less effort than taking the In-house route. Considerations Effort required to manage user information User experience may be impaired Diminution of strategic control
Outsourced Identity Provision Both organisation and outsourcing third party must be federation members Organisation must provide: - contact details of outsourcing body - the entity name to be used - security domain(s) the outsourcer can assert on its’ behalf.
Applying for membership Two stage process: 1. Apply for membership online - ukfederation.org.uk/content/Documents/JoinFederation A written request on the organisation’s headed paper signed by a senior officer of the organisation. Authorised to bind the organisation to the federation Rules of Membership.
Applying for membership 2. Register IdP and/or SP entities Each of which will need an X.509 certificate Organisational details added to the metadata
Current Membership Approximately 20 IdPs and 10 SPs: from SDSS 3 new applications since 30th November: 2 SPs, 1 IdP
Questions?