Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Slides:

Advertisements

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Advertisements

ICT Services Suppliers Briefing Thursday, 17 September 2009.

Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.

Joint Information Systems Committee 01/04/2014 | slide 1 Access Management and e-Portfolios What are we trying to protect??? Joint Information Systems.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 01/04/2014 | | Slide 1 e-Infrastructure Programme James Farnhill, Programme Manager, JISC Identity Management and Levels.

The e-Framework Bill Olivier Director Development, Systems and Technology JISC.

Supporting Further and Higher Education Joint Information Systems Committee JISC Strategies & Support of e-Science for Research Dr Malcolm Read JISC Executive.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Supporting education and research JISC ‘Accessing the Future’ Addressing the needs of Further Education and smaller institutions Nicole Harris, JISC Programme.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Stimulating and Supporting Innovation in Learning RSC Wales – Supporting Programmes of Development.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London.

Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)

Developments in Access and Identity Management Phil Leahy – Athens Product Manager.

Engineering & Physical Sciences Research Council.

Diana Laurillard Head, e-Learning Strategy Unit Overview of e-learning: aims and priorities.

Supporting further and higher education Current A&A Developments in the UK Alan Robiette, JISC Development Group.

Implications for UK infrastructure No more dependency on the VERY LARGE centralised database of Athens Need for implementation of a national WAYF service.

National Secondary School Computer Fund (NSSCF)

PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 3 May 05Spring 2005 Internet2 Member meeting 1 News from the ‘misty’ Albion: Shibboleth.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

WHELF’s HELP Project Higher Education Libraries in Partnership Elizabeth Kensler HELP Project Officer UC&R Wales 11 th February 2005.

Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.

Supporting further and higher education UK Middleware Update TF-EMC2 Meeting, 4 November 2004 Alan Robiette, JISC Development Group.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Welcome slide. From innovation to implementation to sector change: the view from HEFCE JISC Innovation Forum Keele University, 15 July 2008 Dr John Selby.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

National Digital Infrastructure The DfES vision for the next five years in ICT in Schools.

Supporting education and research JISC Strategy for Support of eResearch Nicole Harris JISC Programme Manager.

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

UK Access Management Federation Matthew Dovey Programme Director, Digital Infrastructures (Research) 10 June 2011 CERN.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Supporting education and research Introduction to JISC JISC Name Role.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Supporting education and research The JISC Core Middleware Call Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research.

MAPS Middleware Action Plan & Strategy Project Middleware Action Plan & Strategy Project (MAPS) Patricia McMillan, Project Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Supporting education and research Access Management: the Campus Issues Alan Robiette, JISC Development Group.

Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.

Supporting further and higher education e-Portfolio - Strategic and Policy perspectives Paul Bailey Programme Director e-Learning Programme.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Transforming the Adult Social Care Workforce 7 th December 2010 Virginia McCririck – DH - SW.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

ALPSP Effective Customer Authentication 15-Jul The (now… then…) next of Authentication: Shibboleth John Paschoud SECURe Project, LSE Library.

ESA Single Sign On (SSO) and Federated Identity Management

UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.

Supporting Institutions Towards a Shibbolized Infrastructure

The JISC Core Middleware Call

Presentation transcript:

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager

Joint Information Systems Committee 19/05/2015 | slide 2 Federations within the UK: Unique Issues The need to move from an existing legacy system: Athens. –The Federation Gateways designed by Eduserv. –Intensive outreach programme to support. The size: –641 Higher and Further Education Institutions. –Joint initiative with schools through BECTA (British Educational Communications and Technology Agency). C.30,000 schools, but served through virtual regional identity providers. Prioritisation of join-up: –UK Certification Authority (National Grid Service). –Janet Roaming Service (eduRoam). –NHS. –Government initiatives (Unique Learner Number, Government portals, Government systems etc.) Complex federation service provider and development programme.

Joint Information Systems Committee 19/05/2015 | slide 3 The UK Development Landscape outreachsupportfederation Federation Services Athens Gateways CA Bridge eduRoam Gateway Development Level of Assurance – FAME project Identity Management – inter- and intra- NHS / Government N-tier Developments – SPIE project Authorisation Tools - PERMIS, DYVOSE (Authority Delegation) Interfaces / User Tools Virtual Home for Identities Federation Tools Identity / Service Providers

Joint Information Systems Committee 19/05/2015 | slide 4 Gateways The gateways act as ‘outsourced’ or ‘virtual’ Identity Providers for the federation: –Athens Federation Gateways; –Janet Roaming Service; –CA Bridge (temporary GRID credentials for federated users). Purpose is to leverage existing, rich back-ends and to allow choice. Athens Federation gateways seen as transitional tools. Janet Roaming Service and Certificate solutions may be longer lived. Technical specifications available from Programme Manager.

Joint Information Systems Committee 19/05/2015 | slide 5 Core Middleware Technology Development Programme 17 projects funded to support a range of development activities within core middleware. Range of technologies and issues explored: –Shibboleth and its application, including pilot federation (SDSS). –Radius, wireless networking and federated access: pilot ‘virtual identity provider’. –Web portal and ‘n-tier’ issues for authorisation. –Attribute release policies, particularly with PERMIS tools. –Levels of authentication assurance. –Dynamic delegation of authority. –Integration of UK Certificate Authority and Shibboleth technology (new projects). Projects producing range of useful software tools and guidance for use now. Also informing future development plans.

Joint Information Systems Committee 19/05/2015 | slide 6 Core Middleware Infrastructure Programme ‘Spending Review’ grant to achieve specific aim of ‘working federated access management infrastructure’ (Aim Two). £3.4 million across two years (although small carry forward of some funds). Focused activities: –‘Shibbolising’ of JISC resources held at MIMAS and EDINA. –Funding for a support service – MATU at Eduserv. –Early Adopter funding to help institutions implement required technologies (two calls, 26 institutions). –Regional Early Adopters to explore e-Learning collaborations with federated access. –Funding for initial development of full federated service – UKERNA. –Communications and outreach programme. –Evaluation element. –Repository of outputs. Completes in April (July) Full federated access management system to be in place by November 2006.

Joint Information Systems Committee 19/05/2015 | slide 7 Access Management: Transition Programme Moving from a ‘working’ infrastructure to a full production federation (i.e. with critical mass of users). Integration of current work plans within JISC Development and JISC Services. Main workpackages: –Continued support for current Athens contract (until July 2008). –Funding for the federation gateways. Allowing Athens authenticated users to access shibboleth protected resources (Athens as super-Identity Provider). Allowing institutionally authenticated (via shibboleth) users to access Athens protected resources (Athens as super-Resource Provider). –New contract for support service (January 2007). –Funding for JISC UKERNA. –Communications and outreach plan. –National and International liaison plan.

Joint Information Systems Committee 19/05/2015 | slide 8 Giving Institutions Choices BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS –COSTS: Institutional effort to implement software, join federation and enhance institutional directories –BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT –COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation –BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS) –COSTS: Subscription costs to external supplier (from July 2008) and internal administration role –BENEFITS: Minimum institutional effort to achieve access to external resources only

Joint Information Systems Committee 19/05/2015 | slide 9 Roadmap for Institutions

Joint Information Systems Committee 19/05/2015 | slide 10 Why Has JISC Chosen this Route? Extensive research proved this to be the most appropriate technology. Meets the defined criteria for an access management system within the UK: –Internal (intra-institutional) applications (mostly through SSO system) –Management of access to third-party digital library-type resources (as now) –Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios) –Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs) International take-up secures future of development and support. International take-up provides economies of scale through work in partnership.

Joint Information Systems Committee 19/05/2015 | slide 11 Why Is this Strategically Important? Key Messages Federated access management system key deliverable within the current JISC strategy. Implementation will require institutional effort, and should be recognised within institutional IT strategies. Federated access management is required to meet other strategic requirements: –DfES e-Strategy and e-Learning goals (such as e-Portfolios and e-Learning collaborations) –HEFCE e-Learning Strategies –Science and Innovation Investment Framework National take-up: interaction with BECTA and the schools sector, and increasingly with NHS. International take-up: importance of cross-working with Europe, US and Australia.

Joint Information Systems Committee 19/05/2015 | slide 12 IMPACT CHANGE –JISC support for Athens will not be available after July INSTITUTIONAL EFFORT –To put in place the relevant parts of the system to allow devolved authentication. CHOICE –Of technologies. The federated access management system will not dictate the choice of single sign-on, directory system or environment in which you work. JOIN-UP –Across domains (e-Learning, e-Research and Information Environments) and across systems (for internal, external and collaborative access management) IMPROVEMENTS –Real single sign-on, improved directory systems, foundation blocks for secure collaboration.

Joint Information Systems Committee 19/05/2015 | slide 13 SUPPORT COMMUNITY SPACE FEDERATION USER GROUPS OUTREACH BRIEFINGS ROADSHOW MEETINGS UG MANAGEMENT ASSISTED TAKE-UP TOOLKITS TRAINING HELPDESK CS MANAGEMENT SUPPORT FAQS JOINING WIZARD HEALTH CHECKS HELPDESK

Joint Information Systems Committee 19/05/2015 | slide 14 FUTURE: Ongoing JISC Development Plans Parallel to Transition Plan, a new development plan. Drivers: Science and Innovation Investment Framework (e-Infrastructure Working Group) and DfES e-Strategy. Still in planning: Funding from e-Infrastructure, e-Learning and Repositories programmes (cross-JISC). New development aims for Core Middleware: –AIM ONE: Developing Core Middleware in partnership. –AIM TWO: Enhancing AAI Services. Virtual Home for Identities, Virtual Organisation support, eduRoam / Federation co-ordination, ShibGrid implementation. –AIM THREE: Understanding Infrastructural Requirements. MIAP trials for e-Learning, joint support posts at UKERNA and CA (PKI brief, appropriate authentication etc.), accounting and auditing developments. –AIM FOUR: Changing practise. Level of Assurance and Identity Management (recent call). –AIM FIVE: Meeting service to service requirements. WS* and SAML compatibility, SAML 2.0 developments, access management and repositories.

Joint Information Systems Committee 19/05/2015 | slide 15 Contacts and Addresses Nicole Harris ; JISC Middleware programmes: JISC Middleware documents: Information about UK federation developments: