Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April 2007 Mark Tysom, UKERNA
Copyright JNT Association 20052Optional Copyright JNT Association What is the UK Federation? Benefits Eligibility Suggested approach Methods of participation Application process Membership Overview
Copyright JNT Association 20053Optional Copyright JNT Association What is the UK Federation? A set of Rules that binds members: –Make accurate statements to other members –Keep federation systems and data secure –Use personal data correctly (inc. DPA1998) –Resolve problems within the Federation Not by legal action –Assist Federation Operator and other members
Copyright JNT Association 20054Optional Copyright JNT Association What is it used for? Allows a browser user to access protected online resources based on information asserted by their home organisation. Allows providers of online resources to control access to their services.
Copyright JNT Association 20055Optional Copyright JNT Association The UK Federation Launched November 2006 For UK schools, FE, HE and research Organisations and providing online services to these sectors Funded by JISC and Becta Operational management by UKERNA
Copyright JNT Association 20056Optional Copyright JNT Association What are the benefits? –Centrally funded –Access to resources from anywhere –Provides consistency across the whole of education for AuthN & AuthZ –Can be used to protect internal resources –At least one less password to remember –Improves the user experience –Facilitates sharing of content and collaboration across sectors
Copyright JNT Association 20057Optional Copyright JNT Association Who is eligible to join? Colleges and universities Local Authorities with responsibility for the schools sector Research council funded establishments Other publicly funded bodies subject to support from relevant authorities Commercial and other organisations providing online services to these sectors
Copyright JNT Association 20058Optional Copyright JNT Association Considerations Review your identity management strategy –for example, how many directories you have and who owns them? Build the business case JISC will cease to centrally fund Athens in July 2008
Copyright JNT Association 20059Optional Copyright JNT Association Suggested approach
Copyright JNT Association Optional Copyright JNT Association The six steps 1.Review ID management strategy 2. Develop user directories: to hold user’s status/entitlements/etc 3.Authentication development: implement an institutional web authentication system
Copyright JNT Association Optional Copyright JNT Association The six steps 4. Implement compatible Identity provider software linked to organisational directory and authentication systems 5.Join the federation: apply for membership and sign up to federation rules. 6. Deployment and roll out: staff training, user guides, etc.
Copyright JNT Association Optional Copyright JNT Association Participation –In-house Deploy own IdP infrastructure –Out-source Purchase IdP service from a third party
Copyright JNT Association Optional Copyright JNT Association Pros and cons: In-house –Benefits Retain strategic control over ID management Convergence of internal/external ID management Easier to comply with data protection regulations –Considerations May require significant effort to consolidate authentication and authorisation infrastructure New technology to learn and deploy
Copyright JNT Association Optional Copyright JNT Association Pros and cons: Outsourced –Benefits Enables participation in the Federation with less effort than taking the in-house route –Considerations Effort required to manage user information Both the organisation and outsourcing third party must be federation members User experience may be impaired – less intuitive Diminution of strategic control
Copyright JNT Association Optional Copyright JNT Association What do I need to do to join? Identify your host organisation (the legal body that will sign the rules of membership) Arrange for your host organisation to sign the rules of membership and nominate –Executive liaison who agrees, on behalf of the organisation, to be bound by the rules of membership –Management liaison who registers entities Obtain an X.509 server certificate Once membership accepted, management liaison can register entities Details of the entity added to federation metadata
Copyright JNT Association Optional Copyright JNT Association Support JANET Customer Services Helpdesk: - Joining the federation - Registering entities - Trouble shooting metadata Internet 2 team and Shibboleth community: - general Shibboleth and Shib-related queries
Copyright JNT Association Optional Copyright JNT Association Current Membership 22 institutional IdPs 13 SPs 18 in the pipeline
Copyright JNT Association Optional Copyright JNT Association Further Information Website – lists
Copyright JNT Association Optional Copyright JNT Association Questions? Website – lists