Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Slides:



Advertisements
Similar presentations
Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Advertisements

Lousy Introduction into SWITCHaai
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
A centre of expertise in digital information management A QA Framework To Support Your Library Web Site Review Brian Kelly UKOLN University of Bath Bath.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Supporting Further and Higher Education Building the UK National Information Environment - Lessons from the Past and Pointers To the Future Norman Wiseman.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Copyright JNT Association 20051OptionalCopyright JNT Association 2006 UK Access Management Federation update to TF-EMC2.
Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
SWITCHaai Team Federated Identity Management.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.
AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
TERENA NORDUnet Networking Conference 1999 Lund Norman Wiseman JISC Head of Programmes JISC Programme for Middleware Development.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Shibboleth at Columbia Update David Millman R&D July ’05
Current list of common attributes of the EDIT federation Single Sign-On for the EDIT platform Lutz Suhrbier¹, Andreas Kohlbecker², Andreas Müller² 1 Freie.
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.
Shibboleth What is it and what is it good for? Chad La Joie, Georgetown University.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
The UK Access Management Federation John Chapman Project Adviser – Becta.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
June 9, 2009 SURFfederatie: implementing a multi- protocol federation Hans Zandbelt & Joost van Dijk, SURFnet.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Security Bob Cowles
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration TeSS Service Provider Training, Manchester Authentication and Authorisation.
Draft-howlett-abfab-trust-router-ps ABFAB, IETF83 Josh Howlett & Margaret Wasserman.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
LIGO Identity and Access Management
Ian Bird GDB Meeting CERN 9 September 2003
InCommon Steward Program: Community Review
e-Infrastructure Workshop 28th March 2006, University of Leeds
ESA Single Sign On (SSO) and Federated Identity Management
TNC - 22nd May 2007 Mark Tysom, UKERNA
UK Access Management Federation
UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.
Community AAI with Check-In
Supporting Institutions Towards a Shibbolized Infrastructure
Protecting Privacy with Federated AA
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett

Copyright JNT Association 20052OptionalCopyright JNT Association 2007 Summary What is it? How does it work? Benefits What the service provides Suggested approach Further Information

Copyright JNT Association 20053OptionalCopyright JNT Association 2007 The UK Federation A group of member organisations who sign up to a set of rules An independent body, managing the trust relationships between members End user organisations act as ‘identity providers’ (IdPs) and optionally ‘service providers’ (SPs) Publishers and resource providers act as ‘service providers’ (SPs)

Copyright JNT Association 20054OptionalCopyright JNT Association 2007 Organisational Structure Funded by Becta & JISC Provided for Schools, FE & HE Operational management by UKERNA Policy & Governance Board Technical Advisory Group

Copyright JNT Association 20055OptionalCopyright JNT Association 2007 Components Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach

Copyright JNT Association 20056OptionalCopyright JNT Association 2007 Scope of Federation Identity Provider Service Provider Federation operator Metadata Rules Possible bilateral agreement WAYF Discovery: either WAYF or WAYG Assertions : AuthN, Attributes, (AuthZ)

Copyright JNT Association 20057OptionalCopyright JNT Association 2007 How it works

Copyright JNT Association 20058OptionalCopyright JNT Association 2007 How it works The core attributes should be sufficient. If not –eduPerson ie. nickName –organizationalPerson ie. telephoneNumber –inetOrgPerson ie. preferredLanguage –Custom attributes are permitted “as a last resort”.

Copyright JNT Association 20059OptionalCopyright JNT Association 2007 Benefits Benefits for users –Much less need to disclose your identity –Personal data kept between you and your home organisation –Publishers can tailor services better –(At least) one less password to remember

Copyright JNT Association OptionalCopyright JNT Association 2007 Benefits Benefits for Identity providers (IdPs) –Typical IdPs are LAs, RBCs, FE, HE or Research –Easier to comply with regulatory requirements Data Protection Act 1998, etc. –Better service offered to users –Uses existing access management systems –Can use same access control for all resources Both internal and external –Fewer credentials should mean fewer support problems

Copyright JNT Association OptionalCopyright JNT Association 2007 Benefits Benefits for Service providers (SPs) –Typical SPs are publishers, etc. –No need to store user credentials or entitlements Authentication is performed by the IdP Can authorise per institution, role, and/or entitlement –Reduced user support requirements –Reduced compliance burden Less storage/processing of personal data –Accurate implementation of licence conditions –Users take better care of credentials –Organisations take better care of assertions

Copyright JNT Association OptionalCopyright JNT Association 2007 Benefits Benefits for the community –Provides consistency across the whole of education for federated (distributed) authentication and authorisation –Improves the user experience –Pooling of experience and expertise –Economies of scale for both sectors –Facilitates sharing of content and collaboration across sectors

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides A set of Rules that binds members: –Make accurate statements to other members If you say you can hold users accountable, do so –Keep federation systems and data secure –Use personal data correctly (inc. DPA1998) –Resolve problems within the Federation Not by legal action –Assist Federation Operator and other members

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Guidance, examples, support –How to comply with the Rules –How to interoperate with other members Common definitions, etc. –Help in planning the transition –Experiences of early adopters –Software to implement Federation services All this is advisory, not prescriptive –Can use as much or as little as you need

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Operational management –Registration mechanism for SPs and IdPs –Adding new members to the federation & updating existing members’ metadata –Fault finding and trouble shooting –Compatibility testing of server certificates and CA Qualification –Technical and operational documentation –Ongoing federation development –Reporting

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Federation infrastructure –Discovery Service Resilient WAYF –Hosting of metadata Describes the Federation –Monitoring of SPs and IdPs –Test environment –Federation web site

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach

Copyright JNT Association OptionalCopyright JNT Association 2007 What the service provides User support –Guidance and advice to IdPs & SPs –Configuration guides –Training courses –Online training material –Workshops to help organisations join the UK Federation –Frequently Asked Questions list

Copyright JNT Association OptionalCopyright JNT Association 2007 Suggested approach Review your identity management strategy –for example, how many directories do you have and who owns them? Build the business case JISC will cease to centrally fund Athens in July 2008, options –Join federation, subscribe to ‘Outsourced IdP’ Join federation, continue to use Athens through gateways –Join federation, deploy community supported tools –Join federation, using tools with paid-for support

Copyright JNT Association OptionalCopyright JNT Association 2007 Further Information Website – lists

Copyright JNT Association OptionalCopyright JNT Association 2007 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.