Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.

Slides:



Advertisements
Similar presentations
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Advertisements

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
NRL Security Architecture: A Web Services-Based Solution
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Developing a framework for cross sectoral partnership working University of Abertay Dundee and Dundee City Council.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
Identity Management: Some Basics Mark Crase, California State University Office of the Chancellor CENIC - March 9, 2011.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
THE JOINED UP WORLD OF E-RESEARCH Professor Neil McLean National Technical Standards Adviser to the Department of Education Science and Training (DEST)
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Ray Collins27th September 2005LGfL Project – workshop report1 LGfL Project Report Proof of Principle of the Shibboleth Authentication & Authorisation Infrastructure.
Directory Services at UMass  Directory Services Overview  Some common definitions  What can a directory do or not do?  User Needs Assessment  What.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Generic Framework Toolkit Mike Martin Centre for Social and Business Informatics Newcastle University.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
National Infrastructure Tina Yule Technical Assurance Co-ordinator 21 st Century Government Unit.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Security Planning and Administrative Delegation Lesson 6.
Implementation of EU Electronic Communication Directives.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.
Capture the Movement: Banner 7.0 and Beyond Susan LaCour, Senior Vice President, Solutions Development California Community Colleges Banner Group.
Improving Integration of Learning and Management Systems Paul Shoesmith Director of Technical Strategy Becta.
National Digital Infrastructure The DfES vision for the next five years in ICT in Schools.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
LGfL Update Stewart Duncan LGfL Technical Manager Ian Lehmann LGfL Operations Manager.
Licensing Evolution ICOLC October 2006 – Rome Lorraine Estelle.
State of e-Authentication in Higher Education August 20, 2004.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
Middleware CAMP Day 2. Current Research Research that develops th e…
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
The pillars of E-government Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
25 April Unified Cryptologic Architecture: A Framework for a Service Based Architecture Unified Cryptologic Architecture: A Framework for a Service.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Federations: The New Infrastructure Speaker Name Here Date Here Speaker Name Here Date Here.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
UNCLASSIFIED Service Oriented Architecture, Information Sharing and the FEA DRM 23 January 2006 Bryan Aucoin DNI CIO Chief Architect
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Shibboleth for Middle Schools James Burger -
1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Authentication and Authorisation for Research and Collaboration TeSS Service Provider Training, Manchester Authentication and Authorisation.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Building a National Access Management Infrastructure
ESA Single Sign On (SSO) and Federated Identity Management
NextGen Access Control Platform
HIMSS National Conference New Orleans Convention Center
Baseline Expectations for Trust in Federation
The JISC Core Middleware Call
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Protecting Privacy with Federated AA
Presentation transcript:

Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure Manager (Leeds City Council)

Benefits of a unified AAAI Ease of access – a unified AAAI should simplify the process and make it easier for all users to access resources. The potential to enable ‘anytime anywhere’ access subject to the validity of licences. The reduction of administrative burdens for managers and users in schools. The personalisation of portals, based on identity and location. To enable publishers to concentrate on protecting their assets rather than separately implementing access procedures with each purchasing authority or user.

Requirements for AAAI There will need to be a trusted registration process to manage user access. Content delivery must respect Digital Rights Management (DRM). There should be the flexibility to allow purchases at the school, LEA and RBC levels and eventually on a per individual basis. The infrastructure should be location-independent to permit access from homes, libraries etc. as well as schools – subject to DRM issues. The process will need to be simple to use to encourage users and content providers to adopt it.

Requirements for AAAI There will have to be ‘trust’ between users, content providers and infrastructure managers. Content providers will have to trust the information that is provided to them and users will have to be assured that no more information is provided than is necessary and that they have given consent for the transaction.

RAAAI and the learning environment

What if there was no standard framework for AAA? Duplication of effort across multiple schools, LEAs and RBCs without many sharing opportunities. Publishers and network providers would have to interface with multiple systems. It would be more difficult to share resources between schools/LEAs/RBCs as there would not be a common method for establishing identity.

At what level should authentication and authorisation take place? Currently the smallest ‘unit’ is probably a school It could be a key stage especially at the pre- 16 / post16 boundary Do we authenticate users or administrative units? How do we maintain security?

Where should authentication take place? Within FE / HE each participating college or university to administer its own part of the user database. Within a schools’ environment the smallest practical unit is likely to be an LEA. Do we need a nationally agreed unique identifier?

How could AAAI be achieved within schools? Currently there are at least four models in place. These have evolved without reference. Although they are ever more versatile they have not necessarily followed an evolutionary path.

Model 1

Model 2 The content provider wishes to track the progress/use of its resource by individual users It has provided the school with a unique username and password for each user of its resource Typically there will be a different username/password combination for each user of each resource

Model 3

Model 4

Schools, LEAs and RBCs working towards a national system Two basic models for AAAI appear plausible and are in use elsewhere within the academic community. In the first a remote resource ‘asks’ the AAAI authority whether a user is allowed access to its resource and receives a yes/no response. In the second the remote resource requests an attributes set for the user (agreed in advance) and then makes its own decision based on an examination of the attributes.

Model 5

Model 6

Model 7

Shibboleth Model 7, evolved from the prior models, has very close parallels with the ‘Shibboleth’ system – a federated authentication system in use across a number of academic institutions in the United States. Jon Browne will now explain how Shibboleth would work in our environment.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.