Presentation is loading. Please wait.

Presentation is loading. Please wait.

The JISC Core Middleware Call

Published byCamilla Robbins Modified over 4 years ago

Similar presentations

Presentation on theme: "The JISC Core Middleware Call"— Presentation transcript:

1 The JISC Core Middleware Call
Brian Gilmore The University of Edinburgh and JISC Committee for Support of Research

2 Purpose To develop new and extend existing technologies in access management (AAA), which are Standards-based Aligned with other national and international developments Aimed at future service deployment, in national and/or institutional contexts Designed to address certain scenarios which are currently difficult to handle

3 Present position Two very different services with national scope exist today Athens: username/password based service for unifying access to electronic library-type resources Mainly though not exclusively licensed via JISC consortium deals UK e-Science CA: service for issuing digital certificates for access to Grid-type resources

4 Scope of Athens Over 2 million current usernames
Username/password database; maintenance devolved to institutions Around 500 HigherEd and FurtherEd institutions use the Athens service Around 200 licensed resources are controlled via Athens

5 So why change? Athens today still uses its own, proprietary protocols
Little international take-up Athens design lacks the flexibility of more recent approaches Not well adapted to inter-institutional scenarios, e.g. virtual organisations

6 The e-Science CA Part of the Grid Support Centre
Based on OpenCA software (with local modifications) Verification of user identities carried out by trusted RAs around the community Current scale of operation a few hundred certificates per year

7 So why change? The vision is to extend e-Science technologies to larger communities E.g. social sciences, bioinformatics A general view is that the existing CA will be difficult to scale up In practice larger scale AAA regimes are almost always based around institutions, who are best placed to administer their own members

8 Key scenarios A next-generation AAA infrastructure must support the following scenarios: Internal (intra-institutional) applications as well as use between organisations Management of access to third-party digital library-type resources (as now) Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios) Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs)

9 VO characteristics A VO's members typically belong to more than one real organisation Wishing to share resources across real- world organisational boundaries (often problematic in security terms) VO membership – which may be more or less formal – could be based on numerous criteria (discipline, project, course enrolment, personal interests ...) The authority regulating VO membership could equally take many forms And timescales may be very varied also

10 Shibboleth Options for Moving Forward:
PAPI from RedIRIS (Spain) Shibboleth (Internet2) The decision was to significantly spend on introducing Shibboleth with the aim of a national implementation by 2006 First tranche (Call 01/04) for $5m over 3 years

11 Shibboleth cons Software still lacks user-friendly management tools
In its present state, still quite demanding to install and run Might require outsourced or packaged services for smaller institutions? Relatively unsophisticated authorisation model Single attribute authority No generalised decision engine

12 Coping with VOs Problem: typically a VO involves at least two sources of authority User's identity derives from home institution User's VO membership and privileges derive from the VO's own authority Solution: add more intelligence to the Shibboleth resource manager Policy-driven decision engine Multiple sources of authority

13 Permis What is Permis? A policy-based decision engine
Policy expressed in XML (compliance with the OASIS XACML standard planned) Supports multiple sources of authority Decisions based on roles or discrete attributes of users User attributes stored in X.509 standard attribute certificates Stable, portable implementation now included in NMI release

14 Shibboleth + Permis Extend Shibboleth resource manager by incorporating the Permis decision engine Resource owners can then set much more complex policies, embodying their conditions of access Attributes can be gathered from more than one location (and be supplied by more than one authority) Thus meeting the needs of VOs and providing much more fine-grained control

15 Linking to e-Science Many Grid authorisation models ...
GGF Authorisation Working Group developing requirements summary + conceptual framework Work in progress on authorisation API (Welch, Chadwick et al.) Incidentally expressed in SAML Though may need to be revisited in the light of recent developments

16 The Outcome 34 proposals, grouped into 5 areas
Technology Development (5 ‘accepted’) Grid-orientated proposals (3 accepted) Portal integration (2 accepted) Inter-institutional collaboration (4 acc) Miscellaneous (2 accepted) Formally the proposals are in process of getting acceptance from committee members

17 Parallel activities Building a national Shibboleth service infrastructure will take place in parallel Existing JISC services are likely to be asked to carry out much of the work On a 2-year timescale, 2004/5 & 2005/6 Will provide a critical mass of Shibboleth- accessible resources This work is separately funded, with an additional budget of some $5m over 3 years

18 Questions?

Download ppt "The JISC Core Middleware Call"

Similar presentations

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.

Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.

DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Joint Information Systems Committee Digital Library Services BL/JISC Workshop Rachel Bruce JISC Programme Director The Digital Library and its Services,

Joint Information Systems Committee Digital Library Services BL/JISC Workshop Rachel Bruce JISC Programme Director The Digital Library and its Services,
Supporting education and research JISC ‘Accessing the Future’ Addressing the needs of Further Education and smaller institutions Nicole Harris, JISC Programme.

Supporting education and research JISC ‘Accessing the Future’ Addressing the needs of Further Education and smaller institutions Nicole Harris, JISC Programme.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.

Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Similar presentations

Ads by Google