Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper.

Published byTiffany Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper."— Presentation transcript:

1 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

2 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Overview What is access management? What is Shibboleth? UK Access Management Federation The Benefits How to Apply Participation options Support Membership

3 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk In this context = Controlling access to online resources Authentication Is a user who they say they are? - Identity Authorisation What is the user allowed to access? - Rights What is Access Management?

4 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Legacy access management User’s identity and personal data are known to all Publisher knows more than it wants and less than it needs I’m “AJones/T,t<*?I1” SiteLicence Are you a licensed user? ? Service Provider (SP)Identity Provider (IdP)

5 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk SiteLicence I’m “AJones/T,t<*?I1”, am I? Federated Access Management User’s identity and personal data are protected Publisher knows exactly what it needs Are you a licensed user? They say I’m licensed Yes, you’re licensed OK! Identity Provider (IdP)Service Provider (SP)

6 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk How is this achieved? Through the use of attributes Permits fine grained Authorisation “Law Student” or “Staff Member” not individual username and password Service Providers can only ask for what they need

7 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk What is Shibboleth? An open source, standards-based solution to meet the needs for organisations to exchange information about their users in a secure, privacy-preserving manner Recommended software for UK federation participation

8 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk What is the UK federation? A set of Rules that binds members For UK schools, FE, HE and research Organisations and institutions providing services to these sectors Joint funded by JISC and Becta Operational management by JANET(UK)

9 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk What is the UK federation? A secure framework that allows: students to access protected online web resources based on information asserted by their home organisation. providers of online resources to control access to their services.

10 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Benefits: for Users Much less need to disclose your identity Personal data kept between you and your home organisation Service providers can tailor services better (At least) one less password to remember Access to online resources from anywhere

11 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Benefits: for Organisations Uses existing authentication infrastructure Can be used to protect internal resources No annual subscription fee Software free to download and use Easier to comply with regulatory requirements –Data Protection Act 1998

12 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Benefits: for Service Providers No need to maintain your own user database –Authentication is done for you by home organisation –Can authorise per institution, role, and/or entitlement Reduction in user support No annual subscription fee Software free to download and use Reduced data protection compliance burden –Less storage/processing of personal data Users take better care of credentials

13 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk How to apply? Senior member of organisation signs up to federation Rules of Membership JANET(UK) verify contact details Membership confirmed. Organisation (usually IT staff) registers participating servers with the federation

14 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk How to participate 1.a) In-house: run and support your own Identity Provider (IdP) b) Hybrid: run your own IdP, provided and supported by a third party 2.Outsource : Third party run IdP under contract http://www.jisc.ac.uk/publications/publications/identityprovidersbpv1.aspx

15 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk In-house Approach Shibboleth IdP is a Java application –Runs on Linux, Unix, Windows, Mac. Installation is straightforward. Some configuration is required. Community support

16 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Shibboleth on Windows Project Commenced March 08. Case Studies + documentation. Free to community. Release end of May.

17 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Who does what? Internal Collaboration is essential IT department must be involved from the outset Senior management may require a business case (see JISC Business Case Toolkit) Senior management sign the membership agreement

18 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk What help is available? –JANET(UK) helpdesk –Website: www.ukfederation.org.uk/www.ukfederation.org.uk/ –Mailing lists –Training courses: http://www.ja.net/services/training/ http://www.ja.net/services/training/ http://www.netskills.ac.uk/content/product s/workshops/range/accman.html –Regional events (Brighton, 29 th April)

19 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk 19 Who has joined? 247 members (10 th March) Sector breakdown –75 FE –106 HE –7 LA/RBC

20 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk What services are available? 47 Commercial Service Providers or Publishers Ovid, Elsevier, Microsoft, BBC, Digimap, JISCmail, JVCS Booking Services, Full list of Services: http://www.ukfederation.org.uk/content/Documents/AvailableServices http://www.ukfederation.org.uk/content/Documents/AvailableServices Dialogue with Service Providers http://access.jiscinvolve.org/federated-access-and-publishers

21 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk When should you join? Now! (get the admin out of the way) Audit your existing infrastructure and assess organisation’s readiness Implement your IdP Roll out within organisation Consider federating internal services

22 Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk Questions? More info: www.ukfederation.org.uk E-mail lists: Ukfederation-announce@jiscmail.ac.uk Ukfederation-discuss@jiscmail.ac.uk JISC-shibboleth@jiscmail.ac.uk JISC-shibboleth-libriaries@jiscmail.ac.uk

Download ppt "Copyright JNT Association 2005Copyright JNT Association 2008 www.ukfederation.org.uk An Introduction to Access Management and the UK Federation Simon Cooper."

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London.

Joint Information Systems Committee 04/06/2015 | | Slide 1 Mark Williams Services Outreach, JISC federated access management London.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.

Shibboleth & IMPETUS 1.What are they? 2.Demo. Shibboleth - A system to support the sharing of Web resources among organisations IMPETUS - Infrastructure.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.

Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Offsite Backups. The purpose of this Startup Guide is to familiarize you with Own Web Now's Offsite Backup offering and show you how to purchase, deploy.

Offsite Backups. The purpose of this Startup Guide is to familiarize you with Own Web Now's Offsite Backup offering and show you how to purchase, deploy.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.

Similar presentations

Ads by Google