Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Similar presentations

Presentation on theme: "Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005."— Presentation transcript:

1 Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

2 Overview The Athens (UK) federation Athens-Federation Gateway Some issues: –Attribute release –Shibboleth Athens interoperability Development roadmap

3 What is Athens? Athens is: –an SSO architecture –a (very large) federation A complete AAA Access Management System –Designed to be a replicated and HA architecture –Standards compliant SAML/Shibboleth support interoperates with Novell iChain Web Services – eg. SOAP via WSDL –Devolved Authentication - AthensDA interacts with Directory Service, or accepts X.509 certificates

4 What is an Athens Federation? Federation Service providersIdentity providers ORG 1 ORG 2 … ORG 4 Digital resource or database (DSP) VLE in ORG 2 (e.g. WebCT) A national portal (e.g. MyAthens) VLE in ORG 3 (e.g. Blackboard) A national virtual university portal A national research portal ORG 3 … Infrastructure Registration Policies Trust Legal-framework Meta-data

5 Registration Trust Policies Athens Federation What does this look like? Organisation B Local usernames (AthensDA) Organisation C Local usernames (SAML/Shibboleth) SAML gateway Organisation A Athens usernames (Classic Athens) Service Provider A Digital Resource Service Provider B Digital Resource Portal (e.g. MyAthens) Meta- searching

6 Athens in use A UK HE/FE managed service delivers: –Federated identity management 29 organisations using AthensDA –Centralised identity management 800 organisations Hierarchical administration of 3 million+ users NHS managed service –1200+ NHS trusts (300k user accounts) Over 100 service providers around the globe Legal and trust framework –DSP and organisational licence agreements –Registration, support and service provision

7 Athens-Federation Gateway Goal: To facilitate the inter-working between different technologies, communities and organisations. Fully standards compliant – SAML (eg. Novell iChain, Shibboleth) – AthensDA Organisations can select the appropriate technology to best suit their needs Strong support for portals Value-added services (experience, consultancy, user- facing services...) Launching Athens (US) federation Q3 2005

8 Some Issues Attribute release Shibboleth interoperability Multiple identities Federation interoperability Athens and e-Science agenda

9 Attribute release policies Attribute Release Policies (ARPs) define which attributes can be released to which 3 rd parties (ie. service providers) Intrinsic part of federated architectures Users (or administrators) define which attribute(s) can be released to which service providers

10 Attribute release in Athens Goals –Put user in full control over their attribute policy –Deliver a greater range of attributes to DSPs to use for authorisation and registration Advantages –DSPs gain more accurate information about users so can apply more granular authorisation policies –Users privacy is protected –Users dont need to re-register information as it can be provided by Athens

11 Athens Resource: PP ePrints My Identity Organisation: University of Bath Role: student, post-graduate Department: physics Email: Access policy Email (registration) Students only Personalisation Attribute release in action 1. Access resource 2. I need information about you My policy This resource wants this information about you: Email Role Department 3. OK

12 Shibboleth interoperability AthensIM (Identity Manager) –SAML origin supporting Shib profile –Released Feb 2005 under GPL –Download at: Shib-Athens gateway launched now Full Shib Athens interoperability in Q3 2005 –Shib Identity providers (origins) using Athens targets –Athens origins accessing Shib targets JISC Middleware support service for Shib Early Adopters

13 A way forward for e-Science projects Most organisations are not able to deliver the required security infrastructure to support e-Science Projects can act as orgs in their own right within Athens or Shib federation Migrate into affiliated org when infrastructure is mature Athens can act as robust AMS framework –Can support two/multi factor authentication –Could layer project specific tools over core services –User registration capability with stronger back-end validation

14 Development roadmap 2005 Shibboleth- Athens gateway launched SAML-Athens gateway available for trial Classic Athens to Shibboleth gateway SAML-Athens gateway launched Attribute release policy interfaces Multiple identity Support for Classic Athens 2005 MarAprMayQ4June 2006 Agent version 4 release Federated multiple Identity support

15 Contacts

Download ppt "Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005."

Similar presentations

Ads by Google