Presentation is loading. Please wait.

Presentation is loading. Please wait.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Published byStephanie Erickson Modified over 10 years ago

Similar presentations

Presentation on theme: "Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005."— Presentation transcript:

1 Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

2 Overview The Athens (UK) federation Athens-Federation Gateway Some issues: –Attribute release –Shibboleth Athens interoperability Development roadmap

3 What is Athens? Athens is: –an SSO architecture –a (very large) federation A complete AAA Access Management System –Designed to be a replicated and HA architecture –Standards compliant SAML/Shibboleth support interoperates with Novell iChain Web Services – eg. SOAP via WSDL –Devolved Authentication - AthensDA interacts with Directory Service, or accepts X.509 certificates

4 What is an Athens Federation? Federation Service providersIdentity providers ORG 1 ORG 2 … ORG 4 Digital resource or database (DSP) VLE in ORG 2 (e.g. WebCT) A national portal (e.g. MyAthens) VLE in ORG 3 (e.g. Blackboard) A national virtual university portal A national research portal ORG 3 … Infrastructure Registration Policies Trust Legal-framework Meta-data

5 Registration Trust Policies Athens Federation What does this look like? Organisation B Local usernames (AthensDA) Organisation C Local usernames (SAML/Shibboleth) SAML gateway Organisation A Athens usernames (Classic Athens) Service Provider A Digital Resource Service Provider B Digital Resource Portal (e.g. MyAthens) Meta- searching

6 Athens in use A UK HE/FE managed service delivers: –Federated identity management 29 organisations using AthensDA –Centralised identity management 800 organisations Hierarchical administration of 3 million+ users NHS managed service –1200+ NHS trusts (300k user accounts) Over 100 service providers around the globe Legal and trust framework –DSP and organisational licence agreements –Registration, support and service provision

7 Athens-Federation Gateway Goal: To facilitate the inter-working between different technologies, communities and organisations. Fully standards compliant – SAML (eg. Novell iChain, Shibboleth) – AthensDA Organisations can select the appropriate technology to best suit their needs Strong support for portals Value-added services (experience, consultancy, user- facing services...) Launching Athens (US) federation Q3 2005

8 Some Issues Attribute release Shibboleth interoperability Multiple identities Federation interoperability Athens and e-Science agenda

9 Attribute release policies Attribute Release Policies (ARPs) define which attributes can be released to which 3 rd parties (ie. service providers) Intrinsic part of federated architectures Users (or administrators) define which attribute(s) can be released to which service providers

10 Attribute release in Athens Goals –Put user in full control over their attribute policy –Deliver a greater range of attributes to DSPs to use for authorisation and registration Advantages –DSPs gain more accurate information about users so can apply more granular authorisation policies –Users privacy is protected –Users dont need to re-register information as it can be provided by Athens

11 Athens Resource: PP ePrints My Identity Organisation: University of Bath Role: student, post-graduate Department: physics Email: joe.s@bath.ac.uk Access policy Email (registration) Students only Personalisation Attribute release in action 1. Access resource 2. I need information about you My policy This resource wants this information about you: Email Role Department 3. OK

12 Shibboleth interoperability AthensIM (Identity Manager) –SAML origin supporting Shib profile –Released Feb 2005 under GPL –Download at: http://www.athensams.net/shibboleth/http://www.athensams.net/shibboleth/ Shib-Athens gateway launched now Full Shib Athens interoperability in Q3 2005 –Shib Identity providers (origins) using Athens targets –Athens origins accessing Shib targets JISC Middleware support service for Shib Early Adopters

13 A way forward for e-Science projects Most organisations are not able to deliver the required security infrastructure to support e-Science Projects can act as orgs in their own right within Athens or Shib federation Migrate into affiliated org when infrastructure is mature Athens can act as robust AMS framework –Can support two/multi factor authentication –Could layer project specific tools over core services –User registration capability with stronger back-end validation

14 Development roadmap 2005 Shibboleth- Athens gateway launched SAML-Athens gateway available for trial Classic Athens to Shibboleth gateway SAML-Athens gateway launched Attribute release policy interfaces Multiple identity Support for Classic Athens 2005 MarAprMayQ4June 2006 Agent version 4 release Federated multiple Identity support

15 Contacts http://www.athensams.net

Download ppt "Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005."

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Delivering User Needs: A middleware perspective Steven Newhouse Director.

Delivering User Needs: A middleware perspective Steven Newhouse Director.
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.

Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Moodle@Kidderminster College An insight Into the College VLE Graham Mason gmason@kidderminster.ac.uk.

College An insight Into the College VLE Graham Mason
Www.portal.ac.uk/spp The Subject Portals Project JISC Portals and Shared Services Meeting 22 nd -23 rd May 2003 Ruth Martin Subject Portals Project Manager.

The Subject Portals Project JISC Portals and Shared Services Meeting 22 nd -23 rd May 2003 Ruth Martin Subject Portals Project Manager.
Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
Joint Information Systems Committee The JISCs Core Middleware Programme Terry Morrow JISC Consultant.

Joint Information Systems Committee The JISCs Core Middleware Programme Terry Morrow JISC Consultant.
A centre of expertise in digital information managementwww.ukoln.ac.uk Shared Infrastructure Services Review Rosemary Russell UKOLN University of Bath.

A centre of expertise in digital information managementwww.ukoln.ac.uk Shared Infrastructure Services Review Rosemary Russell UKOLN University of Bath.
Collections and services in the information environment JISC Collection/Service Description Workshop, London, 11 July 2002 Pete Johnston UKOLN, University.

Collections and services in the information environment JISC Collection/Service Description Workshop, London, 11 July 2002 Pete Johnston UKOLN, University.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Similar presentations

Ads by Google