Presentation is loading. Please wait.

Presentation is loading. Please wait.

The UK Access Management Federation John Chapman Project Adviser – Becta.

Published byKelly Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "The UK Access Management Federation John Chapman Project Adviser – Becta."— Presentation transcript:

1 The UK Access Management Federation John Chapman Project Adviser – Becta

2 UK Access Management Federation for Education and Research Supported by JISC and Becta, and operated by UKERNA Provides a single solution to access online resources and services for all education and research in UK including schools, colleges and universities Live 30 November 2006

3 Federation Stats: 13 th April 2007 50 members 113 entities (two dual in nature): –51 Identity Providers –64 Service Providers 29 ‘core’ university/college members 3 ‘core’ school sector members Potentially >600 IdPs with more than 10,000,000 users... Or even more if we include parents...

4 UK Federation Services

5 Rules of Membership Recommendations for Use of Personal Data Technical Recommendations for Participants Federation Technical Specifications Federation Operator Procedures

6 Registration mechanism for SPs and IdPs Adding new members to the federation & updating existing members’ metadata Fault finding and trouble shooting Compatibility testing of server certificates and CA Qualification Technical and operational documentation Ongoing federation development Reporting

7 Discovery Service –Resilient WAYF Hosting of metadata Monitoring of SPs and IdPs Test environment Federation web site: www.ukfederation.org.uk www.ukfederation.org.uk

8 Guidance and advice to IdPs& SPs Configuration guides Training courses Online training material Workshops to help organisations join the UK Federation

9 Policy Document 1: Rules of Membership –Definitions –Rules for all members –Specific rules for IdPs and SPs –Data Protection and Privacy –User Accountability –Liability –Audit and Compliance –Termination –Membership Cessation –Changes to Rules –Dispute Resolution The basic contractual framework for trust Covers:

10 Policy Document 2: Recommendations for Use of Personal Data Recommendations for use of personal data Covers legal requirements – Data Protection Act 1998 practical use of attributes: –eduPersonScopedAffiliaton: represents the least intrusion into the user’s privacy and is likely to be sufficient for many access control decisions. –eduPersonTargetedID: designed to satisfy applications where the service provider needs to be able to recognise a returning user without revealing real identity. “For most applications a combination of the attributes eduPersonScopedAffiliation and eduPersonTargetedID will be sufficient. A requirement to provide other attributes should be regarded as exceptional by both Identity and Service Providers and will involve considerable additional responsibilities for both.” –eduPersonPrincipleName comes under the personal data guidelines of DP Act. –eduPersonEntitlement: may be possible to determine Identity from entitlement so again governed by DP Act.

11 Policy Document 3: Technical Recommendations for Participants Specifies the technical architecture for Federation and participants Choice of IdP / SP software (UK is neutral but must be SAML compliant and tested by Federation) Authentication response profiles Metadata processes Digital Certificate processes ‘Discovery’ processes – to WAYF or not to WAYF Attribute usage Includes Future Directions for each area of work

12 UK Federation Required Attributes plus subsidiary attributes TECHNICAL ATTRIBUTE NAMEWHAT THIS REALLY MEANS eduPersonScopedAffiliation (member@netherhall.cambs.sch.uk or student@keele.ac.uk) UK specific controlled vocabulary Establishes user’s relationship with institution – e.g. staff, student, member. Terms as used in JISC Model license. Most authorisation can be done against this attribute. eduPersonTargetedID (r001xf4rg2ss) opaque string defined by institution ‘A persistent user pseudonym’ to allow for service personalisation and usage monitoring across sessions. Not a real world identity. eduPersonPrincipalName (harrisnv) defined by institution – login name Used when a persistent user identifier is required across services. Typically used in for internal institutional services. Real identity can be established from attribute. eduPersonEntitlement (expressed as an agreed URI) mutually agreed by institution and service Used when a specific resource has a specific entitlement condition not covered elsewhere: must be over 21, must have completed foundation course module, entitled to access financial records.

13 Policy Document 4: Federation Technical Specification and Policy Document 5: Federation Operator Procedures Federation Technical Specification: –High level document about trust fabrics and how the UK Access Management Federation achieves trust. Federation Operator Procedures: –The procedures actually undertaken by the Federation Operator (UKERNA): Enrolment CA Qualification Support Monitoring / Audit

14 Upcoming…in Policy More practical documents related to baseline Federation such as Identity Provider deployment. More advice and policy as developments move to service: –Levels of assurance –Virtual organisation support –Virtual ‘orphanage’ (SDSS already offering TypeKey and ProtectNetwork solutions) –Detailed policies for outsourced identity providers and outsourced service providers

15 Levels of Authentication FAME-PERMIS –1 January 2005 – 31 December 2006 –Develop middleware extensions to facilitate multi-factor authentication and authentication strength linked fine-grained access control supporting a wide range of authentication methods –Allow users to choose the right authentication token to achieve a required level of authentication strength and feed this LoA to the PERMIS decision engine to facilitate LoA linked fine-grained user authorisation and access control. ES-LoA: e-infrastructure security levels of assurance –1 November 2006 – 31 October 2007 –JISC-funded project to examine existing definitions of authentication levels of assurance, both at UK and international levels, building consensus and making proposals regarding standard definitions for use in the UK education and research community. JISC Identity Project –www.identity-project.infowww.identity-project.info –Research into and establish consensus in the current practice and future needs of UK academic institutions in Identity Management –Issues that will be addressed include Grid use, Shibboleth installations, inter- institutional collaborations, internal and shared dynamic virtual organisations, classes of users, library access schemes, and NHS involvement. DfES Identity Management Scoping study Becta Schools Interoperability Framework: 2 nd PoC and Pilot

16 www.ukfederation.org.uk www.jisc.ac.uk/federation.html n.harris@jisc.ac.uk j.farnhill@jisc.ac.uk

Download ppt "The UK Access Management Federation John Chapman Project Adviser – Becta."

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.

The Art of Federations. Topics Federations of what… Federated identity versus federations Federations in other sectors – business, gov, ad hoc R&E Federations.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Joint Information Systems Committee 01/04/2014 | | Slide 1 e-Infrastructure Programme James Farnhill, Programme Manager, JISC Identity Management and Levels.

Joint Information Systems Committee 01/04/2014 | | Slide 1 e-Infrastructure Programme James Farnhill, Programme Manager, JISC Identity Management and Levels.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Supporting Further and Higher Education Building the UK National Information Environment - Lessons from the Past and Pointers To the Future Norman Wiseman.

Supporting Further and Higher Education Building the UK National Information Environment - Lessons from the Past and Pointers To the Future Norman Wiseman.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.

December 19, 2006 Solving Web Single Sign-on with Standards and Open Source Solutions Trey Drake AssetWorld 2007 Albuquerque, New Mexico November 2007.
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Similar presentations

Ads by Google