M a t u
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

M A T U PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on
  • Presentation posted in: General

M A T U. Middleware Assisted Take-Up Service For JISC Funded Early Adopters. Eduserv. a not-for-profit IT services group. over 10 years experience in access management. funds IT educational initiatives through the Eduserv Foundation. contracted by the JISC to provide the MATU service.

Download Presentation

M A T U

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


M a t u

MAT U

Middleware Assisted Take-Up ServiceFor JISC Funded Early Adopters


Eduserv

Eduserv

  • a not-for-profit IT services group.

  • over 10 years experience in access management.

  • funds IT educational initiatives through the Eduserv Foundation.

  • contracted by the JISC to provide the MATU service.


Matu s objectives

MATU’s Objectives

  • Support JISC core middleware project early adopters

  • Provide a central repository of:

    • Information

    • Advice

    • Training

  • Scope future requirements for institutions adopting shibboleth


Matu website

MATU Website

www.matu.ac.uk


Activities to date

Activities To Date

  • Providing

    • Advice

    • Technical support

    • Help in solving problems

    • Training

  • Forming

    One-to-one relationships with projects:


Shibboleth

Shibboleth

  • Architecture developed by the internet2 middleware community

  • Open source, standards-based protocol based on SAML (an OASIS standard)

  • Neither an authentication nor authorisation scheme

  • Term “shibboleth” also used to refer to:

    • The project that has managed the development of the architecture and code

    • The code package, running on a variety of systems, that implements the architecture

  • Internet2 shibboleth web pages

    • http://shibboleth.internet2.edu/

    • http://www.switch.ch/aai/


Shibboleth1

Shibboleth

  • Rationalises usernames, passwords, IP addresses, proxy servers etc.

  • Offers a single solution to control resource access both internally and remotely.

    • Eliminates separate identifiers/passwords for each protected resource.

    • Provides greater security.

    • Allows for secure, flexible, anonymous access to resources.

    • Institution & individual user can control information released to SP.

  • Location independent.

  • Encourages increased take-up of licensed materials.

  • Allows for greater flexibility in controlling access.


M a t u

The components

Where Are

You From

WAYF

Service Provider

Identity Provider

AuthN

AuthZ

Handle

Service

Assertion

Consumer

Service

HS

ACS

User DB

Resource

Resource

Manager

AA

AR

Attribute

Authority

Attribute

Requester

= Shib


M a t u

The Process

2: Redirect to WAYF

5: Redirect to Handle Service

4

3: Query User

6: Auth Challenge

1: Make Request

Credentials

7

HS

Handle

ACS

User DB

8: Pass Handle

Handle

9: Request Attributes

Resource

Manager

Handle

AA

AR

Attributes

Attributes

10: Return Attributes

Authorize

access

WAYF

Identity Provider

Service Provider

Resource


Shibboleth athens interoperability

Shibboleth/Athens Interoperability.

  • The Shibboleth to Athens Gateway

    providing Shibboleth-enabled organisations access to Athens-enabled resources.

  • The Athens to Shibboleth Gateway

    providing Athens-enabled organisations access to Shibboleth-enabled resources.


Road map to federated access management

Road Map to Federated Access Management

  • Institutional Audit

  • Directory Development

  • Authentication Development and Implement IdP

  • Joining the Federation

  • Intuitional Role Out


What now

What Now?

  • What are the advantages of migrating to Shibboleth?

  • What are the risks to institutions of doing nothing?

  • What are the issues that have been thrown up by the current early adopter projects?

  • What about users who have more than one institutional affiliation?

  • What should RSC be advising institutions with regard to Shibboleth/Athens?


Contact us

Contact Us.

MATU

Queen Anne House

11 Charlotte Street

Bath

BA1 2NE

Contact us at: [email protected]

View the MATU Website at: www.matu.ac.uk


  • Login