1 / 19

Overview

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) james@melcoe.mq.edu.au www.melcoe.mq.edu.au. Overview. COLIS and access management COLIS and DRM

kizzy
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Access management for repositories: challenges and approaches for MAMSJames DalzielProfessor of Learning Technology and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) james@melcoe.mq.edu.auwww.melcoe.mq.edu.au

  2. Overview • COLIS and access management • COLIS and DRM • Access management challenges • MAMS • Shibboleth and MAMS • Repository federation – search and access

  3. COLIS and access management • Demonstrator project based on open standards • IMS CP, IMS DRI, IMS LRM, ODRL • Five universities and five vendors • Many different conceptions of the problem • Language difficulties • The COLIS Demonstrator is not “the solution” • Work in progress to help uncover practical issues • Functioning Demonstrator for discussion

  4. Systems Chunks in COLIS Learning Space Application Integration Learning Content Management Learning Management Content Management Integration Services Library E-Services E-Reserve E-Journals Digital Rights Management Directory Services

  5. COLIS and access management • Access management requirements • No modification to target systems • SSO “Deep linking” • Support multiple windows • Different approaches to solving access management • Large scale “corporate” solution • Small scale pragmatic approach, legacy systems

  6. User hasn’t logged in User Browser Login Form LDAP Authentication Authorisation DBase User hasn’t logged in Application URL Authentication Challenge Authentication Token User has logged in Web Page 1 COLIS SSO Model SSO Proxy + Scripting Application Web Server

  7. Access management challenges • Need for practical, incremental solutions • Recognition of university systems environment • Legacy systems • No single solution will be sufficient • Need more than one way of accessing targets • “Multi-modal Single Sign On” • Intra-institutional and inter-institutional needs • Role of identity management • Directories

  8. MAMS • MAMS - “Meta Access Management System” • An umbrella system with numerous modules for access to different systems as required • Inter-institutional communication between MAMS

  9. Current University Access Management Challenge Access System (eg, Portal) Directories ? One type of SSO mechanism (eg, Kerberos) x x x Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos)

  10. Meta Access Management System (MAMS) Architecture Access System (eg, Portal) Directories Other Institution MAMS Local MAMS Scripting module Reverse proxy modules IP address restriction module Kerberos module Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos)

  11. Example MAMS Implementation (Type 4) Access System Access System X.500 LDAP University B MAMS University A MAMS Kerberos Certificate system Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled) Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled)

  12. Shibboleth and MAMS • Shibboleth as best practice for cross-institutional connections • Standards basis to Shibboleth, eg SAML • Common elements • MAMS umbrella and Shibboleth • Shibboleth “resource handlers” and MAMS modules • Shibboleth inter-institutional federation • Links to other Internet2 projects, eg eduPerson

  13. Example MAMS Implementation (Type 4) + Recent Projects overlay WALAP WALAP Access System Access System X.500 LDAP Shibboleth University B MAMS University A MAMS Kerberos Certificate system PKI or other Digital Certificates MAMS (Resource Handlers) Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled) Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled)

  14. MAMS Project Components (1) Iterative demonstrations to help drive the gathering of user requirements (2) Development of common services prototypes • Intra-institutional multi-modal SSO • Inter-institutional access management • Attribute exchange (Shibboleth) • Automation of policy • Federated and extensible identity • Other common services: DRM, search, metadata (3) Implementation advice and programs

  15. Repository Federation - Search • The problem of “portal envy” • Search as an “anonymous” service, rather than building “one portal to rule them all” • No one may know of the existence of your repository until they access a specific item from someone’s search gateway (based on harvesting/federation of your MD) • The importance of Federated Search Gateways • COLIS experiences

  16. XML LOM Metadata CP Z39.50 OAI Server LOM Metadata OAI Harvest SRW Server SRU LOM Metadata OAI Server OAI Harvest Z39.50 Z39.50 E-Reserve DC+ext Metadata XML Repository Federation - Search - COLIS Search Intermediary InfoSeefer Library Catalogues Web Content

  17. Repository Federation - Access • If content is free to the world (including no restrictions on potential commercial use), then access restrictions are not normally a concern Otherwise…. • Traditional access restrictions across repositories • Endless names and password, management nightmare • Or…federated access using attribute exchange • The next generation - but requires important changes to how repositories handle access issues • Non trivial technical challenges to repository architecture

  18. Conclusion • Access management is a key element of research (and other) common services infrastructure • Need for Demonstrator, incremental development, recognition of current university realities • No single SSO method will be sufficient • Importance of open standards • Common ground between • MAMS and Shibboleth • MAMS and repository projects • MAMS and vendors

More Related