authentication and authorization including focussing on shibboleth
Download
Skip this Video
Download Presentation
Authentication and Authorization (including focussing on Shibboleth)

Loading in 2 Seconds...

play fullscreen
1 / 22

Authentication and Authorization (including focussing on Shibboleth) - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Authentication and Authorization (including focussing on Shibboleth). Dr Tony McDonald, Assistant Director FMSC Project manager, IAMSECT http://iamsect.ncl.ac.uk Project manager, FDTL-4 ePortfolios http://www.eportfol ios.ac.uk

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Authentication and Authorization (including focussing on Shibboleth)' - nasya


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
authentication and authorization including focussing on shibboleth
Authentication and Authorization (including focussing on Shibboleth)
  • Dr Tony McDonald, Assistant Director FMSC
    • Project manager, IAMSECT http://iamsect.ncl.ac.uk
      • Project manager, FDTL-4 ePortfolios http://www.eportfolios.ac.uk
      • Technical Director, CETL4HealthNE http://www.cetl4healthne.ac.uk

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

background
Background
  • School of Medical Education Development
  • Responsible for IT provision of the MBBS programme, 1700 students, 1400 staff - many in the NHS
  • Project manager, IAMSECT (Shibboleth dissemination)
  • Project manager, FDTL-4 ePortfolios
  • Technical Director, CETL4HealthNE
    • ie not an über-geek...

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

the session
The session...
  • Is about information/knowledge transfer
  • Is informal
  • Is about making connections
  • Is about problem solving...
  • Is about recognizing the potential of authentication/authorization systems
  • Is about getting these systems setup at your institution

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

outline
Outline
  • What is authentication/authorization
  • Single sign on
  • Shibboleth (introduction, issues)
  • Use cases
  • Discussion
  • Shibboleth futures
  • Roundup

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

what is authentication authorization
What is authentication/authorization?
  • authentication - identifies who you are
    • username, N.I. number, email address, employee number, biometrics, DNA
  • authorization - what you are allowed to do
    • almost always requires another level of lookup
  • in the past, particularly for online systems, these have usually been combined. You login to a system and it knows what you can do.

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

authentication
Authentication
  • login (username/password) - Windows, unix, Amazon
    • username can be anything; d56rtx, [email protected]
    • would be keyed against flat files, databases, active directory, LDAP
    • These ‘databases’ can be held locally or remotely

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

single sign on
Single sign on
  • A way of accessing more systems using one login
  • It can be centralised (Athens, one big domain)
    • Big database in the middle of the world, managed centrally
  • Can also be de-centralised (Shibboleth is best known example)
    • Lots of small databases, managed locally
    • implies some level of communication between sites

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

why use single sign on
Why use single sign on?
  • Shared students
    • including students from ‘feeder’ colleges
  • Shared resources
    • Journals, re-usable learning objects
    • Not necessarily electronic resources
  • Increasingly needed for ‘joined up’ systems and processes

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

shibboleth

Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand.

Judges 12:5-7

Shibboleth
  • Possibly the first password
  • Distributed authentication and authorization
  • Standards-based (SAML)
  • Lots of backing from JISC and Internet-2

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

core concepts of shibboleth
Core Concepts of Shibboleth
  • A user is authenticated at “home”
  • Home knows who and what a user is
    • eg Tony McDonald, member of staff; access to some admin areas
  • Service providers make access decisions based on what a user is (ie staff, student, medic etc)
  • Service providers should only know the minimum about a user
    • Can improve privacy

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

some issues
Some Issues...
  • Involves trust between institutions - this must come first
    • and this is where federations can help
  • Data protection issues
  • Technical ability of provider and consumer of Shibboleth-enabled resources
    • not rocket-science, but not trivial either (IAMSECT is helping to simplify the process)

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

some use cases
Some use cases
  • Based on some selected projects currently underway;
    • IAMSECT (Shibboleth awareness raising, developing functioning systems)
    • FDTL-4 ePortfolios (ePortfolios for medicine, since grown into a major growth area for our school)
    • CETL4HealthNE (9000 health care students in 3 years)

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

iamsect jisc funded may 04 apr 06

What worked?

IAMSECTJISC fundedMay 04-Apr 06

More people using Shibboleth

Better inter-institutional relations

Insight into NHS processes

Different VLEs/OSes worked

BlackBoard/Open Source

  • Three Universities; Newcastle*, Durham* and Northumbria, plus Subject Centre for Medicine, Dentistry and Veterinary Medicine - and the NHS
  • Technical andmanagerial issues are addressed, documented and disseminated.

What could have been done better?

Consortium agreements

Emphasized benefits earlier?

Certification authority issues

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

eportfolios fdtl 4 funded oct 03 sep 05

What worked?

ePortfoliosFDTL-4 fundedOct 03-Sep 05

ePortfolios integrated into course

Better inter-institutional relations

Led to ePET project - web service enabled ePortfolio, authentication issues

See Simons talk tomorrow! (10:30am)

Sydney room - ie here

Also led to EPICS project - ePortfolios and Shibboleth

  • Three Universities; Newcastle, Sheffield and Leeds - focussing on medical students
  • ePortfolios for medical students at all institutions, using two different VLEs

What lessons were learnt?

ePortfolios and Shibboleth are not a natural fit

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

cetl4healthne hefce funded oct 04 sep 09

What’s working?

CETL4HealthNEHEFCE fundedOct 04-Sep 09

People wanting to use Shibboleth

Good inter-institutional relations

Insight into NHS processes

  • Five Universities of North-East; Newcastle, Northumbria, Durham, Sunderland, Teesside. Strategic Health Authorities and NHS Trusts
  • £4.5 million over 5 years
  • Impact on 9000diverse students in first 3 years

What could be done better?

Better communications - always

Emphasized benefits earlier?

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

shibboleth and cetl4healthne
Shibboleth and CETL4HealthNE
  • Perhaps an ideal vehicle for Shibboleth
  • Access required to wide range of resources
    • VLEs, training, video, admin.
  • For a wide range of students
  • From many institutions
    • Five HEIs, SHA’s, NHS Trusts

Medicine

Nursing

Physiotherapy

Dentistry

Speech & Language Therapy

Occupational Therapy

Pharmacy

Radiography

Social Work

Foundation Degrees

and 9000 students impacted in first three years...

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

jisc investment
JISC Investment
  • Various programmes, attacking problem from both sides:
    • Information provision (EDINA, MIMAS etc) - origins in Shibboleth parlance
    • Information usage (core middleware) - targets in Shib-speak
  • Large sums of money have been invested
    • 01/04 - 13 projects, 05/05, 07/04, DeL - 6 projects
  • And are transitioning from Athens to Shibboleth

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

your turn 15 mins
Your Turn! - 15 mins
  • Using examples from the use cases (or wherever), do a SWOT on;

Introducing single sign on systems into my organisation

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

discussion points
Discussion points?
  • It could work but not here...
  • What would we use it for?
  • How do we get started?

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

shibboleth futures

What happens next?

Shibboleth Futures
  • Shibboleth is a disruptive technology
  • Authentication, privacy barrier removed
  • Online “reputation based” systems could kill journals?
  • Services bought in from outside e.g. webmail for students
  • Niche services flourish

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

group discussion
Group Discussion
  • Some possible talking points;
    • Is Shibboleth really disruptive?
    • How can I make this work at my institution?
      • and It’ll never work at my institution
    • Where do I sign up?

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

resources
Resources
  • IAMSECT - http://iamsect.ncl.ac.uk/
    • Lots of links and resources to Shibboleth and related information. Including a glossary - http://iamsect.ncl.ac.uk/glossary
  • MEDEV - http://www.ncl.ac.uk/medev/
    • VLEs, ePortfolios, Admin systems, Medical Education, CETL4HealthNE, Subject Centre for Medicine, Veterinary Medicine and Dentistry
  • JISC - http://www.jisc.ac.uk/ (search for Shibboleth)
    • Driving the Shibboleth agenda in the UK

Dr Tony McDonald - FMSC

www.ncl.ac.uk/medev

[email protected]

Breaking Boundaries 2005

ad