an introduction to access management and the uk federation simon cooper janet uk n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK) PowerPoint Presentation
Download Presentation
An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

Loading in 2 Seconds...

play fullscreen
1 / 22
dulcea

An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK) - PowerPoint PPT Presentation

87 Views
Download Presentation
An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)

  2. Overview • What is access management? • What is Shibboleth? • UK Access Management Federation • The Benefits • How to Apply • Participation options • Support • Membership

  3. What is Access Management? In this context = Controlling access to online resources Authentication • Is a user who they say they are? - Identity Authorisation • What is the user allowed to access? - Rights

  4. Legacy access management Are you a licensed user? I’m “AJones/T,t<*?I1” ? Site Licence • User’s identity and personal data are known to all • Publisher knows more than it wants and less than it needs Identity Provider (IdP) Service Provider (SP)

  5. Federated Access Management I’m “AJones/T,t<*?I1”, am I? Are you a licensed user? They say I’m licensed Yes, you’re licensed OK! Site Licence Identity Provider (IdP) Service Provider (SP) • User’s identity and personal data are protected • Publisher knows exactly what it needs

  6. How is this achieved? • Through the use of attributes • Permits fine grained Authorisation • “Law Student” or “Staff Member” not individual username and password • Service Providers can only ask for what they need

  7. What is Shibboleth? • An open source, standards-based solution to meet the needs for organisations to exchange information about their users in a secure, privacy-preserving manner • Recommended software for UK federation participation

  8. What is the UK federation? • A set of Rules that binds members • For UK schools, FE, HE and research • Organisations and institutions providing services to these sectors • Joint funded by JISC and Becta • Operational management by JANET(UK)

  9. What is the UK federation? A secure framework that allows: • students to access protected online web resources based on information asserted by their home organisation. • providers of online resources to control access to their services.

  10. Benefits: for Users • Much less need to disclose your identity • Personal data kept between you and your home organisation • Service providers can tailor services better • (At least) one less password to remember • Access to online resources from anywhere

  11. Benefits: for Organisations • Uses existing authentication infrastructure • Can be used to protect internal resources • No annual subscription fee • Software free to download and use • Easier to comply with regulatory requirements • Data Protection Act 1998

  12. Benefits: for Service Providers • No need to maintain your own user database • Authentication is done for you by home organisation • Can authorise per institution, role, and/or entitlement • Reduction in user support • No annual subscription fee • Software free to download and use • Reduced data protection compliance burden • Less storage/processing of personal data • Users take better care of credentials

  13. Howto apply? • Senior member of organisation signs up to federation Rules of Membership • JANET(UK) verify contact details • Membership confirmed. • Organisation (usually IT staff) registers participating servers with the federation

  14. How to participate • a) In-house: run and support your own Identity Provider (IdP) b) Hybrid: run your own IdP, provided and supported by a third party • Outsource: Third party run IdP under contract http://www.jisc.ac.uk/publications/publications/identityprovidersbpv1.aspx

  15. In-house Approach • Shibboleth IdP is a Java application • Runs on Linux, Unix, Windows, Mac. • Installation is straightforward. • Some configuration is required. • Community support

  16. Shibboleth on Windows • Project Commenced March 08. • Case Studies + documentation. • Free to community. • Release end of May.

  17. Who does what? • Internal Collaboration is essential • IT department must be involved from the outset • Senior management may require a business case (see JISC Business Case Toolkit) • Senior management sign the membership agreement

  18. What help is available? • JANET(UK) helpdesk • Website: www.ukfederation.org.uk/ • Mailing lists • Training courses: http://www.ja.net/services/training/ http://www.netskills.ac.uk/content/products/workshops/range/accman.html • Regional events (Brighton, 29th April)

  19. Who has joined? 247 members (10th March) Sector breakdown 75 FE 106 HE 7 LA/RBC 19

  20. What services are available? • 47 Commercial Service Providers or Publishers • Ovid, Elsevier, Microsoft, BBC, Digimap, JISCmail, JVCS Booking Services, • Full list of Services: http://www.ukfederation.org.uk/content/Documents/AvailableServices • Dialogue with Service Providers http://access.jiscinvolve.org/federated-access-and-publishers

  21. When should you join? • Now! (get the admin out of the way) • Audit your existing infrastructure and assess organisation’s readiness • Implement your IdP • Roll out within organisation • Consider federating internal services

  22. Questions? • More info: • www.ukfederation.org.uk • E-mail lists: • Ukfederation-announce@jiscmail.ac.uk • Ukfederation-discuss@jiscmail.ac.uk • JISC-shibboleth@jiscmail.ac.uk • JISC-shibboleth-libriaries@jiscmail.ac.uk