Loading in 2 Seconds...
Loading in 2 Seconds...
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
An Introduction to Access Management and the UK Federation Simon Cooper JANET(UK)
Overview • What is access management? • What is Shibboleth? • UK Access Management Federation • The Benefits • How to Apply • Participation options • Support • Membership
What is Access Management? In this context = Controlling access to online resources Authentication • Is a user who they say they are? - Identity Authorisation • What is the user allowed to access? - Rights
Legacy access management Are you a licensed user? I’m “AJones/T,t<*?I1” ? Site Licence • User’s identity and personal data are known to all • Publisher knows more than it wants and less than it needs Identity Provider (IdP) Service Provider (SP)
Federated Access Management I’m “AJones/T,t<*?I1”, am I? Are you a licensed user? They say I’m licensed Yes, you’re licensed OK! Site Licence Identity Provider (IdP) Service Provider (SP) • User’s identity and personal data are protected • Publisher knows exactly what it needs
How is this achieved? • Through the use of attributes • Permits fine grained Authorisation • “Law Student” or “Staff Member” not individual username and password • Service Providers can only ask for what they need
What is Shibboleth? • An open source, standards-based solution to meet the needs for organisations to exchange information about their users in a secure, privacy-preserving manner • Recommended software for UK federation participation
What is the UK federation? • A set of Rules that binds members • For UK schools, FE, HE and research • Organisations and institutions providing services to these sectors • Joint funded by JISC and Becta • Operational management by JANET(UK)
What is the UK federation? A secure framework that allows: • students to access protected online web resources based on information asserted by their home organisation. • providers of online resources to control access to their services.
Benefits: for Users • Much less need to disclose your identity • Personal data kept between you and your home organisation • Service providers can tailor services better • (At least) one less password to remember • Access to online resources from anywhere
Benefits: for Organisations • Uses existing authentication infrastructure • Can be used to protect internal resources • No annual subscription fee • Software free to download and use • Easier to comply with regulatory requirements • Data Protection Act 1998
Benefits: for Service Providers • No need to maintain your own user database • Authentication is done for you by home organisation • Can authorise per institution, role, and/or entitlement • Reduction in user support • No annual subscription fee • Software free to download and use • Reduced data protection compliance burden • Less storage/processing of personal data • Users take better care of credentials
Howto apply? • Senior member of organisation signs up to federation Rules of Membership • JANET(UK) verify contact details • Membership confirmed. • Organisation (usually IT staff) registers participating servers with the federation
How to participate • a) In-house: run and support your own Identity Provider (IdP) b) Hybrid: run your own IdP, provided and supported by a third party • Outsource: Third party run IdP under contract http://www.jisc.ac.uk/publications/publications/identityprovidersbpv1.aspx
In-house Approach • Shibboleth IdP is a Java application • Runs on Linux, Unix, Windows, Mac. • Installation is straightforward. • Some configuration is required. • Community support
Shibboleth on Windows • Project Commenced March 08. • Case Studies + documentation. • Free to community. • Release end of May.
Who does what? • Internal Collaboration is essential • IT department must be involved from the outset • Senior management may require a business case (see JISC Business Case Toolkit) • Senior management sign the membership agreement
What help is available? • JANET(UK) helpdesk • Website: www.ukfederation.org.uk/ • Mailing lists • Training courses: http://www.ja.net/services/training/ http://www.netskills.ac.uk/content/products/workshops/range/accman.html • Regional events (Brighton, 29th April)
Who has joined? 247 members (10th March) Sector breakdown 75 FE 106 HE 7 LA/RBC 19
What services are available? • 47 Commercial Service Providers or Publishers • Ovid, Elsevier, Microsoft, BBC, Digimap, JISCmail, JVCS Booking Services, • Full list of Services: http://www.ukfederation.org.uk/content/Documents/AvailableServices • Dialogue with Service Providers http://access.jiscinvolve.org/federated-access-and-publishers
When should you join? • Now! (get the admin out of the way) • Audit your existing infrastructure and assess organisation’s readiness • Implement your IdP • Roll out within organisation • Consider federating internal services
Questions? • More info: • www.ukfederation.org.uk • E-mail lists: • Ukfederationemail@example.com • Ukfederationfirstname.lastname@example.org • JISCemail@example.com • JISCfirstname.lastname@example.org