Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Slides:



Advertisements
Similar presentations
What is intraLibrary Connect? Martin Morrey Product Director, Intrallect Ltd
Advertisements

Access management: challenges and approaches James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Introducing the Macquarie E-learning Centre of Excellence (MELCOE) James Dalziel Adjunct Professor and Director
Building Common Services Infrastructure James Dalziel Adjunct Professor and Director Macquarie E-learning Centre of Excellence (MELCOE)
ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Building the Future: Millennium’s Relationship with Campus Systems and Services John Culshaw Faculty Director for Systems University of Colorado at Boulder.
Using a Shibboleth Trust Federation to create “Joint Lessons” with LAMS James Dalziel & Ernie Ghiglione Macquarie E-Learning Centre Of Excellence (MELCOE)
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
May 22, 2002 Joint Operations Group Discussion Overview Describe the UC Davis Security Architecture Describe Authentication Efforts at UC Davis Current.
Challenges for the DL and the Standards to solve them Alan Hopkinson Technical Manager (Library Systems) Learning Resources Middlesex University.
Peter Deutsch Director, I&IT Systems July 12, 2005
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.
Sharing Learning Designs: Building the LAMS Community website James Dalziel Professor of Learning Technology & Director, Macquarie E-learning Centre of.
Integrating Innovative E-Learning Systems: Challenges and Solutions from LAMS James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning.
The National Library’s role in the Australian Research Information Infrastructure projects Warwick Cathro National Library of Australia Coalition for Networked.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Alumni Authentication… Explained Robert Scaysbrook – OpenAthens UK Account Manager.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Open Code and Open Content for Education: The LAMS Experience
1 The NSDL: A Case Study in Interoperability William Y. Arms Cornell University.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
JISC CETIS Conference, Oxford, November 2004 Repositories: State of ELF “volunteer”: Martin Morrey Intrallect Ltd.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Mellon Year 1 Review Michael J. Halm Alex Valentine.
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Shibboleth 2.0 IdP Training: Authentication January, 2009.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
CBSOR,Indian Statistical Institute 30th March 07, ISI,Kokata 1 Digital Repository support for Consortium Dr. Devika P. Madalli Documentation Research &
@ 2008 Copyright NIC I Do not distribute without permission E-Services for Transforming to the Next Generation Government “A Case Study of India” Suchitra.
Shibboleth: An Introduction
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.
1 A Very Large Digital Library Technology Demonstration William Y. Arms Cornell University.
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
NSDL & Access Management David Millman Columbia University Jan ‘02.
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Technology of Transformation James Dalziel Professor of Learning Technology, and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie.
The FederID project The First Identity Management and Federation Free Software.
Web SSO with Cloud Resources using AD Federation Services
Secure Single Sign-On Across Security Domains
Using Your Own Authentication System with ArcGIS Online
LIGO Identity and Access Management
Single Sign-On Led by Terrice McClain, Jen Paulin, & Leighton Wingerd
Analyn Policarpio Andrew Jazon Gupaal
Shibboleth Project at GSU
Data and Applications Security Developments and Directions
ESA Single Sign On (SSO) and Federated Identity Management
Presentation transcript:

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning Centre Of Excellence (MELCOE)

Overview COLIS and access management COLIS and DRM Access management challenges MAMS Shibboleth and MAMS Repository federation – search and access

COLIS and access management Demonstrator project based on open standards –IMS CP, IMS DRI, IMS LRM, ODRL Five universities and five vendors –Many different conceptions of the problem –Language difficulties The COLIS Demonstrator is not “the solution” –Work in progress to help uncover practical issues –Functioning Demonstrator for discussion

Systems Chunks in COLIS Learning Space Application Integration Content Management Library E-Services E-Reserve E-Journals Integration Services Learning Management Digital Rights Management Directory Services Learning Content Management

COLIS and access management Access management requirements –No modification to target systems –SSO “Deep linking” –Support multiple windows Different approaches to solving access management –Large scale “corporate” solution –Small scale pragmatic approach, legacy systems

SSO Proxy + Scripting COLIS SSO Model User Browser User hasn’t logged in Application URL Application Web Server Authentication Challenge Login Form Authentication Token Web Page 1 User has logged in User hasn’t logged in LDAP Authentication Authorisation DBase

Access management challenges Need for practical, incremental solutions Recognition of university systems environment –Legacy systems No single solution will be sufficient –Need more than one way of accessing targets –“Multi-modal Single Sign On” Intra-institutional and inter-institutional needs Role of identity management –Directories

MAMS MAMS - “Meta Access Management System” An umbrella system with numerous modules for access to different systems as required Inter-institutional communication between MAMS

Current University Access Management Challenge Access System (eg, Portal) One type of SSO mechanism (eg, Kerberos) Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) xxx ? Directories

Meta Access Management System (MAMS) Architecture Access System (eg, Portal) Local MAMS Application A (requires scripting) Application B (requires reverse proxy) Application C (requires IP address restriction) Application D (requires Kerberos) Scripting module Reverse proxy modules IP address restriction module Kerberos module Other Institution MAMS Directories

Example MAMS Implementation (Type 4) Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled)

Shibboleth and MAMS Shibboleth as best practice for cross-institutional connections Standards basis to Shibboleth, eg SAML Common elements –MAMS umbrella and Shibboleth –Shibboleth “resource handlers” and MAMS modules –Shibboleth inter-institutional federation Links to other Internet2 projects, eg eduPerson

Example MAMS Implementation (Type 4) + Recent Projects overlay Access System Library Premium Databases (Kerberos enabled) Digital Rights Management System (Kerberos enabled) Kerberos Certificate system University A MAMS University B MAMS LDAP X.500 Access System Learning Management System (scripting enabled) Learning Object Management System (reverse proxy enabled) Library Premium Databases (IP restrictions enabled) MAMS (Resource Handlers) PKI or other Digital Certificates Shibboleth WALAP

MAMS Project Components (1) Iterative demonstrations to help drive the gathering of user requirements (2) Development of common services prototypes –Intra-institutional multi-modal SSO –Inter-institutional access management Attribute exchange (Shibboleth) Automation of policy –Federated and extensible identity –Other common services: DRM, search, metadata (3) Implementation advice and programs

Repository Federation - Search The problem of “portal envy” Search as an “anonymous” service, rather than building “one portal to rule them all” –No one may know of the existence of your repository until they access a specific item from someone’s search gateway (based on harvesting/federation of your MD) The importance of Federated Search Gateways –COLIS experiences

LOM Metadata OAI Server SRW Server OAI Server OAI Harvest Library Catalogues Web Content InfoSeefer Z39.50 SRU Z39.50 Search Intermediary LOM Metadata CP XML E-Reserve DC+ext Metadata Repository Federation - Search - COLIS

Repository Federation - Access If content is free to the world (including no restrictions on potential commercial use), then access restrictions are not normally a concern Otherwise…. Traditional access restrictions across repositories –Endless names and password, management nightmare Or…federated access using attribute exchange –The next generation - but requires important changes to how repositories handle access issues –Non trivial technical challenges to repository architecture

Conclusion Access management is a key element of research (and other) common services infrastructure Need for Demonstrator, incremental development, recognition of current university realities No single SSO method will be sufficient Importance of open standards Common ground between –MAMS and Shibboleth –MAMS and repository projects –MAMS and vendors

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.