Joint Information Systems Committee 18-Jul-2006 | | Slide 1 Change Management for Libraries Session B, 11:00 - 12:00 John Paschoud and Peter Spring London.

Slides:



Advertisements
Similar presentations
Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Advertisements

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 17 March 2005IAMSECT Dissemination Event, Newcastle 1 Access to library resources:
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Educause 2006, Dallas TX What does a University need from Access Management? John Paschoud InfoSystems Engineer, LSE Library London School of Economics.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.
Implications for UK infrastructure No more dependency on the VERY LARGE centralised database of Athens Need for implementation of a national WAYF service.
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.
PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 3 May 05Spring 2005 Internet2 Member meeting 1 News from the ‘misty’ Albion: Shibboleth.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.
TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Norman Wiseman JISC Head of Programmes Presentation to JISC Authentication Concertation Day March 1999 International Authentication Activities Joint Information.
Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.
Shibboleth and CU Carol Kassel Digital Knowledge Ventures (DKV)
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
LGfL Update Stewart Duncan LGfL Technical Manager Ian Lehmann LGfL Operations Manager.
Shibboleth at Columbia Update David Millman R&D July ’05
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Internet2 Middleware Initiative Shibboleth Ren é e Shuey Systems Engineer I Academic Services & Emerging Technologies The Pennsylvania State University.
1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.
Federated Access Management The Motherwell Experience Carole Gray.
Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Campuses New to Shibboleth: WebSSO Barry Johnson
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Shibboleth for Middle Schools James Burger -
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
ALPSP Effective Customer Authentication 15-Jul The (now… then…) next of Authentication: Shibboleth John Paschoud SECURe Project, LSE Library.
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
e-Infrastructure Workshop 28th March 2006, University of Leeds
ESA Single Sign On (SSO) and Federated Identity Management
Getting Started.
Getting Started.
Supporting Institutions Towards a Shibbolized Infrastructure
KC-ROLO Project Kidderminster College – Repository Of Learning Objects
Protecting Privacy with Federated AA
Presentation transcript:

Joint Information Systems Committee 18-Jul-2006 | | Slide 1 Change Management for Libraries Session B, 11: :00 John Paschoud and Peter Spring London School of Economics Joint Information Systems CommitteeSupporting education and research Access Management Showcase, July 2006 [JISC Showcase title slide]

Joint Information Systems Committee 18-Jul-2006 | | Slide 2 Why fix what ain’t broke? Our Athens authentication system seems to work quite well, and has done so for several years. Why has JISC decided to migrate to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 3 Why Shibboleth? Moves closer to the single sign-on ideal - users need not remember so many passwords Aligns with international convergence on Shibboleth/SAML - wider market for suppliers Avoids the need to maintain a central Athens-type database - by JISC/Eduserv and by participating libraries Open Source and Open Standards –based - so tools can be developed by participants and shared Supports internal applications, collaborative inter-institutional sharing of resources, and virtual organisations

Joint Information Systems Committee 18-Jul-2006 | | Slide 4 Is that all?

Joint Information Systems Committee 18-Jul-2006 | | Slide 5 Is that all!?!? Improved security for resources, so publishers happy - they also don’t have to pay a licence fee (as they do for Athens), nor maintain campus IP address ranges Because the access is role-based rather than identity-based there is improved privacy for users Supports the trend towards a devolved / distributed model for access management –Authentication by the end-users’ institution –Authorisation by the resource owner Suited to the demands for more mobile access – from home, travelling, or working at other institutions or libraries

Joint Information Systems Committee 18-Jul-2006 | | Slide 6 So what is Shibboleth? OK, sounds convincing, but what is Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 7 What is Shibboleth? An initiative (of Internet2) to develop an architecture and policy framework supporting the sharing – between domains – of secured web resources and services A project delivering an open source implementation of the architecture and framework Deliverables: –Software for Identity Providers (universities, libraries) –Software for Service Providers (publishers …and universities, libraries) –Policy models for Federations (scalable trust)

Joint Information Systems Committee 18-Jul-2006 | | Slide 8 What are the costs and benefits? What are the costs and benefits for our library of migrating to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 9 Costs/Benefits of Shibboleth? Costs: Institution’s directory must be in good shape and set up to support a Shibboleth Identity Provider (IdP) Shibboleth middleware needs installing and maintaining Benefits: Reduced overheads in password support No difference in on-campus and off-campus access More flexible access control – e.g. different categories of users to different levels of access (or none) to a resource

Joint Information Systems Committee 18-Jul-2006 | | Slide 10 Any other capabilities? Are there things Shibboleth can do that Athens cannot?

Joint Information Systems Committee 18-Jul-2006 | | Slide 11 The Other Capabilities of Shibboleth? With Shibboleth your institution would be able to set up its repository, e- learning or any other service as a Service Provider –as LSE has done for Exam Papers and other ‘members only’ collections This will facilitate sharing of resources within the academic community –you can provide controlled access to users from other institutions, without needing to administer usernames/passwords for them –as LSE and Columbia (NY) did for a collaborative Anthropology teaching project (DART) The fine-tuning of access control possible with Shibboleth will protect confidential or sensitive data except for those whose roles allow this

Joint Information Systems Committee 18-Jul-2006 | | Slide 12 (the LSE Exam Papers collection – secured with Shibboleth)

Joint Information Systems Committee 18-Jul-2006 | | Slide 13 So how do we get Shibbolised? What will our library need to have in place and do in order to migrate to Shibboleth? What ‘infrastructure’ is required?

Joint Information Systems Committee 18-Jul-2006 | | Slide 14 What infrastructure is required? Within your Library: IdentityProvider (IdP) site – Required Enterprise Infrastructure –Authentication –Attribute Repository IdentityProvider Site – Shib Components –Handle Server –Attribute Authority At your Publishers / Aggregators / e-Resource Providers: ServiceProvider (SP) site - Required Enterprise Infrastructure –Web Server (Apache or IIS) ServiceProvider Site – Shib Components –SHIRE –SHAR –WAYF –Resource Manager

Joint Information Systems Committee 18-Jul-2006 | | Slide 15 IdP server Shibboleth IdP architecture 8443 Shibboleth SP Web browser (various communications) 443 LDAP server MOD_ SSL Certificate check MOD_LDAP_ AUTHZ MOD_ JK Apache Tomcat Shibboleth IdP AA (Attribute Authority) HS (Handle Server) idp.xml resolver.xml arp.xml

Joint Information Systems Committee 18-Jul-2006 | | Slide 16 Is there help out there? What help and support will be available to our library as we set about installing and migrating to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 17 What support is there? Internet2, who ‘own’ Shibboleth, maintain discussion lists for implementors and provide other documentation JISC has set up MATU (Middleware Assisted Take-Up service) and will have other services to support the transition from Athens LSE Library (the first Shibboleth installation in the UK) has built websites including the PERSEUS and sites, documenting our –(with JISC funding via PERSEUS and other projects)

Joint Information Systems Committee 18-Jul-2006 | | Slide 18 What resources are Shibbolised? But not all e-resources are going to be accessible via Shibboleth overnight, I believe. Will that be a problem for us? …shouldn’t we wait for another 2 years, until they’ve all converted from Athens?

Joint Information Systems Committee 18-Jul-2006 | | Slide 19 Shib authenticated resources Athens authenticated resources Athens national authentication service Athens enabled users University Shib-IdP Shib enabled users University Shib-IdP Shib enabled users University Shib-IdP Shib enabled users Athens  Shib Shib  Athens Ah! Eduserv has a cunning plan! The Athens-Shibboleth Gateways

Joint Information Systems Committee 18-Jul-2006 | | Slide 20 And the Athens Administrator? We have an Athens Administrator. What happens to that role after migrating to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 21 Athens Administrator role? Initially to manage the changeover from ‘classic Athens’ to either ‘Shibbolised’ resources, or via the Athens Gateway, and continue to maintain other ad hoc access methods where neither of these options is available As things settle down, there will be the need to maintain the links in your library’s list of e-resources Closer liaison with your own IT people (who manage your institutional directories) may be needed

Joint Information Systems Committee 18-Jul-2006 | | Slide 22 What’s a Federation? What are these ‘Federations’ I hear about in relation to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 23 What is a Federation? A group of organisations with a common purpose (e.g. education and research) who trust each other Not a subscription-purchasing consortium! –but could be related to one or more of those Federation members… –sign up to a set of rules, including minimum standards for Identity Management practices May have legal status Needs the trust of suppliers

Joint Information Systems Committee 18-Jul-2006 | | Slide 24 What does Shibboleth access look like? So what does access to an e-resource using Shibboleth look like to the end user?

Joint Information Systems Committee 18-Jul-2006 | | Slide 25 Well Shibboleth can look like this: User knows URL of resource and that Shibboleth is usedURL And where they are from

Joint Information Systems Committee 18-Jul-2006 | | Slide 26 Or, Shibboleth works invisibly behind the library portal Alternatively, on or off campus, you could just go to the list of e- resources in the library’s portal. In the LSE Library’s case our ‘Electronic Library’ is run from Endeavor’s Encompass system: …but it could just be a list on a ‘hand- crafted’ web page

Joint Information Systems Committee 18-Jul-2006 | | Slide 27 Shibboleth behind the library portal The expanded list shows a link direct to the Service Provider, in this case ElsevierElsevier

Joint Information Systems Committee 18-Jul-2006 | | Slide 28 Shibboleth behind the library portal After clicking link in library portal: If users prefer the route through the library portal, e-resource usage statistics should become more representative

Joint Information Systems Committee 18-Jul-2006 | | Slide 29 What do we tell our users? What should we tell our staff and student library users about the change to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 30 What to tell your users? As little as possible! There is no Athens-type username and password to distribute (and remind of when forgotten or lost) One strand of the change management will be to remove references to Athens passwords from user guides etc –there should be no need to substitute Shibboleth in Athens’ place During changeover, decreasing reliance will be made on Athens passwords –some users may need reassuring the library has not lost access to a super-database called Athens! LSE now tells users that “your LSE Login” is the default access for everything –…and provides help with the diminishing number of exceptions

Joint Information Systems Committee 18-Jul-2006 | | Slide 31 From LSE’s Electronic Library FAQs: The FAQ shows how access to e-resources is getting easier, both on and off-campus. Many LSE electronic resources can also be accessed off-campus via your LSE login (network username and password).

Joint Information Systems Committee 18-Jul-2006 | | Slide 32 ‘LSE for You’ provides diminishing passwords: The ‘LSE for You’ page, protected by the LSE login, provides the remaining passwords still required for some e-resources.

Joint Information Systems Committee 18-Jul-2006 | | Slide 33 How did the LSE do it? You were the first installation of Shibboleth in the UK. How did the LSE Library manage the change to Shibboleth?

Joint Information Systems Committee 18-Jul-2006 | | Slide 34 How did the LSE do it? Installing the infrastructure was surprisingly easy –(once we had the first working version of the software!) We chose a ‘cautious’ changeover from Athens access, with careful quality assurance testing of each resource link We were at the ‘bleeding edge’, with over 150 resource collections being accessed by ‘classic Athens’, Shibboleth, the Athens Gateway and EZproxy, and about 20% by all sorts of ad hoc methods The methods used for these tests, a progress bar and a table of the Shibbolised status of those resources can be found on the

Joint Information Systems Committee 18-Jul-2006 | | Slide 35 Home

Joint Information Systems Committee 18-Jul-2006 | | Slide 36 Shibbolisation Progress

Joint Information Systems Committee 18-Jul-2006 | | Slide 37 Table of e-Resources

Joint Information Systems Committee 18-Jul-2006 | | Slide 38 The End Joint Information Systems CommitteeSupporting education and research Change Management for Libraries [JISC Conf title slide]

Joint Information Systems Committee 18-Jul-2006 | | Slide 39 Links, Questions and Conclusions Shibboleth: shibboleth.internet2.edushibboleth.internet2.edu PERSEUS: Questions? Arguments? …you’ll think of them later?:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.