Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting education and research

Joint Information Systems Committee 01/04/2014 | | Slide 2 Supporting e-Research at JISC Access Management and Security Nicole Harris Programme Manager

Joint Information Systems Committee 01/04/2014 | slide 3 Setting the Scene: How Does JISC Support e-Research? Committee base structure: Content and Services Committee, Learning and Teaching Committee, Outreach Services Committee, Integrated Information Environments Committee, Networking Committee, Support of Research Committee. Support of Research Committee: typically funds activities that enhance and embed work that has been initiated within the e-Research world – particularly when it has broad applicability across subject domains. Members: community representatives from each Research Council, plus community experts and observers from national and international groups (e.g. UKOLN, UKERNA, British Library, SURF). Divided into Champion areas: –Visualisation –Public Understanding and Outreach –Middleware and Technology Development (Neil Geddes) –Security (Brian Gilmore) –Human Factors –Collaborative Environments –Data Curation / Data Handling –Knowledge Management Tools

Joint Information Systems Committee 01/04/2014 | slide 4 JISC Investment in Access Management and Security: Approximately £5 million invested in Access Management and Security over 30 months. Building on previous development programmes: AAA Programme (audit progamme). Part of the JISC Strategy, providing a backbone service across all five strategic aims. Two current programmes, funded by JIIE and JSR: Core Middleware: Technology Development and Core Middleware: Infrastructure. Drivers: DfES e-Strategy, supporting the Core e-Science Programme. Aims of these programmes: –AIM ONE: To create a better understanding of core middleware potential and application within HE and FE. –AIM TWO: To build a working federated access management infrastructure. –AIM THREE: To ensure that project developments are embedded within the UK. –AIM FOUR: To support take-up and use of Shibboleth and related technologies within the UK HE and FE communities. –AIM FIVE: To ensure join-up across JISC Development in relation to core middleware activities. –All aims supported by SMART objectives to enable success to be measured.

Joint Information Systems Committee 01/04/2014 | slide 5 Access Management or Core Middleware? JISC uses the term core middleware for its current development programmes inline with vocabulary used at Internet2, TERENA and other major players in the field of national access management systems for education. Core Middleware is defined as the central services that are essential to middleware as a whole. These are: –Authentication; –Authorisation, –Directory Services; –Identifiers. Important definition: not just about who accesses what and when but the entire process within an institutional / national IT infrastructure. Current environment: –Athens service –e-Research Certificate Authority –Federated access trials –IP address; proxy; ad-hoc username and password systems…

Joint Information Systems Committee 01/04/2014 | slide 6 Core Middleware: Technology Development 17 projects funded to support a range of development activities within core middleware. Range of technologies and issues explored: –Shibboleth and its application, including pilot federation (SDSS). –Radius, wireless networking and federated access. –Web portal and n-tier issues for authorisation. –Attribute release policies, particularly with PERMIS tools. –Levels of authentication assurance. –Dynamic delegation of authority. –Integration of UK Certificate Authority and Shibboleth technology (new projects). Projects producing range of useful software tools and guidance for use now. Also informing future development plans. NOTE: Shibboleth technologies. Shibboleth is an implementation of SAML. JISC also recognises other Shib / SAML style developments such as Guanxi implementation and Athens IM, as long as open standard / open source.

Joint Information Systems Committee 01/04/2014 | slide 7 Core Middleware: Infrastructure Spending Review grant to achieve specific aim of working federated access management infrastructure (Aim Two). £3.4 million across three years. Focused activities: –Shibbolising of JISC resources held at MIMAS and EDINA. –Funding for a support service – MATU at Eduserv. –Early Adopter funding to help institutions implement required technologies (two calls, 26 institutions). –Regional Early Adopters to explore e-Learning collaborations with federated access. –Funding for initial development of full federated service – UKERNA. –Communications and outreach programme – e.g. letters soon to be sent to all HE institutions. –Evaluation element. –Repository of outputs. Completes in April (July) Full federated access management system to be in place by July 2006.

Joint Information Systems Committee 01/04/2014 | slide 8 Core Middleware e-Research Projects (Otherwise known as the GOD developments – Grid-Oriented Developments). –DYCOM: combining PERMIS and GRASP to allow for fine-grained access control across multiple authorities. –DYVOSE: dynamic delegation of authority. –FAME-PERMIS: authentication strength / level of assurance. –SIPS: integration of PERMIS and Shibboleth technologies. –SHEBANGS: developing a bridge to allow Shib-authenticated users access to Grid resources. –ShibGrid: looking at wider issues and solutions to Shib-Grid integration. e-Research interest in other projects: –SPIE: looking at n-tier issues and examining the case for integrating WS* and Shib, or developing SAML 2.0. –LICHEN looking at eduRoam within the UK and its relationship with Shibboleth. –AMIE: examining attribute assignment and management. All development focused.

Joint Information Systems Committee 01/04/2014 | slide 9 Core Middleware: 2006 onwards – Transition Plan Implementation of a full production Federation and roll-out of federated access management across the UK. Transition period from August 2006 – July Central Athens service will not be JISC funded after this date (although gateway services may be avilable). Core elements: –Continued support for current Athens contract (until July 2008). –Funding for the Athens/Shibboleth gateways. Allowing Athens authenticated users to access shibboleth protected resources (Athens as super-Identity Provider). Allowing institutionally authenticated (via shibboleth) users to access Athens protected resources (Athens as super-Resource Provider). –New contract for support service (January 2007). –Funding for JISC UKERNA. –Communications and outreach plan. –National and International liaison plan.

Joint Information Systems Committee 01/04/2014 | slide 10 Core Middleware 2006 onwards – Development Plan Parallel to Transition Plan, a new development plan. Drivers: Science and Innovation Investment Framework (e-Infrastructure Working Group) and DfES e-Strategy. Still in planning (no commitment to any areas). All work areas shown potential. Funding from e-Infrastructure, e-Learning and Repositories programmes (cross-JISC). New development aims for Core Middleware: –AIM ONE: Developing Core Middleware in partnership. –AIM TWO: Enhancing AAI Services. Virtual Home for Identities, Virtual Organisation support, eduRoam / Federation co-ordination, ShibGrid implementation. –AIM THREE: Understanding Infrastructural Requirements. MIAP trials for e-Learning, joint support posts at UKERNA and CA (PKI brief, appropriate authentication etc.), accounting and auditing developments. –AIM FOUR: Changing practise. Level of Assurance and Personal Identity Management. –AIM FIVE: Meeting service to service requirements. WS* and SAML compatibility, SAML 2.0 developments, access management and repositories.