Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Slides:



Advertisements
Similar presentations
Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Advertisements

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Introduction to Shibboleth and the IAMSECT Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
The EC PERMIS Project David Chadwick
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.
Joint Information Systems Committee 18-Jul-2006 | | Slide 1 Change Management for Libraries Session B, 11: :00 John Paschoud and Peter Spring London.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
Shibboleth for Real Dave Kennedy
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Shibboleth for Local Attribute Delivery 21 June 2007.
Shibboleth at Columbia Update David Millman R&D July ’05
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.
UK Access Management Federation Matthew Dovey Programme Director, Digital Infrastructures (Research) 10 June 2011 CERN.
New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
Shibboleth Trust Model Shibboleth/SAML Communities (aka Federated Administrations) Club Shib Club Shib Application process Policy decision points at the.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Shibboleth at USMAI David Kennedy Spring 2006 Internet2 Member Meeting, April 24-26, 2006 – Arlington, VA.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
Blackboard Learning System r6 and Shibboleth Barry Ribbeck U.Texas Health Science Center at Houston Christopher Etesse Blackboard Inc.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
e-Infrastructure Workshop 28th March 2006, University of Leeds
TNC - 22nd May 2007 Mark Tysom, UKERNA
Overview and Development Plans
UK Access Management Federation
Community AAI with Check-In
Shibboleth Deployment Overview
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect

Federations JISC funded organisations or projects will probably already use Athens (in some form) –have agreed to T&Cs for usage of the Athens service –is current requirement for Athens Athens Federation setup to support the Shib-Athens gateway Connection to the gateway for production use will require strict compliance with the T&Cs –membership of the Athens UK Federation –organisations will be listed in the Athens WAYF and membership lists Organisations wishing to evaluate and test the service may join the Athens Touchstone Federation –can only gain access to test resources through the gateway

Athens Touchstone Federation Purpose: –Primary aim is to provide capability for IdPs and SPs to trial or test the Athens to Shibboleth gateways –To provide Shibboleth test capability in the wider sense (Shib to Shib) –To provide a WAYF service for participating organisations –Freely available to all JISC-supported organisations Member Service Providers –Standard Shib target using I2 reference software –Shibboleth to Athens Gateway (available now) providing access to test Athens resources Member Identity Providers –Standard Shib origin based on AthensIM –Athens to Shibboleth Gateway (available end May) Providing access for Athens enabled accounts

Athens Touchstone Federation Athens to Shibboleth Gateway Test Organisation Shibboleth Origin Based on AthensIM Shibboleth to Athens Gateway Test Athens resources Shibboleth Target(s) Test Athens users Registration Trust Policies WAYF

Athens Federation Production Federation Provides access to real Athens protected resources via the Shib to Athens Gateway Provides access to Shib protected resources for Athens enabled accounts via the Athens to Shib Gateway Strict Terms & Conditions – same as the current Athens service Infrastructure runs on very high availability infrastructure –WAYF –Athens gateways (when launched) Will be linked to Internet2 shortly

Athens Federation Athens to Shibboleth Gateway Shibboleth Origin Shibboleth to Athens Gateway Athens resources Shibboleth Target(s) Athens users Registration Trust Policies WAYF

Pre-requisites Athens Registration –Either as an organisation or a Service Provider Acceptance of the standard Athens Terms & Conditions Username/password policy judged as secure by Eduserv –Registration procedure will include providing information on this policy Meets the Athens Implementation Standards for Identity & Service Providers –Independent assessment carried out by Eduserv Athens support staff

Registration Need to register in order to use gateway: –HS/AA URLs –Handle Assertion signing cert must be securely registered –Choose authorisation policy –Nominate attribute to use as persistent ID –May upload CSR requests to Athens CA Athens requires that AA server cert is signed by a recognised root CA, currently –Thawte Server CA –Verisign Class 3 CA –GlobalSign Root CA –Athens CA

Attributes Athens-specific attributes appear in MACE registered namespace –urn:mace:eduserv.org.uk:athens:… Current set of attribute names are defined and specified for Athens service –Documentation published to SPs AthensIM and Athens to Shib gateway offer attribute mapping capability Additional recommended Attributes for Athens federations under discussion –eduPersonTargetedID –eduPersonEntitlement for authorisation to resource –eduPerson mappings

Multiple Federations The reality is that there will be multiple federations The Athens gateway products can be registered with multiple federations –Subject to suitable Terms & Conditions