Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Slides:

Advertisements

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Advertisements

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Lousy Introduction into SWITCHaai

Delivering User Needs: A middleware perspective Steven Newhouse Director.

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Supporting education and research Core Middleware Development Nicole Harris, Programme Manager, JISC Middleware Team.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.

Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

College An insight Into the College VLE Graham Mason

The Subject Portals Project JISC Portals and Shared Services Meeting 22 nd -23 rd May 2003 Ruth Martin Subject Portals Project Manager.

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Joint Information Systems Committee The JISCs Core Middleware Programme Terry Morrow JISC Consultant.

A centre of expertise in digital information managementwww.ukoln.ac.uk Shared Infrastructure Services Review Rosemary Russell UKOLN University of Bath.

Collections and services in the information environment JISC Collection/Service Description Workshop, London, 11 July 2002 Pete Johnston UKOLN, University.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

ICDL 2004, New Delhi1 Access Management for Digital Libraries in a well-connected World John Paschoud SECURe Project London School of Economics Library.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Developments in Access and Identity Management Phil Leahy – Athens Product Manager.

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Implications for UK infrastructure No more dependency on the VERY LARGE centralised database of Athens Need for implementation of a national WAYF service.

PERSEU S : Portal-enabled Resources via Shibbolized End-user Security 3 May 05Spring 2005 Internet2 Member meeting 1 News from the ‘misty’ Albion: Shibboleth.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

High-quality Internet for higher education and research do you like to puzzle, build an AAI ! xxx AA systems 2nd EuroCAMP - Porto November 8, 2005

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

Shibboleth Update Michael Gettes Principal Technologist Georgetown University Ken Klingenstein Director Interne2 Middleware Initiative.

The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Shibboleth at Columbia Update David Millman R&D July ’05

Shibboleth: An Introduction

MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.

JISC Middleware Security Workshop 20/10/05© 2005 University of Kent.1 The PERMIS Authorisation Infrastructure David Chadwick

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007.

Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.

SAML a mature six year old? Glenn Wearen, Paul Caskey & Josh Howlett.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

UK Access Management Federation Matthew Dovey Programme Director, Digital Infrastructures (Research) 10 June 2011 CERN.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.

Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Shibboleth for Middle Schools James Burger -

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Single Sign On Single sign on, more than a single step. Robert Stockton,

e-Infrastructure Workshop 28th March 2006, University of Leeds

ESA Single Sign On (SSO) and Federated Identity Management

Supporting Institutions Towards a Shibbolized Infrastructure

KC-ROLO Project Kidderminster College – Repository Of Learning Objects

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Overview The Athens (UK) federation Athens-Federation Gateway Some issues: –Attribute release –Shibboleth Athens interoperability Development roadmap

What is Athens? Athens is: –an SSO architecture –a (very large) federation A complete AAA Access Management System –Designed to be a replicated and HA architecture –Standards compliant SAML/Shibboleth support interoperates with Novell iChain Web Services – eg. SOAP via WSDL –Devolved Authentication - AthensDA interacts with Directory Service, or accepts X.509 certificates

What is an Athens Federation? Federation Service providersIdentity providers ORG 1 ORG 2 … ORG 4 Digital resource or database (DSP) VLE in ORG 2 (e.g. WebCT) A national portal (e.g. MyAthens) VLE in ORG 3 (e.g. Blackboard) A national virtual university portal A national research portal ORG 3 … Infrastructure Registration Policies Trust Legal-framework Meta-data

Registration Trust Policies Athens Federation What does this look like? Organisation B Local usernames (AthensDA) Organisation C Local usernames (SAML/Shibboleth) SAML gateway Organisation A Athens usernames (Classic Athens) Service Provider A Digital Resource Service Provider B Digital Resource Portal (e.g. MyAthens) Meta- searching

Athens in use A UK HE/FE managed service delivers: –Federated identity management 29 organisations using AthensDA –Centralised identity management 800 organisations Hierarchical administration of 3 million+ users NHS managed service –1200+ NHS trusts (300k user accounts) Over 100 service providers around the globe Legal and trust framework –DSP and organisational licence agreements –Registration, support and service provision

Athens-Federation Gateway Goal: To facilitate the inter-working between different technologies, communities and organisations. Fully standards compliant – SAML (eg. Novell iChain, Shibboleth) – AthensDA Organisations can select the appropriate technology to best suit their needs Strong support for portals Value-added services (experience, consultancy, user- facing services...) Launching Athens (US) federation Q3 2005

Some Issues Attribute release Shibboleth interoperability Multiple identities Federation interoperability Athens and e-Science agenda

Attribute release policies Attribute Release Policies (ARPs) define which attributes can be released to which 3 rd parties (ie. service providers) Intrinsic part of federated architectures Users (or administrators) define which attribute(s) can be released to which service providers

Attribute release in Athens Goals –Put user in full control over their attribute policy –Deliver a greater range of attributes to DSPs to use for authorisation and registration Advantages –DSPs gain more accurate information about users so can apply more granular authorisation policies –Users privacy is protected –Users dont need to re-register information as it can be provided by Athens

Athens Resource: PP ePrints My Identity Organisation: University of Bath Role: student, post-graduate Department: physics Access policy (registration) Students only Personalisation Attribute release in action 1. Access resource 2. I need information about you My policy This resource wants this information about you: Role Department 3. OK

Shibboleth interoperability AthensIM (Identity Manager) –SAML origin supporting Shib profile –Released Feb 2005 under GPL –Download at: Shib-Athens gateway launched now Full Shib Athens interoperability in Q –Shib Identity providers (origins) using Athens targets –Athens origins accessing Shib targets JISC Middleware support service for Shib Early Adopters

A way forward for e-Science projects Most organisations are not able to deliver the required security infrastructure to support e-Science Projects can act as orgs in their own right within Athens or Shib federation Migrate into affiliated org when infrastructure is mature Athens can act as robust AMS framework –Can support two/multi factor authentication –Could layer project specific tools over core services –User registration capability with stronger back-end validation

Development roadmap 2005 Shibboleth- Athens gateway launched SAML-Athens gateway available for trial Classic Athens to Shibboleth gateway SAML-Athens gateway launched Attribute release policy interfaces Multiple identity Support for Classic Athens 2005 MarAprMayQ4June 2006 Agent version 4 release Federated multiple Identity support

Contacts