Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 The UK federation Mark Tysom, JANET(UK) 9 October 2007.

Slides:



Advertisements
Similar presentations
Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Advertisements

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
PERSEUS : Portal-enabled Resources via Shibbolized End-user Security 16 May 2005JISC Core Middleware Programme Meeting, Loughborough 1 PERSEUS Project.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Where next…. Stakeholder workshop, 29 Jan To the end of the project.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Copyright JNT Association 20051OptionalCopyright JNT Association 2006 UK Access Management Federation update to TF-EMC2.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Shibboleth access management: a replacement for Athens and more? Mark Norman and Christian Fernau OUCS 21 June 2007.
Developments in Access and Identity Management Phil Leahy – Athens Product Manager.
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
SWITCHaai Team Federated Identity Management.
To identity federation and beyond! Josh Howlett JANET(UK) HEAnet 2008.
Becta’s story… Federated identity. About Becta Becta is the government agency leading the national drive to ensure the effective and innovative use of.
Ray Collins27th September 2005LGfL Project – workshop report1 LGfL Project Report Proof of Principle of the Shibboleth Authentication & Authorisation Infrastructure.
CASE: Haka federation EuroCAMP, 3-5 April, 2006 CSC, the Finnish IT Center for Science
Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Copyright JNT Association 2005Copyright JNT Association An Introduction to Access Management and the UK Federation Simon Cooper.
TNC 2008 JANET(UK) Shibboleth on Windows Trial TNC May 2008 Louis Searchwell Please note that the Shibboleth installer for Windows described in this presentation.
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
The UK Access Management Federation for education and research John Chapman, Project Adviser, Technical Policy & Standards.
Kalmar Union, a Conferedation of Nordic Identity Federations TNC2009 Mikael Linden, CSC Andreas Solberg, UNINETT.
TERENA NORDUnet Networking Conference 1999 Lund Norman Wiseman JISC Head of Programmes JISC Programme for Middleware Development.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
MAT U M A T U Middleware Assisted Take-Up Service For JISC Funded Early Adopters.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.
Towards a Unified Authentication, Authorisation and Accounting Infrastructure Patrick Kirk Chief Technical Officer (YHGfL) Lifelong Learning Infrastructure.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Copyright JNT Association 20051Optional Copyright JNT Association The UK federation TNC - 22 nd May 2007 Mark Tysom, UKERNA.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Collection-level description: from theory to practice Minerva project meeting Paris, 24 January 2003 Pete Johnston UKOLN, University of Bath Bath, BA2.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Bob Jones EGEE Technical Director
Ian Bird GDB Meeting CERN 9 September 2003
e-Infrastructure Workshop 28th March 2006, University of Leeds
TNC - 22nd May 2007 Mark Tysom, UKERNA
UK Access Management Federation
UK Federation 101 Ian A. Young EDINA, University of Edinburgh (and the UK Federation) Internet2 Fall Member Meeting, 7 Dec Shibboleth Development.
International Task Force Meeting
Protecting Privacy with Federated AA
Presentation transcript:

Copyright JNT Association 20051Optional Copyright JNT Association The UK federation Mark Tysom, JANET(UK) 9 October 2007

Copyright JNT Association 20052Optional Copyright JNT Association “Shibboleth 2007”

Copyright JNT Association 20053Optional Copyright JNT Association A work of art “The work, entitled Shibboleth 2007, runs the full 167 metres of the cavernous hall on London's South Bank. It begins as a crack then widens and deepens as it snakes across the room. Colombian artist Salcedo said the work - on display to the public until April next year - symbolised racial hatred and division in society.”

Copyright JNT Association 20054Optional Copyright JNT Association Overview Life before the federation Federated-v-non-federated Technology trials Cross sector approach The federation service Policy framework Scaling challenges: discovery Uptake What’s next?

Copyright JNT Association 20055Optional Copyright JNT Association Before the federation: schools IP address-based checks Ad-hoc bilateral arrangements between IdP and SP Multiple usernames and passwords Multiple copies of personal data held by third parties Duplication of effort across multiple institutions Publishers and network providers having to interface with multiple systems Difficulty in sharing resources between institutions

Copyright JNT Association 20056Optional Copyright JNT Association Before the federation: FE/HE Ad-hoc bilateral arrangements & Athens Classic Athens - a centralised service: –Institution provides identity info about users to Athens –Athens brokers both authentication and authorisation with service providers on behalf of the organisation –Data can only be managed by site Athens Administrators Athens database contains a lot of information about users and about the services to which institutions have subscribed

Copyright JNT Association 20057Optional Copyright JNT Association Technology trials Independent trials within the education sector Becta: 2003 – workshops - strategy paper - Shib laboratory test 2 pilots: WMnet & LGfL

Copyright JNT Association 20058Optional Copyright JNT Association Technology trials JISC Core Middleware Development Programme selected Shibboleth and started in April 2004 JISC early adopters (MATU) Established Shibboleth Development and Support Service (SDSS) federation

Copyright JNT Association 20059Optional Copyright JNT Association Shibboleth selected Individually chosen by JISC and Becta as most suitable option Government steer towards collaborative services to avoid duplication of resources Agreement for JANET(UK) to proceed with a joint approach March 2006 Aim for one federation…

Copyright JNT Association Optional Copyright JNT Association What are the benefits? –Provides consistency across the education sectors –Improves the user experience –Facilitates sharing of content and collaboration within and across sectors –Economies of scale for both sectors –Centrally-funded: no annual fees! –Based on an international standard (SAML)

Copyright JNT Association Optional Copyright JNT Association The UK federation Launched November 2006 Schools, FE, HE and Research Organisations and institutions providing services to these sectors

Copyright JNT Association Optional Copyright JNT Association What is “the UK federation?” A set of Rules that binds members to: –Make accurate statements to other members –Keep federation systems and data secure –Use personal data correctly (UK DPA,1998) –Resolve problems within the federation Not by legal action –Assist federation operator and other members

Copyright JNT Association Optional Copyright JNT Association Organisational Structure Joint funded by Becta & JISC Operational management by JANET(UK) Policy Board –Stakeholder representatives Technical Advisory Group –Experts from all sectors

Copyright JNT Association Optional Copyright JNT Association UK federation infrastructure –Hosted by JANET(UK) –Discovery Service Resilient WAYF –Hosting of metadata Describes the UK federation –Monitoring of SPs and IdPs –Test environment –Federation web site -

Copyright JNT Association Optional Copyright JNT Association Fully supported JANET service –Support team at JANET(UK) –Expert support from the JANET community –Guidance and advice to IdPs & SPs –Configuration guides –Training courses –Workshops to help organisations join the UK federation

Copyright JNT Association Optional Copyright JNT Association Policy and technical framework 1.Rules of membership: Mandatory 2.Recommendations for use of personal data: 3.Technical recommendations: 4.Technical specifications: 5.Federation operator procedures: } Advisory

Copyright JNT Association Optional Copyright JNT Association Rules of Membership –Definitions –Rules for all members –Specific rules for IdPs and SPs –Data Protection and Privacy –User Accountability –Liability –Audit and Compliance –Termination –Membership Cessation –Changes to Rules –Dispute Resolution The basic contractual framework for trust

Copyright JNT Association Optional Copyright JNT Association Recommendations for Use of Personal Data Suggests how to satisfy legal requirements UK Data Protection Act, 1998: eight data protection principles “Responsibility of those collecting or using data concerning children to inform responsible adults, obtain valid consent or prevent inappropriate use of data by those handling it” Not the responsibility of the UK federation Recommends a core set of attributes

Copyright JNT Association Optional Copyright JNT Association Four Core Attributes –eduPersonScopedAffiliation : represents the least intrusion into the user’s privacy and is likely to be sufficient for many access control decisions. –eduPersonTargetedID : designed to satisfy applications where the service provider needs to be able to recognise a returning user without revealing real identity. –eduPersonPrincipalName: comes under the personal data guidelines of UK Data Protection Act. –eduPersonEntitlement: may be possible to determine Identity from entitlement, so governed by UK Data Protection Act. “For most applications a combination of eduPersonScopedAffiliation and eduPersonTargetedID will be sufficient. A requirement to provide other attributes should be regarded as exceptional by both Identity and Service Providers and will involve considerable additional responsibilities for both.”

Copyright JNT Association Optional Copyright JNT Association Technical Recommendations for Participants Specifies the technical architecture for federation and participants Contains choices of IdP/SP software (UK is neutral but must be SAML compliant) Authentication response profiles Metadata processes Digital Certificate processes Attribute usage Includes future directions for each area of work

Copyright JNT Association Optional Copyright JNT Association Federation Technical Specification Federation Technical Specification: –How the UK Access Management Federation achieves trust 5. Federation Operator Procedures Federation Operator Procedures: –The procedures actually undertaken by the federation operator (JANET UK): Enrolment CA Qualification Support Monitoring / Audit

Copyright JNT Association Optional Copyright JNT Association Scaling – approx. 12–18 million eligible users – hundreds of member organisations – hundreds or thousands of entities Deployment Challenges

Copyright JNT Association Optional Copyright JNT Association Discovery Challenges Institutional portal avoids the issue SP can perform discovery locally: – SP often knows its community of users – Particularly true for licensed content, where a real- world contract will exist – Also true for resources built around small collaborations

Copyright JNT Association Optional Copyright JNT Association Example: Elsevier ScienceDirect

Copyright JNT Association Optional Copyright JNT Association Example: Elsevier ScienceDirect

Copyright JNT Association Optional Copyright JNT Association Central WAYF UK federation provides central “Where Are You From” service as backstop Production WAYF servers work from federation metadata – three identical machines – geographically distributed in multiple data centres – as anti-spoofing measure

Copyright JNT Association Optional Copyright JNT Association UK federation WAYF

Copyright JNT Association Optional Copyright JNT Association UK federation statistics (8 th October 07) 108 full member organisations 135 SAML entities – 63 identity providers – 72 service providers Software: – 92% Shibboleth 1.3 – 3% Shibboleth 1.2 – 5% other (AthensIM, Guanxi, etc) Approx. 3 new applications/week

Copyright JNT Association Optional Copyright JNT Association What’s next…? UK federation development roadmap - Increase functionality - Enhance usability Widening participation –NHS –Museums, etc

Copyright JNT Association Optional Copyright JNT Association Conclusion Federation launched – great! Lots of potential to exploit Job done…? Actually, it’s just beginning!

Copyright JNT Association Optional Copyright JNT Association Questions? More info: lists:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.