Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002.

Slides:

Advertisements

Similar presentations

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Advertisements

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

OpenAthens LA 2.0 implementation Matt Durant. Outline Bath Spa University Why single sign-on? –Improving the user experience The project / decision making.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

UK Campus Grid Special Interest Group Dr. David Wallom University of Oxford.

Futures – Alpha Cloud Deployment and Application Management.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

Technical Review Group (TRG)Agenda 27/04/06 TRG Remit Membership Operation ICT Strategy ICT Roadmap.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

TIES — Technologies for Information Environment Security Sandy Shaw University of Edinburgh.

Understanding Active Directory

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Case Study: Newcastle University

Peter Deutsch Director, I&IT Systems July 12, 2005

Authentication Systems and Single Sign-On (SSO) David Orrell, Eduserv Athens 1st EuroCAMP, 2-4 March 2005, Turin, Italy.

Public Key Infrastructure from the Most Trusted Name in e-Security.

 Wikipedia Says… “Single Sign On (SSO) is a property of access control of multiple, related, but independent software systems. With this property a user.

Developments in Access and Identity Management Phil Leahy – Athens Product Manager.

Integrated... Interoperable... Institutional... Implementation... Institutional VLE - Library Integration at University of Ulster.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Athens Building Communities Ed Zedlewski & Lyn Norris UKSG, Warwick, April 2002.

Supporting further and higher education Current A&A Developments in the UK Alan Robiette, JISC Development Group.

Implications for UK infrastructure No more dependency on the VERY LARGE centralised database of Athens Need for implementation of a national WAYF service.

Implementing Secure Shared File Access

F. Guilleux, O. Salaün - CRU Middleware activities in French Higher Education.

Supporting further and higher education AA(A) – What does it mean to the service provider? Alan Robiette, JISC Development Group.

New Developments in Authentication and Access Management Alan Robiette JISC Development Group JISC-NSF-DLI2 Meeting, 2002.

Managed Learning Environment Project Architecture The Big Picture Back-end Connectivity Use of Middleware (ANGEL) John Eyre, Alan Glover, Steve Beech.

Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.

Building Secure, Flexible and Scalable Environments using LDAP - SANS Orlando Sacha Faust PricewaterhouseCoopers

UCLA Enterprise Directory Identity Management Infrastructure UC Enrollment Service Technical Conference October 16, 2007 Ying Ma

Higher Express Banner-APEX Integration Framework

Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.

PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Comité Réseau des Universités News from CRU activities: Identity federation, eduroam, PKI, SCS, Sympa, security policies cru.fr 7th.

Windows Role-Based Access Control Longhorn Update

Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.

Supporting further and higher education The JISC Information Environment Programmes Alan Robiette, JISC Development Group.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

February, TRANSCEND SHIRO-CAS INTEGRATION ANALYSIS.

Learning materials Assessments Learning guidance Student records Personal finance Campus information Social information Student services Timetables.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Overview of the BI Tools – Enterprise CoE Scope of Services

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

The FederID project The First Identity Management and Federation Free Software.

Portal Framework + Standards = Functionality Freedom

New features and customization options

Welcome to the 20th Anniversary of the IUG

Building a National Access Management Infrastructure

ESA Single Sign On (SSO) and Federated Identity Management

GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO

GALILEO & OpenAthens: 21st Century Authentication for GALILEO Participating Libraries Christopher Holly Director of SaaS Innovation, EBSCO

Public Key Infrastructure from the Most Trusted Name in e-Security

Supporting Institutions Towards a Shibbolized Infrastructure

Day 2, Session 2 Connecting System Center to the Public Cloud

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

Athens – integrated AMS services Ed Zedlewski JISC/CNI Conference Edinburgh, June 2002

Outline Athens the present Key new developments Athens going forward

Where are we now? Nationwide AMS managed services for: –UK Higher/Further education sector run under SLA/contract to JISC 1.8m+ accounts in 460+ institutions, using 240+ resources –UK Health sector ~200 trusts Centrally managed infrastructure for: –DSP/publisher relations –Institutional support services –Policy issues increasingly important Increasingly devolved capability Shared authorisation space and User Profiling

Single Sign On (SSO) Full production SSO service rolled out Session credentials stored in cookie Session maintained at the AP Already in widespread use Full deployment anticipated by end 2002

Common platform 4 years of 100% authentication service uptime Ongoing development using core components of original Athens Gradual upgrade of interfaces and services Driving towards full standards compliance Users want evolution, rather than revolution Athens serves a need and it WORKS!

Athens DA Built on SSO infrastructure Works with existing DSP plug-in (responder) Devolved authentication service –Locally defined authentication schema –User authenticated locally –User ID bound to permission set ID at UAS –Presents pseudonym (virtual account) as credentials

Work in progress Pilot with University of Ulster VLE integrated with Athens DA –all students, all courses –WebCT, iPlanet, LDAP Directory, Library OPAC –study notes, discussion forums, reading lists –Initial sign can be through campus portal or via DSP

DA architecture

Role administration

Permission set definition

New usability features Expect to be able to gather useful behavioural statistics –Average No. of different DSP connections per user –Institutions can monitor take-up & usage patterns Data up/downloading facilities Security – reduce possible abuse Enhanced admin facilities for DSP’s

X.509 certificates Working demonstrator using X.509 certificates Built on SSO and DA services Retains user anonymity

InstitutionAthens Institution PersonnelStudent Registry Library SystemLocal Computing Athens Agent User Athens-protected Service (DSP) Athens Authentication Point Athens Single Sign On

InstitutionAthens Institution PersonnelStudent Registry Library SystemLocal Computing Directory Service Athens Agent User Athens-protected Service (DSP) Athens Authentication Point Athens Devolved Authentication (DA)

InstitutionAthens Institution PersonnelStudent Registry Library SystemLocal Computing Athens Agent Certificate Authority C Directory Service User Athens-protected Service (DSP) Athens Authentication Point AthensDA with Certificates

Future development & goals Facilitate integrated local information environments Wider deployment of DA services Exposure against other LDAP flavours Transition core technology to open standards –SOAP server (XML, SSL, JDBC, SOAP) –Publish the DSP API – DIY or use Athens plug- ins

Summary Acknowledge work done at Shibboleth, PAPI & JISC New developments delivered on a resilient platform Flexibility for institutions to evolve integrated SSO services Increased deployment of DA services Move towards open standards

Technology is easy….. …..people are hard

Contacts