Presentation is loading. Please wait.

Presentation is loading. Please wait.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

Published byLawrence Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007."— Presentation transcript:

1 JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007

2 Outline What changes to access management are JISC proposing? –What is Shibboleth? What will these changes mean –For end-users? –For UoB staff? What are the timescales? What are the UoB plans?

3 What is happening? JISC is aiming to improve the way in which users access resources throughout the UK educational sector –Goal: to allow users to access internal and external resources seamlessly using a single, institutionally controlled identity –Reduce substantially (if not eliminate altogether) current problems in which users are required to maintain multiple passwords for multiple resources in multiple domains

4 What is happening? (2) JISC support for Athens will cease –Athens will be available as a paid-for service New JISC strategy based on Shibboleth technology, a new standards-based approach in this area

5 Why the move from Athens? Relies on separate credentials –Forgotten or written down (a security issue) –Shibboleth uses local credentials Demand for more sophisticated systems for enabling access to materials and resources –Shibboleth’s flexible design provides a good basis for meeting these demands.

6 What is Shibboleth? Federated access management framework –Federation of Identity Providers (IdPs) and Service Providers (SPs) No central identity service –SPs talk to user’s IdP –Authorisation decisions based on IdP-provided information Federation provides trust fabric –Allows SPs and IdPs to trust each other

7 Acknowledgement: –Taken from SWITCH AAI What is Shibboleth? (2)

8 What is Shibboleth? (3) For web services only Integrated with local authentication –Single Sign On CAS in UoB case Location independent –Won’t necessarily provide UoB IP address to those services that use IP addresses to make authorisation decisions

9 What changes will there be for end-users? Single Sign On extended –To UoB resources protected by CAS SSO –To third-party resources protected by Athens or Shibboleth Users will have to negotiate new WAYF step –Techniques to reduce the impact of this

10 What changes will there be for UoB staff? No more separate Athens identity management –Users will login to UoB SSO when visiting external protected resources In time, no separate account management for non- UoB users –e.g. external Blackboard users

11 What changes will there be for UoB staff? (2) UoB will have to run (or outsource) a Shibboleth IdP –Linked to LDAP and CAS SSO –One for the techies Attribute exchange with resource providers will have to be managed –Again, one for the techies

12 What support is there? JISC-provided UK Access Management Federation for Education and Research UoB experience from JISC-funded pilot project –Metaleth (Metalib + Shibboleth) A Shibboleth to Athens gateway –Provided by Eduserv

13 What is the time frame? JISC asking institutions to recognise this change within their IT strategies for the next two years –Athens contract with JISC renewed until July 2008 –Will run in parallel to the UK access management federation and the Athens/Shibboleth gateway From July 2008, JISC will support access management through the UK access management federation –Athens will become a paid-for service

14 What are the next steps we need to take? UoB currently evaluating alternate approaches –Run the Shibboleth infrastructure ourselves Identity provision, Attribute Authority –Outsource to Eduserv

15 What are the next steps we need to take? (2) Project starts in April –Goal: replace Athens at UoB for the Autumn Tasks: –A production Shibboleth IdP –Transfer of current Athens-protected resources Shibboleth directly or via Athens/Shibboleth gateway –Policy decisions to be taken regarding attribute release and privacy –Managing the change-over for end-users Documentation, awareness raising

16 Further Information JISC Access Management –http://www.jisc.ac.uk/whatwedo/themes/access_ management.aspxhttp://www.jisc.ac.uk/whatwedo/themes/access_ management.aspx UK Access Management Federation for Education and Research –http://www.ukfederation.org.uk/http://www.ukfederation.org.uk/ Shibboleth –http://shibboleth.internet2.edu/http://shibboleth.internet2.edu/

17 Questions? Jasper.Tredgold@bris.ac.uk

Download ppt "JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007."

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.

Shibbolising UK Census and ESDS services Lucy Bell Associate Director, Head of Information Systems and Preservation, UKDA 26 May 2005.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.

1 Wolfgang Lierz Staff IT-Services / Network & Security Admin ETH-Bibliothek Zurich Integration Primo-Aleph-PDS-SSO- AAI Wolfgang Lierz / IGeLU 2012 Zurich.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Similar presentations

Ads by Google