Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr Tony McDonald - FMSC Breaking Boundaries 2005 1 Dr Tony McDonald - FMSC

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Dr Tony McDonald - FMSC Breaking Boundaries 2005 1 Dr Tony McDonald - FMSC"— Presentation transcript:

1 Dr Tony McDonald - FMSC www.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 1 Dr Tony McDonald - FMSC www.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Authentication and Authorization (including focussing on Shibboleth) Dr Tony McDonald, Assistant Director FMSC Project manager, IAMSECT http://iamsect.ncl.ac.ukhttp://iamsect.ncl.ac.uk Project manager, FDTL-4 ePortfolios http://www.eportfolios.ac.ukhttp://www.eportfol Technical Director, CETL4HealthNE http://www.cetl4healthne.ac.ukhttp://www.c

2 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 2 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Background School of Medical Education Development Responsible for IT provision of the MBBS programme, 1700 students, 1400 staff - many in the NHS Project manager, IAMSECT (Shibboleth dissemination) Project manager, FDTL-4 ePortfolios Technical Director, CETL4HealthNE ie not an über-geek...

3 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 3 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 The session... Is about information/knowledge transfer Is informal Is about making connections Is about problem solving... Is about recognizing the potential of authentication/authorization systems Is about getting these systems setup at your institution

4 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 4 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Outline What is authentication/authorization Single sign on Shibboleth (introduction, issues) Use cases Discussion Shibboleth futures Roundup

5 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 5 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 What is authentication/authorization? authentication - identifies who you are username, N.I. number, email address, employee number, biometrics, DNA authorization - what you are allowed to do almost always requires another level of lookup in the past, particularly for online systems, these have usually been combined. You login to a system and it knows what you can do.

6 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 6 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Authentication login (username/password) - Windows, unix, Amazon username can be anything; d56rtx, bingo@bob.combingo@bob.com would be keyed against flat files, databases, active directory, LDAP These ‘databases’ can be held locally or remotely

7 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 7 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Authentication - who you are You have the keys

8 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 8 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Authorization - what you can do But can you drive the car?

9 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 9 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Single sign on A way of accessing more systems using one login It can be centralised (Athens, one big domain) Big database in the middle of the world, managed centrally Can also be de-centralised (Shibboleth is best known example) Lots of small databases, managed locally implies some level of communication between sites

10 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 10 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Why use single sign on? Shared students including students from ‘feeder’ colleges Shared resources Journals, re-usable learning objects Not necessarily electronic resources Increasingly needed for ‘joined up’ systems and processes

11 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 11 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Shibboleth Possibly the first password Distributed authentication and authorization Standards-based (SAML) Lots of backing from JISC and Internet-2 Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand. Judges 12:5-7 Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of Jordan: and there fell at that time of the Ephraimites forty and two thousand. Judges 12:5-7

12 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 12 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Core Concepts of Shibboleth A user is authenticated at “home” Home knows who and what a user is eg Tony McDonald, member of staff; access to some admin areas Service providers make access decisions based on what a user is (ie staff, student, medic etc) Service providers should only know the minimum about a user Can improve privacy

13 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 13 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Some Issues... Involves trust between institutions - this must come first and this is where federations can help Data protection issues Technical ability of provider and consumer of Shibboleth- enabled resources not rocket-science, but not trivial either (IAMSECT is helping to simplify the process)

14 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 14 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Some use cases Based on some selected projects currently underway; IAMSECT (Shibboleth awareness raising, developing functioning systems) FDTL-4 ePortfolios (ePortfolios for medicine, since grown into a major growth area for our school) CETL4HealthNE (9000 health care students in 3 years)

15 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 15 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 IAMSECT JISC funded May 04-Apr 06 Three Universities; Newcastle*, Durham* and Northumbria, plus Subject Centre for Medicine, Dentistry and Veterinary Medicine - and the NHS Technical and managerial issues are addressed, documented and disseminated. What worked? What could have been done better? More people using Shibboleth Better inter-institutional relations Insight into NHS processes Consortium agreements Different VLEs/OSes worked Emphasized benefits earlier? Certification authority issues BlackBoard/Open Source

16 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 16 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 ePortfolios FDTL-4 funded Oct 03-Sep 05 Three Universities; Newcastle, Sheffield and Leeds - focussing on medical students ePortfolios for medical students at all institutions, using two different VLEs What worked? What lessons were learnt? ePortfolios integrated into course Better inter-institutional relations Led to ePET project - web service enabled ePortfolio, authentication issues Also led to EPICS project - ePortfolios and Shibboleth ePortfolios and Shibboleth are not a natural fit See Simons talk tomorrow! (10:30am) Sydney room - ie here

17 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 17 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 CETL4HealthN E HEFCE funded Oct 04-Sep 09 Five Universities of North-East; Newcastle, Northumbria, Durham, Sunderland, Teesside. Strategic Health Authorities and NHS Trusts £4.5 million over 5 years Impact on 9000 diverse students in first 3 years What’s working? What could be done better? Better communications - always Emphasized benefits earlier? People wanting to use Shibboleth Good inter-institutional relations Insight into NHS processes

18 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 18 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Relation to ePortfolios (FDTL- 4) See Simons talk tomorrow! (11am) Moving data between institutions

19 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 19 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Shibboleth and CETL4HealthNE Perhaps an ideal vehicle for Shibboleth Access required to wide range of resources VLEs, training, video, admin. For a wide range of students From many institutions Five HEIs, SHA’s, NHS Trusts Medicine Nursing Physiotherapy Dentistry Speech & Language Therapy Occupational Therapy Pharmacy Radiography Social Work Foundation Degrees and 9000 students impacted in first three years...

20 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 20 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 JISC Investment Various programmes, attacking problem from both sides: Information provision (EDINA, MIMAS etc) - origins in Shibboleth parlance Information usage (core middleware) - targets in Shib-speak Large sums of money have been invested 01/04 - 13 projects, 05/05, 07/04, DeL - 6 projects And are transitioning from Athens to Shibboleth

21 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 21 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Your Turn! - 15 mins Using examples from the use cases (or wherever), do a SWOT on; Introducing single sign on systems into my organisation

22 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 22 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Discussion points? It could work but not here... What would we use it for? How do we get started?

23 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 23 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Username management Should be greatly reduced should be done by institutional IT services Access to wider variety of resources Athens are ‘Shibboleth-enabling’ services, using their gateway JISC - doing same thing with EDINA, MIMAS and other services How does it help me?

24 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 24 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Shibboleth Futures Shibboleth is a disruptive technology Authentication, privacy barrier removed Online “reputation based” systems could kill journals? Services bought in from outside e.g. webmail for students Niche services flourish What happens next?

25 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 25 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Group Discussion Some possible talking points; Is Shibboleth really disruptive? How can I make this work at my institution? and It’ll never work at my institution Where do I sign up?

26 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 26 Dr Tony McDonald - FMSC www.ncl.ac.ukwww.ncl.ac.uk/medev tony.mcdonald@ncl.ac.uk Breaking Boundaries 2005 Resources IAMSECT - http://iamsect.ncl.ac.uk/http://iamsect.ncl.ac.uk Lots of links and resources to Shibboleth and related information. Including a glossary - http://iamsect.ncl.ac.uk/glossary http://iamsect.ncl.ac.uk/glossary MEDEV - http://www.ncl.ac.uk/medev/http://www.ncl.ac.uk/medev/ VLEs, ePortfolios, Admin systems, Medical Education, CETL4HealthNE, Subject Centre for Medicine, Veterinary Medicine and Dentistry JISC - http://www.jisc.ac.uk/ (search for Shibboleth)http://www.jisc.ac.uk Driving the Shibboleth agenda in the UK

Download ppt "Dr Tony McDonald - FMSC Breaking Boundaries 2005 1 Dr Tony McDonald - FMSC"

Similar presentations

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.

Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
JISC Conference 2004 Promoting E-Resources Clare Holmes Head of Sales, UK & Ireland.

JISC Conference 2004 Promoting E-Resources Clare Holmes Head of Sales, UK & Ireland.
RIPPLL Regional Interoperability Project on Progression for Lifelong Learning.

RIPPLL Regional Interoperability Project on Progression for Lifelong Learning.
RIPPLL Regional Interoperability Project on Progression for Lifelong Learning Dr Angela Smallwood, Project Director Sandra.

RIPPLL Regional Interoperability Project on Progression for Lifelong Learning Dr Angela Smallwood, Project Director Sandra.
A view from Kingston Some thoughts on collaborative ePortfolio project work in Nottingham Sandra Kingston, Project Manager Centre for International ePortfolio.

A view from Kingston Some thoughts on collaborative ePortfolio project work in Nottingham Sandra Kingston, Project Manager Centre for International ePortfolio.
Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.

Directorate of Learning Resources Accessing electronic journals from off-campus This causes lots of headaches, but dont despair, heres how to do it! If.
Joint Information Systems Committee Supporting UK Further and Higher Education JISC Information Environment and Architecture, part 1 Alicia Wise and Andy.

Joint Information Systems Committee Supporting UK Further and Higher Education JISC Information Environment and Architecture, part 1 Alicia Wise and Andy.
A centre of expertise in digital information managementwww.ukoln.ac.uk Approaches To E-Learning: Developing An E-Learning Strategy Brian Kelly UKOLN University.

A centre of expertise in digital information managementwww.ukoln.ac.uk Approaches To E-Learning: Developing An E-Learning Strategy Brian Kelly UKOLN University.
The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.

The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Introduction to Shibboleth and the IAMSECT Project.

Introduction to Shibboleth and the IAMSECT Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.

Access management for repositories: challenges and approaches for MAMS James Dalziel Professor of Learning Technology and Director, Macquarie E-Learning.
Introduction to Library Resources within SVHG September 2009.

Introduction to Library Resources within SVHG September 2009.
Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.

Shibboleth at Newcastle Caleb Racey Webteam ISS Shibboleth experiences Program  Background  What shib has enabled  Benefits of shib  How to do shib.
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

Similar presentations

Ads by Google