Download presentation
Presentation is loading. Please wait.
1
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett
2
Copyright JNT Association 20052OptionalCopyright JNT Association 2007 Summary What is it? How does it work? Benefits What the service provides Suggested approach Further Information
3
Copyright JNT Association 20053OptionalCopyright JNT Association 2007 The UK Federation A group of member organisations who sign up to a set of rules An independent body, managing the trust relationships between members End user organisations act as ‘identity providers’ (IdPs) and optionally ‘service providers’ (SPs) Publishers and resource providers act as ‘service providers’ (SPs)
4
Copyright JNT Association 20054OptionalCopyright JNT Association 2007 Organisational Structure Funded by Becta & JISC Provided for Schools, FE & HE Operational management by UKERNA Policy & Governance Board Technical Advisory Group
5
Copyright JNT Association 20055OptionalCopyright JNT Association 2007 Components Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach
6
Copyright JNT Association 20056OptionalCopyright JNT Association 2007 Scope of Federation Identity Provider Service Provider Federation operator Metadata Rules Possible bilateral agreement WAYF Discovery: either WAYF or WAYG Assertions : AuthN, Attributes, (AuthZ)
7
Copyright JNT Association 20057OptionalCopyright JNT Association 2007 How it works
8
Copyright JNT Association 20058OptionalCopyright JNT Association 2007 How it works The core attributes should be sufficient. If not –eduPerson ie. nickName –organizationalPerson ie. telephoneNumber –inetOrgPerson ie. preferredLanguage –Custom attributes are permitted “as a last resort”.
9
Copyright JNT Association 20059OptionalCopyright JNT Association 2007 Benefits Benefits for users –Much less need to disclose your identity –Personal data kept between you and your home organisation –Publishers can tailor services better –(At least) one less password to remember
10
Copyright JNT Association 200510OptionalCopyright JNT Association 2007 Benefits Benefits for Identity providers (IdPs) –Typical IdPs are LAs, RBCs, FE, HE or Research –Easier to comply with regulatory requirements Data Protection Act 1998, etc. –Better service offered to users –Uses existing access management systems –Can use same access control for all resources Both internal and external –Fewer credentials should mean fewer support problems
11
Copyright JNT Association 200511OptionalCopyright JNT Association 2007 Benefits Benefits for Service providers (SPs) –Typical SPs are publishers, etc. –No need to store user credentials or entitlements Authentication is performed by the IdP Can authorise per institution, role, and/or entitlement –Reduced user support requirements –Reduced compliance burden Less storage/processing of personal data –Accurate implementation of licence conditions –Users take better care of credentials –Organisations take better care of assertions
12
Copyright JNT Association 200512OptionalCopyright JNT Association 2007 Benefits Benefits for the community –Provides consistency across the whole of education for federated (distributed) authentication and authorisation –Improves the user experience –Pooling of experience and expertise –Economies of scale for both sectors –Facilitates sharing of content and collaboration across sectors
13
Copyright JNT Association 200513OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach
14
Copyright JNT Association 200514OptionalCopyright JNT Association 2007 What the service provides A set of Rules that binds members: –Make accurate statements to other members If you say you can hold users accountable, do so –Keep federation systems and data secure –Use personal data correctly (inc. DPA1998) –Resolve problems within the Federation Not by legal action –Assist Federation Operator and other members
15
Copyright JNT Association 200515OptionalCopyright JNT Association 2007 What the service provides Guidance, examples, support –How to comply with the Rules –How to interoperate with other members Common definitions, etc. –Help in planning the transition –Experiences of early adopters –Software to implement Federation services All this is advisory, not prescriptive –Can use as much or as little as you need
16
Copyright JNT Association 200516OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach
17
Copyright JNT Association 200517OptionalCopyright JNT Association 2007 What the service provides Operational management –Registration mechanism for SPs and IdPs –Adding new members to the federation & updating existing members’ metadata –Fault finding and trouble shooting –Compatibility testing of server certificates and CA Qualification –Technical and operational documentation –Ongoing federation development –Reporting
18
Copyright JNT Association 200518OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach
19
Copyright JNT Association 200519OptionalCopyright JNT Association 2007 What the service provides Federation infrastructure –Discovery Service Resilient WAYF –Hosting of metadata Describes the Federation –Monitoring of SPs and IdPs –Test environment –Federation web site
20
Copyright JNT Association 200520OptionalCopyright JNT Association 2007 What the service provides Federation Infrastructure Policy Operational Management User Support Assisted Take-up Outreach
21
Copyright JNT Association 200521OptionalCopyright JNT Association 2007 What the service provides User support –Guidance and advice to IdPs & SPs –Configuration guides –Training courses –Online training material –Workshops to help organisations join the UK Federation –Frequently Asked Questions list
22
Copyright JNT Association 200522OptionalCopyright JNT Association 2007 Suggested approach Review your identity management strategy –for example, how many directories do you have and who owns them? Build the business case JISC will cease to centrally fund Athens in July 2008, options –Join federation, subscribe to ‘Outsourced IdP’ Join federation, continue to use Athens through gateways –Join federation, deploy community supported tools –Join federation, using tools with paid-for support
23
Copyright JNT Association 200523OptionalCopyright JNT Association 2007 Further Information Website –www.ukfederation.org.ukwww.ukfederation.org.uk E-mail lists –Ukfederation-announce@jiscmail.ac.ukUkfederation-announce@jiscmail.ac.uk –Ukfederation-discuss@jiscmail.ac.ukUkfederation-discuss@jiscmail.ac.uk
24
Copyright JNT Association 200524OptionalCopyright JNT Association 2007 Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.