Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

Published byKaylee Pruitt Modified over 10 years ago

Similar presentations

Presentation on theme: "Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect."— Presentation transcript:

1 Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect

2 Federations JISC funded organisations or projects will probably already use Athens (in some form) –have agreed to T&Cs for usage of the Athens service –is current requirement for Athens Athens Federation setup to support the Shib-Athens gateway Connection to the gateway for production use will require strict compliance with the T&Cs –membership of the Athens UK Federation –organisations will be listed in the Athens WAYF and membership lists Organisations wishing to evaluate and test the service may join the Athens Touchstone Federation –can only gain access to test resources through the gateway

3 Athens Touchstone Federation Purpose: –Primary aim is to provide capability for IdPs and SPs to trial or test the Athens to Shibboleth gateways –To provide Shibboleth test capability in the wider sense (Shib to Shib) –To provide a WAYF service for participating organisations –Freely available to all JISC-supported organisations Member Service Providers –Standard Shib target using I2 reference software –Shibboleth to Athens Gateway (available now) providing access to test Athens resources Member Identity Providers –Standard Shib origin based on AthensIM –Athens to Shibboleth Gateway (available end May) Providing access for Athens enabled accounts

4 Athens Touchstone Federation Athens to Shibboleth Gateway Test Organisation Shibboleth Origin Based on AthensIM Shibboleth to Athens Gateway Test Athens resources Shibboleth Target(s) Test Athens users Registration Trust Policies WAYF

5 Athens Federation Production Federation Provides access to real Athens protected resources via the Shib to Athens Gateway Provides access to Shib protected resources for Athens enabled accounts via the Athens to Shib Gateway Strict Terms & Conditions – same as the current Athens service Infrastructure runs on very high availability infrastructure –WAYF –Athens gateways (when launched) Will be linked to Internet2 shortly

6 Athens Federation Athens to Shibboleth Gateway Shibboleth Origin Shibboleth to Athens Gateway Athens resources Shibboleth Target(s) Athens users Registration Trust Policies WAYF

7 Pre-requisites Athens Registration –Either as an organisation or a Service Provider Acceptance of the standard Athens Terms & Conditions Username/password policy judged as secure by Eduserv –Registration procedure will include providing information on this policy Meets the Athens Implementation Standards for Identity & Service Providers –Independent assessment carried out by Eduserv Athens support staff

8 Registration Need to register in order to use gateway: –HS/AA URLs –Handle Assertion signing cert must be securely registered –Choose authorisation policy –Nominate attribute to use as persistent ID –May upload CSR requests to Athens CA Athens requires that AA server cert is signed by a recognised root CA, currently –Thawte Server CA –Verisign Class 3 CA –GlobalSign Root CA –Athens CA

9 Attributes Athens-specific attributes appear in MACE registered namespace –urn:mace:eduserv.org.uk:athens:… Current set of attribute names are defined and specified for Athens service –Documentation published to SPs AthensIM and Athens to Shib gateway offer attribute mapping capability Additional recommended Attributes for Athens federations under discussion –eduPersonTargetedID –eduPersonEntitlement for authorisation to resource –eduPerson mappings

10 Multiple Federations The reality is that there will be multiple federations The Athens gateway products can be registered with multiple federations –Subject to suitable Terms & Conditions

Download ppt "Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect."

Similar presentations

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.

Athens and Shibboleth ® : the choices Phil Leahy Athens Product Manager.
Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.

Shibboleth and UKAMF-FEAR not as scary as it sounds! Rhys Smith Cardiff University.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee

Authorisation Models for National Scale Services Alan Robiette Joint Information Systems Committee
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.

Shibboleth at Cardiff University Lindsay Roberts Project Manager – Shibboleth Implementation Phase 2.
Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.

Options for integrating the JANET Roaming Service (JRS) and Shibboleth Tim Chown University of Southampton (UK) JISC Access Management.
FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.
Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.

Next Generation Athens Services Ed Zedlewski UK e-Science Town Meeting, London, 11 April 2005.
Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Introduction to Shibboleth and the IAMSECT Project.

Introduction to Shibboleth and the IAMSECT Project.
KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.
EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.

EduPerson and Federated K-12 Activities InCommon/Quilts Pilot Group February 27, 2014 Keith Hazelton UW-Madison, InCommon/I2.
Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,

Joint Information Systems Committee Connecting People to Resources Federated Access Management within the UK Nicole Harris Senior Services Transition Manager,
JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.

Joint Information Systems Committee 19/05/2015 | | Slide 1 Voyage of the UK JISC Federation: Shibbolising the UK’s Research, Higher and Further Education.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST 24-27 May 2005, Edinburgh.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (

Similar presentations

Ads by Google