Federated Access Management, JISC Presentation
-
Upload
jisc-rsc-southeast -
Category
Technology
-
view
3.985 -
download
0
description
Transcript of Federated Access Management, JISC Presentation
Joint Information Systems Committee 10/04/23 | | Slide 1
Mark Williams
Services Outreach, JISC
federated access management
Joint Information Systems Committee 10/04/23 | slide 2
Introduction
The West Wing
Warner Bros 2001
Joint Information Systems Committee 10/04/23 | slide 3
Joint Information Systems Committee 10/04/23 | slide 4
Joint Information Systems Committee 10/04/23 | slide 5
Joint Information Systems Committee 10/04/23 | slide 6
www.bricktestament.com www.bricktestament.com
Joint Information Systems Committee 10/04/23 | slide 7
Update
Shibboleth update
Joint Information Systems Committee 10/04/23 | slide 8
Update
Shibboleth update
Focus on Federated Access Management
– Shibboleth just one of / part of the technologies
Joint Information Systems Committee 10/04/23 | slide 9
Introduction
What is access management?
The Situation
The Choices
Why?: The business case
The Support
Discussion
Joint Information Systems Committee 10/04/23 | slide 10
Explaining federated access management
Video highlights:
– Issues
– Advantages
– Situation
Video Audience:
– SMT
– Curriculum
– LRC
Tool for YOU to use
Joint Information Systems Committee 10/04/23 | slide 11
JISC Announcement
In March 2006, JISC formally announced its intention to support federated access management as the preferred access management solution for UK Further and Higher Education
JISC will continue funding the Athens service until July 2008
Athens will be available via a subscription model post July 2008
Institutions will have to Join the Federation to access JISC funded resources
The UK Access Management Federation launched in November 2006, with early adopters joining in August 2006
The Federation is a combined venture between JISC and BECTA
A full support service will be made available to the JISC community to support the transition to the new service
Joint Information Systems Committee 10/04/23 | slide 12
What is Federated Access Management?
Current Athens service is a centralised service:
– Institution provides information about users to Athens (identity information).
– Athens brokers both authentication and authorisation on the part of the institution with service providers.
Federated Access Management devolves authentication back to the institution:
– Authentication achieved through normal institutional log-on.
– Service Providers trust institutions to appropriately authenticate.
– Service Providers and institutions exchange information about users to determine what they can access (attributes: staff, student, law).
– Same system can be used for internal, external and collaborative access (e-learning partnerships with other institutions, e-portfolios).
Joint Information Systems Committee 10/04/23 | slide 13
The Push
JISC Collections access
Athens pricing structure
Focus on legitimate use – Emphasis on correct use- non sharing of passwords etc
Expiry policy
Policy for populating user directory
http://www.eduserv.org.uk/upload/athens/pdf/openathens_pricing_0307.pdf
Joint Information Systems Committee 10/04/23 | slide 14
The Pull
Capability – institution – staff – students
International gold standard
Longevity: JISC supporting solution – Gateway developed to enable Eduserve solution
International – In common etc
Joint Information Systems Committee 10/04/23 | slide 16
Strategic Case: Example – Rummidge College Vision statement
VISION STATEMENT: “Using a single password, students can access not only Rummidge College own electronic resources but also those of other universities, Colleges and institutions by co-operative agreements.
VISION STATEMENT: “Provide services which reduce the burden of administration and information management.”
VISION STATEMENT: “Provide services which facilitate scholarly communication, collaboration and research
Federated access management allows not only single sign-on internally using an institutional password, but also allows users to access resources (such as VLEs) at other institutions using that same password (i.e. no need to register elsewhere).
Devolved authentication means that institution do not have to administer Athens accounts and single sign-on reduces the need for libraries to manage people as well as resources.
Federated access management supports the adoption of ‘virtual organisations and key research tools (such as open access repositories) have been ‘federated’.
24/7 Collaboration Lifelong learning Workbased learning
Remote learning Regional Partnership
Joint Information Systems Committee 10/04/23 | slide 17
The Strategic Case: Questions to Ask
Are there institutional drivers for:
The implementation of an enterprise directory / identity management solution?
– Need to manage ‘non-standard’ users more efficiently, need to manage all users more efficiently!
Single (simplified) sign-on / devolved authentication?
– System for both internal and external resources.
Collaborative access to resources within other institutions?
– HE / FE collaboration; franchises in other countries.
Research collaboration? Private sector collaboration?
– ‘Virtual Organisation’ support; third-stream funding opportunities.
Joint Information Systems Committee 10/04/23 | slide 18
Institutional Options
BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS
– COSTS: Institutional effort to implement software, join federation and enhance institutional directories
– BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources
BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT
– COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation
– BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources
SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS)
– COSTS: Subscription costs to external supplier (from July 2008) and internal administration role
– BENEFITS: Minimum institutional effort to achieve access to external resources only
Joint Information Systems Committee 10/04/23 | slide 19
Institutional Audit
Strategic fit: Aims of the College
– Mission statement, Capability, Staff up-skilling, Collaboration, Costs
Options appraisal: which choice meets business need
– How many resources do you access?
– What do you want to do?
Affordability
Capability
What will your choice solve?
Joint Information Systems Committee 10/04/23 | slide 20
Financial Case: procurement and commercial issues
JISC ‘Institutional Preparedness’ Study (170 institutions):
Directory Services:
– 66% HE / 69% FE use Active Directory
– 31% HE / 13% FE use Novell eDirectory
– 27% HE / 31 % FE use OpenLDAP
Outsourcing / Delegation of Identity Management:
– 2% of HE / 0% FE outsource directory / identity management
– 25% HE allow departmental control of identity management
Current use of Athens:
– Classic Athens: 57% HE / 78% FE
– AthensDA: 35% HE / 7% FE
Joint Information Systems Committee 10/04/23 | slide 21
Reviewing Readiness
State
d po
sition
100%0% 50%10% 20% 30% 40% 60% 70% 80% 90%
Pragmatic range
Pragmatic range
HE
FE
State
d po
sition
100%0% 50%10% 20% 30% 40% 60% 70% 80% 90%
How many institutions will adopt federated access by July 2008?
(FE figures: Scotland, Wales and Northern Ireland only)
Joint Information Systems Committee 10/04/23 | slide 22
Financial Case: implementation and ongoing
Costs associated with adopting federated access management need to be assessed on an institution by institution basis.
Depend on starting point (state of directory services, choice of directory services, use of Athens, size of institution etc. etc.).
Depends on ‘end’ goal (full single sign-on implementation or more lightweight approach).
Use case studies of ‘early adopters’ to judge where you might be – please contact me.
Talk to the early adopters (they are very nice).
NMI-EDIT full Enterprise Directory project example: £250,000 capital, £130,000 recurrent.
Simple adoption of federated access management: £5,000.
Early adopter projects: £50,000. All successful within these constraints.
Athens pricing
Joint Information Systems Committee 10/04/23 | slide 23
In Summary
All institutions have options to consider regarding the adoption of federated access management.
– Gateways ensure that it is your decision and not ‘chicken and egg’.
Institutions have a wide range of drivers that support the adoption of federated access management.
– Collaborative eLearning, eResearch, ePortfolios, Open Access Repositories, Information / Knowledge Strategies.
It is important that this is planned and considered on an institutional basis.
– What is the best fit for your institution?
– What’s in your strategy already?
Lots of resources available to help in the planning process.
Joint Information Systems Committee 10/04/23 | slide 24
The JISC Roadmap
Joint Information Systems Committee 10/04/23 | slide 25
Federation official documentation
http://www.ukfederation.org.uk/
Support: UK Federation Website
Joint Information Systems Committee 10/04/23 | slide 26
JISC Website
– Case studies
– Business case (May)
– Awareness events
– Netskills training
– Institutional audit support
– Mailing list
Support: JISC Website
Joint Information Systems Committee 10/04/23 | slide 27
Outreach
Team
– [email protected] –FE
– [email protected] – Resource Providers
– LSE team – implementation casestudies
• Third party players
– Eduserve
– Kidderminster / Salford
– Others
– UKERNA, NetSkills,
Joint Information Systems Committee 10/04/23 | slide 28
Access Management: Transition Programme Meeting
29th - 30th May 2007
Aston, Birmingham
Intended as a discussion platform for those who are adopting, or considering adopting, federated access management within the UK.
Senior managers, technical and library staff
http://www.jisc.ac.uk/whatwedo/programmes/programme_am_transition/amtppm
FREE!
1.00 - 2.00 LUNCH
200 - 2.15 WELCOME
2.15 - 3.30 OPTIONS FOR JOINING THE FEDERATION
3.30 - 4.00 COFFEE BREAK / SUPPLIERS POSTERS
4.00 - 5.00 Institutional Audit BoF Technical BoF Library BoF
END OF DAY ONE DRINKS AT 7.30 / DINNER AT 8.00
9.15 - 10.15 FUTURES: FEDERATION / SAML AND JISC STRATEGY
10.15 - 10.30 COFFEE BREAK
10.30 - 11.30 Policy Update Technologies Update Service Provider update
11.30 - 12.30 PLENARY
12.30 - 1.30 LUNCH AND CLOSE
Joint Information Systems Committee 10/04/23 | slide 29
Casestudies
Joint Information Systems Committee 10/04/23 | slide 30
Casestudies
Joint Information Systems Committee 10/04/23 | slide 31
Casestudies
Joint Information Systems Committee 10/04/23 | slide 32
Joint Information Systems Committee 10/04/23 | slide 33
Joint Information Systems Committee 10/04/23 | slide 34
Joint Information Systems Committee 10/04/23 | slide 35
www.bricktestament.com www.bricktestament.com
Joint Information Systems Committee 10/04/23 | slide 36
FEDERATION – does need to be addressed sooner or later
Don’t let that happen to your institution
Issue not forced on Colleges but highlighted
Solutions offered not chosen
Joint Information Systems Committee 10/04/23 | slide 37
Discussion
Obstacles?
Help?