Jisc RSC Eastern VLE forum Nov 2013 JISC RSC EASTERN NEWS UPDATE
JISC Access and Identity Management: Future Directions
-
Upload
jiscam -
Category
Technology
-
view
2.709 -
download
0
description
Transcript of JISC Access and Identity Management: Future Directions
Joint Information Systems Committee
Access Management Transition Programme MeetingAccess Management Futures: JISC and International Development Strategy
Nicole HarrisSenior Services Transition Manager, JISC
Joint Information Systems Committee
A Little Background
Joint Information Systems Committee
Some Background
1995: Athens developed by NISS (National Information Services and Systems) at University of Bath as an in-house system.
1996: eLib Study ‘Technologies to Support Authentication in Higher Education’ identified Athens as a potential solution for all JISC Services.
1997: Athens in use in all JISC Data Centres and rolled out across HEIs / FEIs over the next two years.
1998: CNI White Paper on AAA requirements. JISC commits to using as a basis for next-generation technologies.
1997 – 2000: three year contract for Athens provision with University of Bath and then Eduserv.
2000 – 2008: two three year plus one two year contract with Eduserv for Athens provision.
2000: Alan Robiette and JCAS scope requirements for next generation access management system (ANGEL project starts testing Shibboleth and PAPI technologies).
2002 – 2004: AAA Programme – audit of next generation technologies and ratification of requirements.
2004 – 2007: Core Middleware Programmes. JISC decision to support federated access management.
2006 – 2009: Access Management: Transition Programme. Roll-out and embedding.
Joint Information Systems Committee
The Requirements
A single access management system for:
– Intra-institutional resources.
– Third party digital library type resources.
– Inter-institutional resources for secure long-term collaboration.
– Inter-institutional resources for ad-hoc (virtual organisation) collaboration.
Evolving strategy:
– Where possible, JISC should focus on fostering development and use of standards rather than specific technologies.
– Institutions should have the widest possible range of options, from full open source to commercial support.
– Solutions should be in line with international developments in the field.
– Solution must provide real benefits to institutions and service providers.
Joint Information Systems Committee
Not just about preventing..
Copyright: Getty Images from the Education Image Gallery
Joint Information Systems Committee
..but about collaborating and sharing
Copyright: Getty Images from the Education Image Gallery
Joint Information Systems Committee
The UK Development Landscape
outreach support federation
Federation Services
AthensGateways
CABridge
eduRoamGateway
Development
Level of Assurance – FAME project
Identity Management – inter- and intra-NHS / Government
N-tier Developments – SPIE project
Authorisation Tools - PERMIS, DYVOSE (Authority Delegation)
Interfaces / User Tools
Virtual Home for Identities
Federation Tools
Identity / Service Providers
Joint Information Systems Committee
JISC Plans
Joint Information Systems Committee
Access Management Transition Programme!
Joint Information Systems Committee
e-Infrastructure Programme
Continued support for integration of UK federation and Grid.
Levels of Assurance: ES-LOA.
Identity Project.
Federated tools: 5 new projects.
– Federated Identities and virtual organisations with Grouper
– Virtual Organisations and management of organisations objects
– Integrated Authorisation for Shibboleth/Grid.
– Integrating VOMS and PERMIS
– Virtual Organisation tools
Upcoming ITTs / Calls / other work in the areas of…
Joint Information Systems Committee
Orphans
American evangelist Dwight Lyman
Moody (1837 - 1899) with a group of
orphans at one of his Chicago missions.
Courtesy of the Education Image Gallery
Copyright: Getty Images
Joint Information Systems Committee
Identity Management outside Institutions
Joint Information Systems Committee
Multiple Affiliations
Joint Information Systems Committee
Attributes and Personalisation
Copyright: HEFCE
Joint Information Systems Committee
e-Research
Access Management for complex data
Flexible Service Provider models for virtual organisations
Ongoing work with the National Grid Service, including the CA
Copyright: Getty Images
Education Image Gallery
Joint Information Systems Committee
Federated Tools such as ShARPE
Joint Information Systems Committee
Internet2 Plans
Joint Information Systems Committee
SAML 2.0
Scott Cantor: technical editor of SAML 2.0 specification and lead Shibboleth architect.
SC describes it as a ‘vulcan mind-meld’ of SAML 1.1, Shibboleth and Liberty ID-FF 1.2.
You can expect in the long-term:
– Focus on federated identity management.
– Single log-out.
– Account linking / management.
– More features / more complexity.
Copyright: Getty Images
Education Image Gallery
Joint Information Systems Committee
Shibboleth 2.0
Major changes:
– New and broadening concepts
– New configuration files
– Metadata updates
– Minor installation differences
Partial SAML 2.0 support (AuthnRequest, AttributeQuery, SingleLogout).
Better session management
Better authentication packaged with Shib
Better attribute management – particularly attribute filter policy
Focus on SP side discovery service (the future?)
Better audit and access logs
Java Service Provider
https://spaces.internet2.edu/display/SHIB/ShibTwoRoadmap.
Joint Information Systems Committee
Other Internet2 Stuff
More work in collaborative scenarios: virtual organisations etc.
Application integration with infrastructure: wikis, SharePoint, Sakai, mailing lists etc.
Integrated application providers: yahoo, google, e-bay etc.
Easier install IdPs.
Information card integration including CardSpace (in place now).
Open Liberty Integration
Joint Information Systems Committee
International Plans
Joint Information Systems Committee
Work with our International Partners
International Vendor Liaison, with specific emphasis on work with SURF and Internet2.
Directory Schema work with TERENA through TF-EMC2.
Inter-federation and licensing work with Knowledge Exchange Partners in Netherlands, Germany and Denmark.
Inter-federation work with TERENA, Internet2 and DEST.
Contributions to the Shibboleth code-base through team at EDINA.
Continued international dialogue
Joint Information Systems Committee
and developing the UK federation…
(see Josh Howlett presentation)