The JISC’s Core Middleware Programme
description
Transcript of The JISC’s Core Middleware Programme
Joint Information Systems Committee
The JISC’s Core Middleware Programme
Terry Morrow
JISC Consultant
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Summary
Athens
JISC Core Middleware Programme– Technology Development
– Infrastructure
Early adopter programme
The Future
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
The Athens Story
Athens developed in the UK
– over 10 years old
– solution to problem of multiple identities accessing multiple remote services
– centralised authentication + authorisation
Technology plus infrastructure
– Help desk, local administrators etc
Very successful
– 500 HE/FE institutions; over 2 million usernames registered
– “Ahead of its time”
Most service providers have provided an Athens compliant access mechanism
– Mandatory for recent supplier contracts with JISC
– Approximately 200 licensed resources controlled via Athens
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Athens – good, but not perfect
Requires management of separate “Athens accounts”
– Users must obtain separate Athens username password (“Classic Athens”)
– Have to remember Athens username/password – only used for remote services
– AthensDA works more like Shibboleth (local id’s used)
Little take-up of Athens outside UK
– though used in other sectors in the UK - eg Health service
Service providers have to licence Athens - cost
Centralised service – relatively high operational costs
Not well suited to increasingly complex authorisation scenarios
Meanwhile, other countries starting to adopt SAML/Shibboleth based technologies
– USA (InCommon), Switzerland (SWITCHaai), Finland (HAKA)
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
JISC’s Core Middleware Programme
Programme :
Commenced April 2004; two components:
– Technology Development
– Infrastructure
Aims:
better understanding of middleware potential and application within HE and FE
build a working Shibboleth infrastructure
support take-up and use of Shibboleth within HE and FE
ensure developments are embedded within HE and FE
ensure join-up across JISC development in relation to middleware
More details online at
– http://www.jisc.ac.uk/programme_middleware.html
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Joint Information Systems Committee
Core Middleware
Technology Development Programme
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Technology Development
Core Middleware: Technology Development Programme
– April 2004 – March 2007
Programme has funded 15 different projects
Supports investigations into several key areas:
– Internal (intra-institutional) applications
– Access to external, third-party resources
– Inter-institutional use
• stable, long-term resource sharing between defined groups e.g. shared e-learning scenarios
• ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs)
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Technologies
Some of the technologies investigated:
– PERMIS (Privilege and Role Management Infrastructure Standards)
– RADIUS (Wireless Networking and Roaming)
– SHIBBOLETH
15 Projects include eg:
– PERMIS/Shibboleth integration (SIPS project, Salford)
– DyVOSE – Dynamic Virtual Organisations in e-Science Education (Glasgow/Edinburgh)
– ESP-GRID – Evaluation of Shibboleth & PKI for Grids – Oxford University
Supported By:
– SDSS (Shibboleth Development & Support Services) - Edinburgh University
– Study of Institutional Roles
– Expert reports (e.g. Single Sign-on – Gilmore, Farvis, Maddock)
Joint Information Systems Committee
Core Middleware
Infrastructure Programme
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Infrastructure Programme
Aim - establish a working UK Shibboleth infrastructure
Government Comprehensive Spending Review funding
– Additional funding to JISC’s main annual budget
– Approx £3.4m from Apr 2004 to Mar 2006
Main work areas:
– Making Data Centre services (MIMAS and EDINA) Shibboleth compliant
– Creating Athens/Shibboleth gateways
– Funding for organisations willing to be early Shibboleth adopters
– Creating a service to assist the early adopters
– Establishing a national UK federation (to be known as Sparta)
– Liaising with suppliers: publishers, subscription agents etc
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Early Adopters
Early Adopter Programme runs from March 2005 – December 2006
Two strands:
– Institutional Adopters (introducing Shibboleth at a university, FE college etc)
– 12 projects
– Funding up to £50,000 available per institution
Distributed E-learning Regional Pilot projects
– 9 of the projects funded to add Shibboleth capability
– Up to £40,000 available
Additional call recently issued – closing date 19 Sep
– 18 responses now being evaluated – not all can be funded
– 4 responses from Scotland
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Early Adopters
12 Institutional early adopter projects funded:
– ShibboLEAP (consortium of 6 London University colleges)
– Leeds (GILEAD)
– Nottingham (UNISA)
– Nottingham Trent (East Midlands deployment)
– UK Data Archive (SAFARI)
– Newcastle (SAPIR)
– Bristol (Metaleth)
– Liverpool (LSIP)
– Cardiff (ASMIMA)
– Exeter (Project SWISh)
– St George’s Hospital Med Sch (ADAMS)
– Liverpool (Cheshire Project)
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
E-Learning Early Adopters
The following are including Shibboleth in their e-learning pilot projects:
– University of Newcastle (EPICS)
– University of Central England
– University of Nottingham (RIPPLL)
– Liverpool John Moores University
– University of Staffordshire
– Birkbeck, University of London (L4ALL)
– University of Wolverhampton
– University College Worcester
– University of Essex (EERN) (Chimera)
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Examples of Early Adopter Projects
Leeds University – GILEAD
– Creating a Shibboleth IdP based on AthensIM for access to Nathan Bodington VLE
– Eliminate requirement is issue Athens accounts by using Athens gateway
Nottingham University – UNISA
– Deploying Eduserv implementation of Shibboleth IdP
– Had hoped to register all new students this September with only local identities
Bristol University – Metaleth
– Implement Shibboleth
– Integrate with Ex Libris’s Metalib & SFX link server
UK Data Archive – SAFARI
– Access control to a wide range of social science survey data
– Embedding in one-stop registration service
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
More Examples
Cardiff University – ASMIMA
– Implement Shibboleth IdP
– Move from 10,000 Athens accounts to using local identifiers via Shibboleth
– Investigating using Shibboleth to control access to National Health Service resources
Exeter University – SWISh
– Implement Shibboleth IdP
– Implement a pilot service with a small number of users
– Expand service
– Investigate using with university portal, VLE, Library management service
Newcastle University – SAPIR
– Replacement of Athens with Shibboleth
– Configuration of online Reading List Management; Ex Libris’s Metalib
– Test Environment for Aleph Library Management System
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
ShibboLEAP
Consortium of 6, led by LSE:
– Royal Holloway, SOAS, KCL, UCL, Birkbeck, Imperial
Members of the SHERPA-LEAP consortium
– SHERPA = Securing a Hybrid Environment for Research Preservation & Access (Nottingham)
– LEAP = London E-prints Access Project
Aims:
(1) Establish general purpose Shibboleth origins at each college.
(2) Integrate the ePrints.org server making it a target
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Middleware Assisted Take-Up Service (MATU)
Dedicated support service for early adopters
Scoping future requirements for institutions adopting Shibboleth
Support services include:
– Comprehensive website
– Documentation
– Help desk
– Onsite support
– Training events
– Links to, and information about, software
See: http://www.matu.ac.uk
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Future
UK Federation will be established over next 6-9 months
– will cover UK higher/further education & research
Federation will be known as SPARTA
UK HE WAYF (Where Are You From) service to be established
Athens contract with JISC due for renewal 2006
– Likely to be renewed for further 2 years (but possible conditions)
– Expectation that support will diminish/stop after that
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Challenges (1)
Ensure that the new Sparta federation covers both HE/FE and Research
Multiple federations issues
Getting national federations to interwork
Establishing how multiple federations within a country inter-operateEg:
– Sparta and the new BECTA federation
– Sparta and NHS federation
– InCommon and the US Federal Government
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Challenges (2)
Suppliers (eg publishers) need to be persuaded to adopt the technology
– May be “pushing at open doors”
– Some (eg Elsevier, JSTOR) taking the initiative
Cultural, organisational change
– Shifting functions from libraries to computing services
Persuading institutions to move from Athens to Shibboleth
– resistance to change
– short term cost for long term gain
Early adopter experiences will encourage other institutions
– strong interest in second call for early adopters – 18 bids
Educating the community on the advantages of a Shibboleth regime
– examples: more flexible subscription models; fine control of courseware access
Security & Access Management Workshop – Edinburgh – 20 Oct 2005
Further Information
JISC web pages – http://www.jisc.ac.uk/programme_middleware.html
Internet2 http://shibboleth.internet2.edu
MATUhttp://www.matu.ac.uk
JISCmail lists:JISC-ShibbolethJISC-Shibboleth-Announce
Terry MorrowJISC [email protected]