Winderemere Shibboleth 2005 11

50 %
50 %
Information about Winderemere Shibboleth 2005 11

Published on October 17, 2007

Author: Alohomora


MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters:  MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005 Where We Are From - Eduserv:  Where We Are From - Eduserv Eduserv is a not-for-profit IT services group born from services developed within universities The Eduserv Foundation funds initiatives supporting application of IT in education Over 10 years experience delivering Access Management Athens Contracted by the JISC to provide the MATU service assist HE & FE with early adoption of Shibboleth MATU Objectives:  MATU Objectives Middleware Assisted Take Up Service A JISC sponsored Eduserv Service Support JISC Core Middleware Project Early Adopters Provide a central repository information advice training The Problem Shibboleth® Addresses:  The Problem Shibboleth® Addresses Users accessing many different systems proliferation of credentials one pair of credentials per resource forgotten passwords Security & Integrity compromised “abc123” issue passwords sent in the clear and shared proprietary systems – locked in no organisational control centre What Shibboleth® is NOT:  What Shibboleth® is NOT NOT an all-in-one identity management solution one of many components NOT an authentication or a SSO system need to plug one in (CAS, pubcookie, …) NOT an Attribute Store need to plug one in (Directory, Database, …) NOT a fixed specification ongoing evolution Internet2:  Internet2 Collection of over 200 U.S. Universities involved in a wide variety of initiatives: advanced network applications research and higher education creating tomorrow’s Internet Wide variety of: Groups Working, Specialist Interest, Advisory, … Initiatives Internet2 - Middleware Initiative:  Internet2 - Middleware Initiative Initiatives: Shibboleth® eduPerson both of which are under umbrella of MACE Others MACE activities: Grouper Middleware End-To-End Diagnostics Advisory Group Signet Internet2 - Shibboleth®:  Internet2 - Shibboleth® Share secured online services Control access to restricted digital content Leverages campus identity and access management infrastructures authenticate individual users sends information about users to resource site enables resource provider to make authorisation decisions Common SSO layer over existing systems What is a Federation …:  What is a Federation … Group of organizations sharing set of agreed policies, rules for access to online resources enable the members to establish trust and shared understanding of language or terminology provide a structure / legal framework that enables authentication and authorization Supporting technologies: Shibboleth SAML SWITCHaai - Switzerland:  SWITCHaai - Switzerland Useful demo SWITCHaai: - SWITCHaai - Process Demo:  SWITCHaai - Process Demo Adoption History - World Wide …:  Adoption History - World Wide … Europe SWITCH - AAI - Switzerland Authentication & Authorization Infrastructure 8 universities, > 110k users integrated user directories into AAI e-learning shared resources > 10k users on a regular basis HAKA - Finland Identity Federation of Universities … Adoption History - World Wide:  … Adoption History - World Wide USA widespread adoption by educational and commercial organisations Australia MAMS Meta Access Management System Macquarie - lead University Adoption History - UK …:  Adoption History - UK … Started with Core Middleware Programme started July 2004 / first trial November 2004 strategic initiative A subset - Early Adopters over 20 H.E. institutions includes e-Learning strand interim reports available … Adoption History - UK:  … Adoption History - UK Bodington open source Virtual Learning Environment / Learning Management System supports teaching and learning across entire range of learning institutions UK and worldwide Guanxi Project UHI - University of Highlands and Islands institutional collaborations e-learning & e-delivery UK Federations:  UK Federations Athens UK Shibboleth Federation production federation SDSS project at EDINA building development Shibboleth federation … academic online resources put in place essential technical components provide environment to assist other projects JISC Core Middleware: Infrastructure Programme SWISh, Gilead, JISC - Shibboleth®:  JISC - Shibboleth® The Joint Information Systems Committee UK HE / FE support organisation JISC - Middleware Adoption funding a major initiative - 4 years access to internally and externally produced resources is a one step process for users development of next generation access management system based on Shibboleth UK Federation MATU Support - Ethos / Approach:  MATU Support - Ethos / Approach "One Stop Shop" Informed Authoritative Impartial Avoid dilution of message and advice Long term individual relationships Mutual support – cyclical we also need assistance & feedback returned to early adopters community MATU People:  MATU People Service Manager - Richard Dunning operations and project specialist Service Analyst - Richard Annett formerly DSP and AthensDA support Trainer - Steve Edwards consulting & development: J2EE, XML, Web Services International activities: IBM, BEA, … Others involved include: James Mulhern project director, head of R & D David Orrell technical architect heavily involved in the middleware arena nationally & internationally MATU Service:  MATU Service A Comprehensive Website FAQS, Guidance, Installation guides, business cases, downloads Software downloads Internet2 software Eduserv software Other software e.g. Guanxi Service desk Telephone and Email support Access to some of the leading experts on Access Management and Shibboleth Test infrastructure Training Seminars / Workshops Conferences MATU Assisted Projects:  MATU Assisted Projects Twenty projects in total comprising of: Over 20 early adopter projects 16 institutions 9 e-learning strand early adopter projects 11 institutions 15-18 new projects to be announced mid-November 2005 Workshops & Events:  Workshops & Events October Introduction to Shibboleth: v1.3 - IdP & SP November JISC Conference December Introduction to Shibboleth: v1.3 - IdP & SP October workshop repeated for new project intake January Deploying Shibboleth: v1.3 IdP Deploying Shibboleth: v1.3 SP LDAP - Lightweight Directory Access Protocol February Federations and the Law Current Activities :  Current Activities Getting to know the projects aims: give early adopters confidence get early adopters to outline their projects form relationships help with problem solving at an early stage One-to-one meetings with project owners include: University of Essex (Chimera) London School of Economics University of Essex (UK Data Archive (SAFARI)) Liverpool University University of Nottingham University of Bristol University of Exeter University of Cardiff University of Staffordshire Shibboleth / Athens Interoperability :  Shibboleth / Athens Interoperability Eduserv's JISC contract for Access Management services to UK HE & FE, commits us to delivering full Shibboleth Athens interoperability: Athens Federation providing a governance framework for Athens registered organisations and online resources Athens Identity Manager (AthensIM) fully supported and standalone Shibboleth Identity Provider (origin) software Shibboleth to Athens Gateway providing Shibboleth-enabled organisations access to Athens-enabled resources Prerequisites :  Prerequisites Users IDs and credentials Database Directory Flat files A web-based Single Sign-On System e.g. Pubcookie Yale CAS Bespoke Network & Server Infrastructure Skilled People Getting Started? :  Getting Started? MATU Support Think carefully about how you are going to use Shibboleth who and where are your users what are you looking to access / share / protect what Federation is best for you Make sure you know who you and your stakeholders are! Identity Provider Service Provider both! Align your Access Management to your IT strategy and adapt Align your Attribute Release Policy with Institutional DP & Privacy Ensure you have all the necessary building blocks A populated Information Store A Web SSO system Plan how you are going to deliver and resource your new service Decide what software is best for you Advice to Projects:  Advice to Projects Plan especially access to institutional data Keep it simple limit the use of user attributes at least initially Try, test, prototype but avoid live kit Put the necessary prerequisites in place Weigh up privacy v. personalisation Do not go it alone And Now?:  And Now? MATU is here to support early adopters in using Shibboleth We want to: talk to them understand their requirements to ensure a smoother start to assist with minimising problems Contact Us:  Contact Us Contact the MATU team at: Postal address: Eduserv MATU Queen Anne House 11 Charlotte Street Bath BA1 2NE Phone: 01225 474373 Fax: 01225 474332 Website:

Add a comment

Related presentations