Connecting People to Resources Trust Federations in the UK Nicole Harris Programme Manager

UK Education and Access Management - Past UK first country to have a national access management system for education – Athens. Centralised system (large, replicated database) responsible for both: Authentication: determining that a person is who they say they are; Authorisation: determining what that person is entitled to access. Used by majority of Universities and Colleges in the UK. Connects these institutions to a large number of third party resources such as e-journals, databases etc. Administration devolved back to institution who manage users and resources within the database via the ‘Athens Administrator’ interface.

UK first country to have a national access management system for education – Athens.

Centralised system (large, replicated database) responsible for both:

Authentication: determining that a person is who they say they are;

Authorisation: determining what that person is entitled to access.

Used by majority of Universities and Colleges in the UK.

Connects these institutions to a large number of third party resources such as e-journals, databases etc.

Administration devolved back to institution who manage users and resources within the database via the ‘Athens Administrator’ interface.

UK Education and Access Management – Future Requirements Research showed that institutions had a clear demand for a more encompassing system: Internal (intra-institutional) applications (mostly through SSO system) Management of access to third-party digital library-type resources (as now) Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios) Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs) Administration happening in two places: institutional directories and Athens Administrator interface. Agreed international standards and specifications emerged (SAML, eduPerson, WS-Security).

Research showed that institutions had a clear demand for a more encompassing system:

Internal (intra-institutional) applications (mostly through SSO system)

Management of access to third-party digital library-type resources (as now)

Inter-institutional use – stable, long-term resource sharing between defined groups (e.g. shared e-learning scenarios)

Inter-institutional use – ad hoc collaborations, potentially dynamic in nature (virtual organisations or VOs)

Administration happening in two places: institutional directories and Athens Administrator interface.

Agreed international standards and specifications emerged (SAML, eduPerson, WS-Security).

UK Access Management Federation - Now

UK Education and Identity Management Devolved authentication means that identity management must become a priority. You must know who all of your users are. Increasingly complex users groups within institutions that need to be managed: visiting professors, visiting students, access entitlements for doctors, shared courses, commercial collaborations. Increasing need to manage identities across institutions: lifelong learning and ePortfolios. Increasing obligation to protect your users: Data protection act. Increasing requirements to protect your users: identity more and more online.

Devolved authentication means that identity management must become a priority. You must know who all of your users are.

Increasingly complex users groups within institutions that need to be managed: visiting professors, visiting students, access entitlements for doctors, shared courses, commercial collaborations.

Increasing need to manage identities across institutions: lifelong learning and ePortfolios.

Increasing obligation to protect your users: Data protection act.

Increasing requirements to protect your users: identity more and more online.

Trust Federations in the UK Hot Topics: Open Access, Social Software, eLearning

Hot Topic: Open Access Open Access Repositories increasingly common, but ‘open’ does not mean that access control is not required. Repositories often about ‘self-archiving’ rather than ‘open access’ and are restricted to institutional members. ShibboLEAP project: consortia of seven London Universities who used federated access management to allow access to each others institutional repositories (D-Space and ePrints).

Open Access Repositories increasingly common, but ‘open’ does not mean that access control is not required. Repositories often about ‘self-archiving’ rather than ‘open access’ and are restricted to institutional members.

ShibboLEAP project: consortia of seven London Universities who used federated access management to allow access to each others institutional repositories (D-Space and ePrints).

Sharing Open Access Repositories Identity Provider Identity Provider Identity Provider Service Provider (Repository) Service Provider (Repository) Service Provider (Repository)

Hot Topic: Open Access Open Access Repositories increasingly common, but ‘open’ does not mean that access control is not required. Repositories often about ‘self-archiving’ rather than ‘open access’ and are restricted to institutional members. ShibboLEAP project: consortia of seven London Universities who used federated access management to allow access to each others institutional repositories (D-Space and ePrints). Access control also means you can control who can write, read, comment, annotate etc. by giving people different permissions. It is also permits versions to be ‘locked’. This allows trust and verification of final versions. Trusted, verified versions are important for the UK Research Assessment Exercise – hope that this approach will encourage assessors to accept institutional repositories as a verified resource.

Open Access Repositories increasingly common, but ‘open’ does not mean that access control is not required. Repositories often about ‘self-archiving’ rather than ‘open access’ and are restricted to institutional members.

ShibboLEAP project: consortia of seven London Universities who used federated access management to allow access to each others institutional repositories (D-Space and ePrints).

Access control also means you can control who can write, read, comment, annotate etc. by giving people different permissions. It is also permits versions to be ‘locked’. This allows trust and verification of final versions.

Trusted, verified versions are important for the UK Research Assessment Exercise – hope that this approach will encourage assessors to accept institutional repositories as a verified resource.

Hot Topic: Social Software

Social Software and Identity

Hot Topic: eLearning

Who does this impact? SCH01 LIF02 UNI07 SEC08 DES11 UNI12 GAM13 LIF15 INC17 COM19 DES21 LIF22 TOO25 UNI26 GEN27 SEC29 DES30 DES32

The International Perspective Working to same standards and specifications means we can all work together! New opportunities for international collaboration – like the London School of Economics and Columbia University shared e-Learning resource. New business opportunities for publishers and service providers. Shared understand through initiatives like the e-Framework. Federated access management is being adopting in a wealth of countries: US, Netherlands, UK, Spain, Switzerland, Norway, Sweden, France, Germany, Australia, New Zealand, Canada. Economies of scale through co-operation, partnership and communication. International working groups having a strong impact: TERENA European Middleware Co-ordination and Communication (TF-EMC2). ‘ Shib-enable’ groups led by Internet2. Refeds group looking at federation peering.

Working to same standards and specifications means we can all work together!

New opportunities for international collaboration – like the London School of Economics and Columbia University shared e-Learning resource.

New business opportunities for publishers and service providers.

Shared understand through initiatives like the e-Framework.

Federated access management is being adopting in a wealth of countries: US, Netherlands, UK, Spain, Switzerland, Norway, Sweden, France, Germany, Australia, New Zealand, Canada.

Economies of scale through co-operation, partnership and communication.

International working groups having a strong impact:

TERENA European Middleware Co-ordination and Communication (TF-EMC2).

‘ Shib-enable’ groups led by Internet2.

Refeds group looking at federation peering.

Key Messages Access Management is not about restricting, it is about enabling access by connecting the right people to the right resources. Federated access management opens up new opportunities that meet strategic drivers that we all face. By devolving responsibility for authentication to an institution, an institution must know who all its users are. By knowing who your users are, you can better protect, support and help them through their educational journey.

Access Management is not about restricting, it is about enabling access by connecting the right people to the right resources.

Federated access management opens up new opportunities that meet strategic drivers that we all face.

By devolving responsibility for authentication to an institution, an institution must know who all its users are.

By knowing who your users are, you can better protect, support and help them through their educational journey.

Contact Details Nicole Harris, Programme Manager [email_address] 07734 058308 www.jisc.ac.uk

Nicole Harris, Programme Manager

[email_address]

07734 058308

www.jisc.ac.uk