• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Advancing the JISC Access & Identity Management Programme

on

  • 872 views

Presentation by Chris Brown at "Identity Management Matters"

Presentation by Chris Brown at "Identity Management Matters"

Statistics

Views

Total Views
872
Views on SlideShare
872
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Advancing the JISC Access & Identity Management Programme Advancing the JISC Access & Identity Management Programme Presentation Transcript

    • 11/16/2010| | Slide 1
      Access & Identity Management Programme
      Identity Management Matters, Aston – 16 Nov 2010
      Christopher Brown, c.brown@jisc.ac.uk
      #jiscaim
      Joint Information Systems Committee
      Supporting education and research
    • AIM – supporting Innovation
      How does AIM fit in to JISC?
      16/11/2010 | Slide 2
      Innovation Group
      Digital Infrastructure
      (eResearch & Information Environment)
      Content
      e-Learning
      AIM
      OUT
      JIR Committee
    • AIM – supporting Innovation
      16/11/2010 | Slide 3
      JSR Committee
      eResearch
      Research Comm Eng
      AIM
      JIR Committee
      VRE
      Research Data Mgmt
      Research Infrastruc
    • AIM Programme
      1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)
      Focus:
      Process
      Policy
      Technology
      Objectives
      Build foundations for production systems that universities might adopt in the future
      Prepare the sector for future developments
      Improve user experience
      Increase value and make AIM relevant to wider community
      Enable integrated systems architecture
      Develop practical tools to enable AIM
      16/11/2010 | Slide 4
      Exploring Innovative new areas
    • AIM Programme
      UK Access Management Federation
      Support
      Expand
      Improve
      Increase uptake
      Funding
      Shibboleth Consortium (JISC, Internet2, SWITCH)
      Technical roadmap
      Governance mechanisms
      Operate open source project => Shibboleth Foundation?
      Extending Access Mgmt into BCE
      Publisher Support
      WAYFless URLs
      16/11/2010 | Slide 5
    • Online and PDF versions
      Aimed at executive and technical staff in HE & FE
      Review, assess and improve performance of IdM
      Raise and maintain awareness, importance and key issues of IdM
      Launched UCISA/JISC conferences Spring 2010
      Website:
      www.identity-project.org
      Support:
      jisc-identity-management@jiscmail.ac.uk
      AIM Projects – IdM Toolkit
      16/11/2010 | Slide 6
      John Paschoud
      LSE
      Completed June 2010
    • AIM Projects – IdM Toolkit Pilots
      Pilots (Feb – Aug 2011)
      £200K for 3-6 projects piloting the IdM Toolkit
      Institutional Benefits
      Institutions assess and review their IdM processes and policies
      Cost savings from using and acting on advice in the Toolkit
      Toolkit Benefits
      Tests the Toolkit through implementation
      Increase the uptake of the Toolkit
      Not a static Toolkit
      Further develop its usefulness
      16/11/2010 | Slide 7
    • Previous projects
      GFIVO – common tools, set up wikis and blogs. Easy to set up groups
      CUCKOO – institutional level: roll it out and use it
      GRAND (Granularity, Audit, N-tier and Delegation)
      1) Granularity and Delegation
      How to most effectively structure Grouper
      2) Audit and accounting
      How to process Shib and Grouper logs
      3) N-tier
      How to do integrated auto login for Shib
      How to exploit Kerberos n-tier support in Shib
      http://research.ncl.ac.uk/grand
      Benefits expected:
      • Greater uptake of access control
      • Scalable service
      • Useful audit records
      • Accounting ability
      • Improved Login experience
      • Practical n-tier integration
      • Systems integration
      AIM Projects - Grouper
      16/11/2010 | Slide 8
      Cal Racey
      University of Newcastle
      15 months
    • AIM Projects – Usage Statistics
      Graham Mason
      Cardiff Univ/Kidderminster
      15 months
      RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of Online Resource)
      Software toolkit that will allow visualisation of e-resource usage to non-technical people
      Also allow for publishing aggregated usage information to a federation operator. Aimed at installing at the institutional level, but can aggregate upwards
      Open source / open standards
      Fully documented and easy to set up/customise
      Collaborating with SWITCH and MIMAS
      16/11/2010 | Slide 9
    • AIM Projects – Web Services
      Fiona Culloch
      EDINA
      12 months
      WSTIERIA (Web Services Tiered Internet Authorization )
      Make web services work with UK federation
      Investigating two approaches:
      using “façade” to handle authentication
      new Shib features to invoke web service between SPs
      Tested on two application domains:
      Geospatial web service (SEE-GEO)
      WebDAV (widely deployed remote file-access protocol layered on HTTP)
      Community Benefit
      Web services interoperate with FAM
      Improve end-user experience by application componentization
      Real components need authorization
      Access presently hidden web services
      Discussing with MIMAS, SDSS, Shibboleth
      16/11/2010 | Slide 10
    • AIM Projects – NGS
      Wie Jie
      Thames Valley University
      15 months
      A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service
      Develop proxy certificate auditing infrastructure that supports monitoring/auditing use of proxy credential
      General usage monitoring
      Patterns of use and prediction of misuse
      • Exploit and harden existing software for this
      • Globus Incubator project
      • Extensions to support
      • VO-specific monitoring and usage
      • Resource-specific monitoring and usage
      • Demonstrate in numerous projects and roll out to NGS
      Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
      includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
      16/11/2010 | Slide 11
    • SOFA (Service-Oriented Federated Authorization)
      Two broad goals:
      The facilitation of data aggregation across distributed, heterogeneous data sources
      The provision of secure, assured data sharing
      sif: middleware framework that facilitates the secure sharing and aggregation of data from disparate, heterogeneous data stores
      SOFA: an extension of sif that allows data owners to leverage their access control paradigm of choice (RBAC, XACML support)
      Value:
      Low cost
      Limited impact
      Data ownership remains unchanged
      Applications: student administration; heart modelling; research into Bipolar disorder
      AIM Projects – Data sets
      16/11/2010 | Slide 12
      Andrew Simpson
      University of Oxford
      12 months
    • SMART(Student-Managed Access to online Resources)
      There is a need for efficient, secure and usable access management system that:
      supports data owners with sharing their data
      supports data consumers with accessing this data
      Develop online data management system based on User-Managed Access (UMA) protocol
      Deploy at Newcastle to allow data to be shared more efficiently and securely.
      Evaluate UMA at Newcastle
      Contribute to standardisation effort of UMA protocol by actively participating in the UMA WG
      Benefits:
      • Participation in the UMA WG ensures that HE requirements for access management are taken into consideration. It also ensures that JISC and UK HE remains at the forefront of developments in Web authorisation solutions
      • Scenario for UMA use case shows applicability of the new technology to HE environments
      • Conducted research, experience and developed software for UMA to be reused by AIM community within and outside UK
      AIM Projects – UMA
      16/11/2010 | Slide 13
      Maciej Machulak
      University of Newcastle
      15 months
    • AIM Projects – ePortfolios
      Lisha Chen-Wilson
      University of Southampton
      15 months
      eCert
      Giving you back control of your data
      To develop and test a suitable protocol for electronic certificates
      Maintain information privacy, ensure owner can have control over the usage of their eCertificates
      Prevent unauthorized modification, able to be verified in a legal context
      Lifetime validation, independent from issuing body. Allow for verification nationwide
      Easy to use while maintaining security controls, suit users with low IT skills, both students and reviewers
      Can be accessed through the issuing organisations’ or any owner-preferred ePortfolio, or be used as a standalone application
      16/11/2010 | Slide 14
    • AIM Projects – Logins4Life
      Matthew Slowe
      Kent University
      15 months
      Logins for Life
      Addresses the needs of a University to engage with users throughout their lives.
      Create use cases, policies and recommendations for dealing with user accounts throughout their changing roles while catering for existing digital identities.
      Create a test environment which will demonstrate how these policies can be delivered using open source tools.
      http://sec.cs.kent.ac.uk/demos
      16/11/2010 | Slide 15
    • AIM Projects – Social Net and Shib
      Mike Jones
      University of Manchester
      9 months
      Identity and Access Management using Social Networking Technologies
      FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships
      produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids
      Bridge to SAML/Shibboleth
      Converting information available in RDF into SAML attributes
      e.g. WebID URI into eduPersonPrincipalName
      Easy to derive membership of a project or (virtual) organisation based on the FOAF relations
      Easier ad-hoc collaborations (potentially with people outside the federation too)
      16/11/2010 | Slide 16
    • 16/11/2010 | Slide 17
      AIM – International Links
      • EUROPE
      • TERENA (TNC2010, TF-EMC2, REFEDS) - NRENS
      • Knowledge Exchange (JISC, SURFfoundation, DFG, DEF)
      • USA
      • Internet2
      • Kantara
      • Australasia
      • AAF (Australian Access Federation)
      • CAUDIT (The Council of Australian University Directors of Information Technology)
      • eWorks – Technical and Further Education (TAFE) sector
      • MoRST (Ministry of Research, Science and Technology)
    • Blog: http://aimprog.jiscinvolve.org/
      Netvibes (#jiscaim): http://www.netvibes.com/jiscaim
      JISC AIM queries: c.brown@jisc.ac.uk
      Toolkit queries: jisc-identity-management@jiscmail.ac.uk
      Programme tag #jiscaim
      AIM – Information
      16/11/2010 | Slide 18
    • AIM – The road ahead
      Reduced funding
      Concentrate on key areas of IdM
      Make a business case for money from committees
      More direct funding?
      Community building
      16/11/2010 | Slide 19
    • AIM – Future?
      16/11/2010 | Slide 20
      • What should the AIM programme fund?
    • http://www.flickr.com/photos/21232564@N06/2234726613/sizes/l/
      http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
      http://www.flickr.com/photos/chough/3600381635/sizes/m/in/photostream/
      http://www.flickr.com/photos/curiousexpeditions/2402300942/sizes/z/in/photostream/
      http://www.flickr.com/photos/ugardener/2499663609/sizes/z/
      http://www.flickr.com/photos/redune/4226064/sizes/o/in/photostream/
      http://www.flickr.com/photos/gregloby/3515990945/sizes/m/in/photostream/
      http://www.flickr.com/photos/eschipul/167852691/sizes/m/in/photostream/
      http://www.flickr.com/photos/aqua-marina/840167789/sizes/m/in/photostream/
      http://www.flickr.com/photos/jasonmichael/966157581/sizes/m/in/photostream/
      /
      http://www.flickr.com/photos/smilygrl/4667529998/sizes/m/in/photostream/
      http://www.flickr.com/photos/marc_smith/4511843933/sizes/m/in/photostream/
      http://www.flickr.com/photos/caveman_92223/3185534518/sizes/m/in/photostream/
      http://www.flickr.com/photos/dm-set/3435818474/sizes/z/in/photostream/
      http://www.flickr.com/photos/infomaniac/238261399/sizes/z/in/photostream/
      http://www.flickr.com/photos/iguanajo/2838705163/sizes/m/in/photostream/
      http://www.flickr.com/photos/mic_n_2_sugars/564570276/sizes/o/
      http://www.flickr.com/photos/travelinlibrarian/223839049/sizes/l/