Your SlideShare is downloading. ×
  • Like
  • Save


Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Advancing the JISC Access & Identity Management Programme


Presentation by Chris Brown at "Identity Management Matters"

Presentation by Chris Brown at "Identity Management Matters"

Published in Technology , Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. 11/16/2010| | Slide 1
    Access & Identity Management Programme
    Identity Management Matters, Aston – 16 Nov 2010
    Christopher Brown,
    Joint Information Systems Committee
    Supporting education and research
  • 2. AIM – supporting Innovation
    How does AIM fit in to JISC?
    16/11/2010 | Slide 2
    Innovation Group
    Digital Infrastructure
    (eResearch & Information Environment)
    JIR Committee
  • 3. AIM – supporting Innovation
    16/11/2010 | Slide 3
    JSR Committee
    Research Comm Eng
    JIR Committee
    Research Data Mgmt
    Research Infrastruc
  • 4. AIM Programme
    1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)
    Build foundations for production systems that universities might adopt in the future
    Prepare the sector for future developments
    Improve user experience
    Increase value and make AIM relevant to wider community
    Enable integrated systems architecture
    Develop practical tools to enable AIM
    16/11/2010 | Slide 4
    Exploring Innovative new areas
  • 5. AIM Programme
    UK Access Management Federation
    Increase uptake
    Shibboleth Consortium (JISC, Internet2, SWITCH)
    Technical roadmap
    Governance mechanisms
    Operate open source project => Shibboleth Foundation?
    Extending Access Mgmt into BCE
    Publisher Support
    WAYFless URLs
    16/11/2010 | Slide 5
  • 6. Online and PDF versions
    Aimed at executive and technical staff in HE & FE
    Review, assess and improve performance of IdM
    Raise and maintain awareness, importance and key issues of IdM
    Launched UCISA/JISC conferences Spring 2010
    AIM Projects – IdM Toolkit
    16/11/2010 | Slide 6
    John Paschoud
    Completed June 2010
  • 7. AIM Projects – IdM Toolkit Pilots
    Pilots (Feb – Aug 2011)
    £200K for 3-6 projects piloting the IdM Toolkit
    Institutional Benefits
    Institutions assess and review their IdM processes and policies
    Cost savings from using and acting on advice in the Toolkit
    Toolkit Benefits
    Tests the Toolkit through implementation
    Increase the uptake of the Toolkit
    Not a static Toolkit
    Further develop its usefulness
    16/11/2010 | Slide 7
  • 8. Previous projects
    GFIVO – common tools, set up wikis and blogs. Easy to set up groups
    CUCKOO – institutional level: roll it out and use it
    GRAND (Granularity, Audit, N-tier and Delegation)
    1) Granularity and Delegation
    How to most effectively structure Grouper
    2) Audit and accounting
    How to process Shib and Grouper logs
    3) N-tier
    How to do integrated auto login for Shib
    How to exploit Kerberos n-tier support in Shib
    Benefits expected:
    • Greater uptake of access control
    • 9. Scalable service
    • 10. Useful audit records
    • 11. Accounting ability
    • 12. Improved Login experience
    • 13. Practical n-tier integration
    • 14. Systems integration
    AIM Projects - Grouper
    16/11/2010 | Slide 8
    Cal Racey
    University of Newcastle
    15 months
  • 15. AIM Projects – Usage Statistics
    Graham Mason
    Cardiff Univ/Kidderminster
    15 months
    RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of Online Resource)
    Software toolkit that will allow visualisation of e-resource usage to non-technical people
    Also allow for publishing aggregated usage information to a federation operator. Aimed at installing at the institutional level, but can aggregate upwards
    Open source / open standards
    Fully documented and easy to set up/customise
    Collaborating with SWITCH and MIMAS
    16/11/2010 | Slide 9
  • 16. AIM Projects – Web Services
    Fiona Culloch
    12 months
    WSTIERIA (Web Services Tiered Internet Authorization )
    Make web services work with UK federation
    Investigating two approaches:
    using “façade” to handle authentication
    new Shib features to invoke web service between SPs
    Tested on two application domains:
    Geospatial web service (SEE-GEO)
    WebDAV (widely deployed remote file-access protocol layered on HTTP)
    Community Benefit
    Web services interoperate with FAM
    Improve end-user experience by application componentization
    Real components need authorization
    Access presently hidden web services
    Discussing with MIMAS, SDSS, Shibboleth
    16/11/2010 | Slide 10
  • 17. AIM Projects – NGS
    Wie Jie
    Thames Valley University
    15 months
    A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service
    Develop proxy certificate auditing infrastructure that supports monitoring/auditing use of proxy credential
    General usage monitoring
    Patterns of use and prediction of misuse
    • Exploit and harden existing software for this
    • 18. Globus Incubator project
    • 19. Extensions to support
    • 20. VO-specific monitoring and usage
    • 21. Resource-specific monitoring and usage
    • 22. Demonstrate in numerous projects and roll out to NGS
    Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
    includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
    16/11/2010 | Slide 11
  • 23. SOFA (Service-Oriented Federated Authorization)
    Two broad goals:
    The facilitation of data aggregation across distributed, heterogeneous data sources
    The provision of secure, assured data sharing
    sif: middleware framework that facilitates the secure sharing and aggregation of data from disparate, heterogeneous data stores
    SOFA: an extension of sif that allows data owners to leverage their access control paradigm of choice (RBAC, XACML support)
    Low cost
    Limited impact
    Data ownership remains unchanged
    Applications: student administration; heart modelling; research into Bipolar disorder
    AIM Projects – Data sets
    16/11/2010 | Slide 12
    Andrew Simpson
    University of Oxford
    12 months
  • 24. SMART(Student-Managed Access to online Resources)
    There is a need for efficient, secure and usable access management system that:
    supports data owners with sharing their data
    supports data consumers with accessing this data
    Develop online data management system based on User-Managed Access (UMA) protocol
    Deploy at Newcastle to allow data to be shared more efficiently and securely.
    Evaluate UMA at Newcastle
    Contribute to standardisation effort of UMA protocol by actively participating in the UMA WG
    • Participation in the UMA WG ensures that HE requirements for access management are taken into consideration. It also ensures that JISC and UK HE remains at the forefront of developments in Web authorisation solutions
    • 25. Scenario for UMA use case shows applicability of the new technology to HE environments
    • 26. Conducted research, experience and developed software for UMA to be reused by AIM community within and outside UK
    AIM Projects – UMA
    16/11/2010 | Slide 13
    Maciej Machulak
    University of Newcastle
    15 months
  • 27. AIM Projects – ePortfolios
    Lisha Chen-Wilson
    University of Southampton
    15 months
    Giving you back control of your data
    To develop and test a suitable protocol for electronic certificates
    Maintain information privacy, ensure owner can have control over the usage of their eCertificates
    Prevent unauthorized modification, able to be verified in a legal context
    Lifetime validation, independent from issuing body. Allow for verification nationwide
    Easy to use while maintaining security controls, suit users with low IT skills, both students and reviewers
    Can be accessed through the issuing organisations’ or any owner-preferred ePortfolio, or be used as a standalone application
    16/11/2010 | Slide 14
  • 28. AIM Projects – Logins4Life
    Matthew Slowe
    Kent University
    15 months
    Logins for Life
    Addresses the needs of a University to engage with users throughout their lives.
    Create use cases, policies and recommendations for dealing with user accounts throughout their changing roles while catering for existing digital identities.
    Create a test environment which will demonstrate how these policies can be delivered using open source tools.
    16/11/2010 | Slide 15
  • 29. AIM Projects – Social Net and Shib
    Mike Jones
    University of Manchester
    9 months
    Identity and Access Management using Social Networking Technologies
    FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships
    produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids
    Bridge to SAML/Shibboleth
    Converting information available in RDF into SAML attributes
    e.g. WebID URI into eduPersonPrincipalName
    Easy to derive membership of a project or (virtual) organisation based on the FOAF relations
    Easier ad-hoc collaborations (potentially with people outside the federation too)
    16/11/2010 | Slide 16
  • 30. 16/11/2010 | Slide 17
    AIM – International Links
    • EUROPE
    • 31. TERENA (TNC2010, TF-EMC2, REFEDS) - NRENS
    • 32. Knowledge Exchange (JISC, SURFfoundation, DFG, DEF)
    • 33. USA
    • 34. Internet2
    • 35. Kantara
    • 36. Australasia
    • 37. AAF (Australian Access Federation)
    • 38. CAUDIT (The Council of Australian University Directors of Information Technology)
    • 39. eWorks – Technical and Further Education (TAFE) sector
    • 40. MoRST (Ministry of Research, Science and Technology)
  • Blog:
    Netvibes (#jiscaim):
    JISC AIM queries:
    Toolkit queries:
    Programme tag #jiscaim
    AIM – Information
    16/11/2010 | Slide 18
  • 41. AIM – The road ahead
    Reduced funding
    Concentrate on key areas of IdM
    Make a business case for money from committees
    More direct funding?
    Community building
    16/11/2010 | Slide 19
  • 42. AIM – Future?
    16/11/2010 | Slide 20
    • What should the AIM programme fund?