Tackling the identity challenge The OpenAthens approach David Orrell, Talis Insight 2007, 6-7 November 2007
<ul><li>The shape and significance of identity systems now, and looking ahead </li></ul><ul><li>User-centricity in identit...
Current situation <ul><li>The library sector, and publishers  employ  a variety of  ‘ identity systems ’ : </li></ul><ul><...
Several changes in the last 2-3 years  have changed how we think of our  online identity
<ul><li>‘ Federation ’  has become widely accepted as the future of identity architectures </li></ul><ul><ul><li>Federatio...
<ul><li>Standards dealing specifically with (federated) identities have emerged </li></ul><ul><ul><li>SAML </li></ul></ul>...
<ul><li>Users ’  view of identity has radically changed </li></ul><ul><ul><li>The web has become truly participatory </li>...
The identity environment Identity theft Phishing Threats Browser  Apache  IIS J2EE  .NET  PHP Ruby on Rails Open Source Ap...
Identity and affiliation <ul><li>What is my (online) identity? </li></ul><ul><ul><li>My blog? </li></ul></ul><ul><ul><li>M...
<ul><li>We now  have  several  identity standards...the  ‘ plumbing ’  of identity: </li></ul><ul><li>SAML, WS-* </li></ul...
Seven laws of identity <ul><li>User Control and Consent </li></ul><ul><li>Minimal Disclosure for a Constrained Use </li></...
Two user-centric identity systems <ul><li>OpenID </li></ul><ul><ul><li>My i dentity is a URL: </li></ul></ul><ul><ul><li>h...
Two user-centric identity systems <ul><li>Information cards </li></ul><ul><ul><li>Identity is analogous to  a ‘ real-world...
 
<ul><li>A mixture of technologies  will  find ways to co-exist </li></ul><ul><li>Different technologies address different ...
Identity standards can form essential building blocks of modern web applications … … but building  practical , yet effecti...
Introducing OpenAthens <ul><li>What is it? </li></ul><ul><li>A set of standards-based,  products  and  services  for acces...
Introducing OpenAthens <ul><li>Key qualities: </li></ul><ul><li>Promotes  choice  and  flexibility </li></ul><ul><li>Stand...
So what is i t… <ul><li>3 areas of focus: </li></ul><ul><li>Outsourced identity services </li></ul><ul><li>Identity infras...
Outsourced identity provision <ul><li>What do we mean by out-sourced? </li></ul><ul><ul><li>Allow someone else to manage t...
Why outsource? <ul><li>Low impact </li></ul><ul><ul><li>Low demands on specialist staff-resources </li></ul></ul><ul><ul><...
Why outsource? <ul><li>Easy to budget </li></ul><ul><ul><li>No hidden costs: Human resources, on-going support, loss of ke...
Why outsource? <ul><li>Future-proofed </li></ul><ul><ul><li>Support for  growing list of  identity  systems </li></ul></ul>
What about Service Providers? …
OpenAthensSP <ul><li>Standards-based AIM framework for service providers </li></ul><ul><li>A set of components that enable...
Choice and flexibility <ul><li>Service Provider picks the technology suitable to connect to user communities </li></ul><ul...
SP identity infrastructure OpenAthens SP component Existing or 3 rd  party component Application Platform SQL SAML Shib .....
How does the process work? <ul><li>Preliminary consultation with Eduserv technical staff </li></ul><ul><li>Support during ...
End-user services …
MyAthens <ul><li>Recently re-launched and improved </li></ul><ul><li>A simple place for resource discovery, search and org...
 
 
 
Athens toolbars <ul><li>Extending MyAthens into the browser … </li></ul>
http://www. openathens .net/aim [email_address]
Upcoming SlideShare
Loading in...5
×

Tackling the Identity Challenge

1,831

Published on

Recent changes in access and identity management technologies and standards such as SAML and Shibboleth have brought more choice and opportunities to organisations in enabling access to resources for their users. However, they have also brought their own challenges; Making informed decisions as to the best approach to take in adopting these standards is a challenge facing many organisations. OpenAthens is designed to lower the barrier for organisations wishing to adopt identity management technologies. This talk introduces what OpenAthens is, and explaining how it is of benefit to organisations in the UK education and library sectors. It was presented at the Talis Insight 2007 conference in Birmingham, UK.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,831
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Tackling the Identity Challenge"

  1. 1. Tackling the identity challenge The OpenAthens approach David Orrell, Talis Insight 2007, 6-7 November 2007
  2. 2. <ul><li>The shape and significance of identity systems now, and looking ahead </li></ul><ul><li>User-centricity in identity </li></ul><ul><li>The OpenAthens solution </li></ul>Topics
  3. 3. Current situation <ul><li>The library sector, and publishers employ a variety of ‘ identity systems ’ : </li></ul><ul><ul><li>Athens, Shibboleth </li></ul></ul><ul><ul><li>IP authentication </li></ul></ul><ul><ul><li>Username/password </li></ul></ul><ul><ul><li>LDAP, SQL, X.509 certificates </li></ul></ul><ul><li>In isolation, these fail to provide a complete solution </li></ul>
  4. 4. Several changes in the last 2-3 years have changed how we think of our online identity
  5. 5. <ul><li>‘ Federation ’ has become widely accepted as the future of identity architectures </li></ul><ul><ul><li>Federation means that identity providers and service providers are separate entities </li></ul></ul><ul><ul><li>Decentralisation means no one entity holds the ‘ key ’ to the identity network </li></ul></ul>Recent changes
  6. 6. <ul><li>Standards dealing specifically with (federated) identities have emerged </li></ul><ul><ul><li>SAML </li></ul></ul><ul><ul><li>WS-* + information cards </li></ul></ul><ul><ul><li>OpenID </li></ul></ul>Recent changes
  7. 7. <ul><li>Users ’ view of identity has radically changed </li></ul><ul><ul><li>The web has become truly participatory </li></ul></ul><ul><ul><li>Web APIs are opening up </li></ul></ul><ul><ul><li>Collaboration, sharing, discovery </li></ul></ul>Meanwhile…
  8. 8. The identity environment Identity theft Phishing Threats Browser Apache IIS J2EE .NET PHP Ruby on Rails Open Source Applications Web 2.0 Social networking Blogging Wikis Instant messaging User trends Standards/ Protocols SAML OpenID Shibboleth X.509 CardSpace XACML LDAP WS-* Microformats
  9. 9. Identity and affiliation <ul><li>What is my (online) identity? </li></ul><ul><ul><li>My blog? </li></ul></ul><ul><ul><li>My Facebook account? </li></ul></ul><ul><ul><li>My MySpace page? </li></ul></ul><ul><ul><li>My email, IM, Google Documents, ... </li></ul></ul><ul><li>What are my affiliations? </li></ul><ul><ul><li>My bank </li></ul></ul><ul><ul><li>My university/college </li></ul></ul><ul><ul><li>My employer </li></ul></ul>
  10. 10. <ul><li>We now have several identity standards...the ‘ plumbing ’ of identity: </li></ul><ul><li>SAML, WS-* </li></ul><ul><li>In isolation they fail to address the whole user experience </li></ul><ul><li>Standards + user experience leads to a new generation of identity technologies: </li></ul><ul><ul><li>OpenID, CardSpace </li></ul></ul>
  11. 11. Seven laws of identity <ul><li>User Control and Consent </li></ul><ul><li>Minimal Disclosure for a Constrained Use </li></ul><ul><li>Justifiable Parties </li></ul><ul><li>Directed Identity </li></ul><ul><li>Pluralism of Operators and Technologies </li></ul><ul><li>Human Integration </li></ul><ul><li>Consistent Experience Across Contexts </li></ul><ul><li>Kim Cameron, http://msdn2.microsoft.com/en-us/library/ms996456.aspx </li></ul>
  12. 12. Two user-centric identity systems <ul><li>OpenID </li></ul><ul><ul><li>My i dentity is a URL: </li></ul></ul><ul><ul><li>http://dno. myopenid .com </li></ul></ul><ul><ul><li>A decentralised system using existing web technologies </li></ul></ul><ul><ul><li>Low trust, high scalability </li></ul></ul>
  13. 13. Two user-centric identity systems <ul><li>Information cards </li></ul><ul><ul><li>Identity is analogous to a ‘ real-world ’ card </li></ul></ul><ul><ul><li>Windows CardSpace is application to store and pick my card – a kind of wallet </li></ul></ul><ul><ul><li>Takes identity out of the browser </li></ul></ul>
  14. 15. <ul><li>A mixture of technologies will find ways to co-exist </li></ul><ul><li>Different technologies address different aspects of the online identity environment </li></ul><ul><li>We are seeing a more user-centric view of identity </li></ul><ul><li>Organisations will require some ‘ hand-holding ’ to make this work! </li></ul>Conclusions…
  15. 16. Identity standards can form essential building blocks of modern web applications … … but building practical , yet effective architectures around them can be a major challenge
  16. 17. Introducing OpenAthens <ul><li>What is it? </li></ul><ul><li>A set of standards-based, products and services for access and identity management </li></ul><ul><li>Who and what is it for? </li></ul><ul><li>Enables organisations, service providers and individuals to participate using federated identity standards </li></ul>
  17. 18. Introducing OpenAthens <ul><li>Key qualities: </li></ul><ul><li>Promotes choice and flexibility </li></ul><ul><li>Standards-based and technology independent </li></ul><ul><li>Practical </li></ul><ul><li>Targeted to specific communities </li></ul>
  18. 19. So what is i t… <ul><li>3 areas of focus: </li></ul><ul><li>Outsourced identity services </li></ul><ul><li>Identity infrastructure for Service Providers </li></ul><ul><li>User-centric tools and services </li></ul>
  19. 20. Outsourced identity provision <ul><li>What do we mean by out-sourced? </li></ul><ul><ul><li>Allow someone else to manage the technology behind identity, while maintaining control over users ’ access </li></ul></ul><ul><ul><li>Much like outsourcing our email provision or network access </li></ul></ul><ul><li>Need to carefully assess the reasons why you would , or would not want to out - source </li></ul><ul><ul><li>Different organisations will have different needs </li></ul></ul>
  20. 21. Why outsource? <ul><li>Low impact </li></ul><ul><ul><li>Low demands on specialist staff-resources </li></ul></ul><ul><ul><li>Administration can be shared and delegated </li></ul></ul><ul><ul><li>Gentle migration path from existing Athens </li></ul></ul><ul><li>Flexible </li></ul><ul><ul><li>Web-based administration </li></ul></ul><ul><ul><li>Self-registration </li></ul></ul><ul><ul><li>Bulk-account creation and automation </li></ul></ul><ul><ul><li>Instant access to use reports and statistics </li></ul></ul>
  21. 22. Why outsource? <ul><li>Easy to budget </li></ul><ul><ul><li>No hidden costs: Human resources, on-going support, loss of key personnel </li></ul></ul><ul><ul><li>As little as £800pa for the smallest institutions </li></ul></ul><ul><ul><li>Maximum of £9,500pa for the largest </li></ul></ul><ul><li>Reliability </li></ul><ul><ul><li>99.999% availability </li></ul></ul><ul><ul><li>9-5 Service Desk support, 24x7 maintenance </li></ul></ul><ul><ul><li>Backed up by SLA </li></ul></ul>
  22. 23. Why outsource? <ul><li>Future-proofed </li></ul><ul><ul><li>Support for growing list of identity systems </li></ul></ul>
  23. 24. What about Service Providers? …
  24. 25. OpenAthensSP <ul><li>Standards-based AIM framework for service providers </li></ul><ul><li>A set of components that enable Service Providers to support federated identity standards </li></ul><ul><li>Independent of any one particular standard </li></ul><ul><ul><li>… but supports several </li></ul></ul>
  25. 26. Choice and flexibility <ul><li>Service Provider picks the technology suitable to connect to user communities </li></ul><ul><li>Pre-packaged solutions for different communities </li></ul><ul><ul><li>Athens (inc. NHS) </li></ul></ul><ul><ul><li>UK Access Management Federation </li></ul></ul>
  26. 27. SP identity infrastructure OpenAthens SP component Existing or 3 rd party component Application Platform SQL SAML Shib ... Policy Audit Federation data LDAP
  27. 28. How does the process work? <ul><li>Preliminary consultation with Eduserv technical staff </li></ul><ul><li>Support during integration </li></ul><ul><li>On-going software support </li></ul><ul><li>Future-proofed architecture </li></ul>
  28. 29. End-user services …
  29. 30. MyAthens <ul><li>Recently re-launched and improved </li></ul><ul><li>A simple place for resource discovery, search and organisation </li></ul><ul><li>Is accessible via Athens and Shibboleth </li></ul><ul><li>Available to the UKAMF, NHS and other Athens communities </li></ul><ul><li>>850 000 regular users </li></ul>
  30. 34. Athens toolbars <ul><li>Extending MyAthens into the browser … </li></ul>
  31. 35. http://www. openathens .net/aim [email_address]

×