Current
                                  elopments
                              dev



david.orrell@eduserv.org.uk



  ...
OpenAthens today
Updated products:
– OpenAthens LA 2.1
– OpenAthens SP 2.0




 http://www.flickr.com/photos/fjny/52886572...
OpenAthens today
                         Updated products:
                         – OpenAthens LA 2.1
                 ...
Federated identity...
Identity providers
        “Describe” people via
        attributes

        Personal
          Name, age, email...
      ...
Common vocabulary...




                 http://www.flickr.com/photos/fin5bjh/4308269739/
Service providers
Rely on trusted attributes
received from Identity
Providers

May use them to restrict
access or personal...
The OpenAthens
platform
OpenAthens today



             OpenAthens Core Platform


 OpenID   OAuth           SAML 1          SAML 2        ...

 ...
OpenAthens today




                                                            Access
 SSO   High availability          ...
OpenAthens today




   Self-registration             Bulk-upload           Statistics and Reporting

                    ...
OpenAthens today

              Account life-cycle tools




  Account           Account
                                 ...
OpenAthens today



                                          Support

  Account          Account
                        ...
OpenAthens today



                                          Support

  Account          Account
                        ...
“Athens vs Shibboleth”
“Shibboleth is the new Athens”
  “OpenAthens is Shibboleth”
“Athens vs Shibboleth”
“Shibboleth is the new Athens”
  “OpenAthens is Shibboleth”
OpenAthens


                                         Support

 Account          Account
                                 ...
Shibboleth




                                    Access
                                  Management

                  ...
Shibboleth
• Not a protocol or standard
• An implementation of the SAML standards
• Not an identity management system


  ...
Roadmap themes
                                                Local authentication
         Statistics


                ...
1) Getting
   started
2) Statistics
3) Diagnostics




                 http://www.flickr.com/photos/tomdegay/4005363371/
Getting started



Tools to improve 'supportability'...
Getting started



New administration interface for OpenAthens SP
Getting started



         Ease of upgrade:
Seamless migration between versions
Statistics



'Live reporting' integrated into OpenAthens LA 2.1
Statistics


Breakdown of usage:
• Per user category
 • Across services
Statistics



Current usage and long-term trends
Statistics



Visual and report formats
Diagnostics


Day-to-day support of problems
        • Can't log in
  • Can't access resource
'Live' filtering
Diagnostics


                When it breaks...
        • Is it my problem or theirs?
• What the heck does this error code...
OpenAthens SP 2.0
• Objectives for this release:
   – Brand new Eduserv-hosted administration interface
   – Health-check ...
OpenAthens LA 2.1
• Objectives for this release:
   – New tools for reporting and supportability
      • Live usage statis...
Questions?




david.orrell@eduserv.org.uk



                                           http://www.flickr.com/photos/room...
Roadmap
                              Future



david.orrell@eduserv.org.uk



                                      http:...
OpenAthens today
                         Updated products:
                         – OpenAthens LA 2.1
                 ...
More on statistics
• OpenAthens LA 2.1 starting to introduce reporting
  features
• In the UK Federation, the current pict...
Athens Statistics
Athens




                                 Attributes



Identity Provider
                    Statisti...
Federated Statistics

                       Attributes

                        SAML
Identity Providers



              ...
Federated Statistics

                       Attributes

                        SAML
Identity Providers


               ...
Statistics
• IdP/SP logs provide inferred statistics
   – Not accurate
   – Remains interim solution
OpenAthens Statistics

                     Attributes

                      SAML
Identity Providers

                   ...
Key features
• Statistics service
   – For organisations and service providers
   – Integrated into management tools (LA a...
Project “Monteverde”




http://www.flickr.com/photos/heilemann/8412697/
Project “Monteverde”


                                         “Local Authentication
                                    ...
Project “Monteverde”


                                         “Local Authentication
                                    ...
Why?



OpenAthens MD             OpenAthens LA

Fully outsourced           Fully in-house
Why?

                   [unintentionally
                      left blank]
OpenAthens MD                         OpenAthe...
Project 'Monteverde'
• Goals
  – Long-term replacement for current managed directory
  – Based on OpenAthens LA technology...
Federation support
• OpenAthens LA          • OpenAthens MD
  – UK Federation          – UK Federation
  – Virtually any S...
Federation support
✔   Robust support for UK Federation
✔   Support for other international federations
✔   Support for ad...
Identity Management
• OpenAthens LA              • OpenAthens MD
  – Requires local IdM         – Easy web-based IdM
    i...
Identity Management
✔   Completely new web UI
✔   Subscribing organisations will get own namespace
    ✔
        No more a...
User experience
• OpenAthens LA          • OpenAthens MD
  – Customisable login     – Standard OpenAthens
                ...
User experience
✔   Fully cutomisable login pages
✔   Organisation-specific login domain
    ✔
        eg. idp.uni.ac.uk
✔...
Project “Monteverde”
• “Local Authentication in the cloud”
• Available spring 2011
   – Comprehensive beta programme
• Pro...
Questions?




david.orrell@eduserv.org.uk



                                           http://www.flickr.com/photos/room...
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Open athens roadmap to 2011
Upcoming SlideShare
Loading in …5
×

Open athens roadmap to 2011

1,941 views
1,841 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,941
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Open athens roadmap to 2011

  1. 1. Current elopments dev david.orrell@eduserv.org.uk http://www.flickr.com/photos/fjny/528865728/
  2. 2. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 http://www.flickr.com/photos/fjny/528865728/
  3. 3. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 New services: – Statistics – Project 'Monteverde' http://www.flickr.com/photos/fjny/528865728/
  4. 4. Federated identity...
  5. 5. Identity providers “Describe” people via attributes Personal Name, age, email... Impersonal Affiliation, group...
  6. 6. Common vocabulary... http://www.flickr.com/photos/fin5bjh/4308269739/
  7. 7. Service providers Rely on trusted attributes received from Identity Providers May use them to restrict access or personalise their application
  8. 8. The OpenAthens platform
  9. 9. OpenAthens today OpenAthens Core Platform OpenID OAuth SAML 1 SAML 2 ... Protocols Identity Provider Service Provider
  10. 10. OpenAthens today Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  11. 11. OpenAthens today Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  12. 12. OpenAthens today Account life-cycle tools Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  13. 13. OpenAthens today Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Protocols Identity Provider Service Provider
  14. 14. OpenAthens today Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  15. 15. “Athens vs Shibboleth” “Shibboleth is the new Athens” “OpenAthens is Shibboleth”
  16. 16. “Athens vs Shibboleth” “Shibboleth is the new Athens” “OpenAthens is Shibboleth”
  17. 17. OpenAthens Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  18. 18. Shibboleth Access Management Protocols Identity Provider Service Provider
  19. 19. Shibboleth • Not a protocol or standard • An implementation of the SAML standards • Not an identity management system Access Management Protocols Identity Provider Service Provider
  20. 20. Roadmap themes Local authentication Statistics Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  21. 21. 1) Getting started 2) Statistics 3) Diagnostics http://www.flickr.com/photos/tomdegay/4005363371/
  22. 22. Getting started Tools to improve 'supportability'...
  23. 23. Getting started New administration interface for OpenAthens SP
  24. 24. Getting started Ease of upgrade: Seamless migration between versions
  25. 25. Statistics 'Live reporting' integrated into OpenAthens LA 2.1
  26. 26. Statistics Breakdown of usage: • Per user category • Across services
  27. 27. Statistics Current usage and long-term trends
  28. 28. Statistics Visual and report formats
  29. 29. Diagnostics Day-to-day support of problems • Can't log in • Can't access resource
  30. 30. 'Live' filtering
  31. 31. Diagnostics When it breaks... • Is it my problem or theirs? • What the heck does this error code mean?
  32. 32. OpenAthens SP 2.0 • Objectives for this release: – Brand new Eduserv-hosted administration interface – Health-check monitoring tools – Deep integration with ASP.NET platform – rpm, deb packages and repository • Available summer 2010 • No additional cost for OpenAthens subscribers
  33. 33. OpenAthens LA 2.1 • Objectives for this release: – New tools for reporting and supportability • Live usage statistics • User activity auditing and problem diagnostics – Setup wizards – Improve delegation of administration • Available summer 2010 • No additional cost for OpenAthens subscribers
  34. 34. Questions? david.orrell@eduserv.org.uk http://www.flickr.com/photos/room_onfire/403830495/
  35. 35. Roadmap Future david.orrell@eduserv.org.uk http://www.flickr.com/photos/fjny/528865728/
  36. 36. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 New services: – Statistics – Project 'Monteverde' http://www.flickr.com/photos/fjny/528865728/
  37. 37. More on statistics • OpenAthens LA 2.1 starting to introduce reporting features • In the UK Federation, the current picture is bleak! • JISC funding some work in this area: – RAPTOR project (Cardiff) – PIRIUS project • Article-level statistics
  38. 38. Athens Statistics Athens Attributes Identity Provider Statistics Service Providers
  39. 39. Federated Statistics Attributes SAML Identity Providers Service Providers
  40. 40. Federated Statistics Attributes SAML Identity Providers Statistics Service Providers
  41. 41. Statistics • IdP/SP logs provide inferred statistics – Not accurate – Remains interim solution
  42. 42. OpenAthens Statistics Attributes SAML Identity Providers Service Providers Statistics Statistics OpenAthens
  43. 43. Key features • Statistics service – For organisations and service providers – Integrated into management tools (LA and SP) – Fully anonymised by contributors • Open APIs – For data input and reporting (RESTful) – Can be used with any product (Shibboleth, ezProxy etc)
  44. 44. Project “Monteverde” http://www.flickr.com/photos/heilemann/8412697/
  45. 45. Project “Monteverde” “Local Authentication in The Cloud” http://www.flickr.com/photos/heilemann/8412697/
  46. 46. Project “Monteverde” “Local Authentication in The Cloud” Next generation Managed Directory http://www.flickr.com/photos/heilemann/8412697/
  47. 47. Why? OpenAthens MD OpenAthens LA Fully outsourced Fully in-house
  48. 48. Why? [unintentionally left blank] OpenAthens MD OpenAthens LA Fully outsourced Fully in-house
  49. 49. Project 'Monteverde' • Goals – Long-term replacement for current managed directory – Based on OpenAthens LA technology – Runs on cloud infrastructure – Enable us to provide highly tailored service for individual customers
  50. 50. Federation support • OpenAthens LA • OpenAthens MD – UK Federation – UK Federation – Virtually any SAML – Any OpenAthens federation Service Provider – Ad-hoc local federations
  51. 51. Federation support ✔ Robust support for UK Federation ✔ Support for other international federations ✔ Support for ad-hoc local federations ✔ No need to register in UK Federation
  52. 52. Identity Management • OpenAthens LA • OpenAthens MD – Requires local IdM – Easy web-based IdM infrastructure – Bulk upload – Supports any attribute – Fixed attribute set sets – Shared namespace – Supports any namespace
  53. 53. Identity Management ✔ Completely new web UI ✔ Subscribing organisations will get own namespace ✔ No more account prefixes! ✔ Can use email address ✔ Extensible attribute sets, compatible with multiple federations
  54. 54. User experience • OpenAthens LA • OpenAthens MD – Customisable login – Standard OpenAthens branded login – Shared login domain (auth.athensams.net)
  55. 55. User experience ✔ Fully cutomisable login pages ✔ Organisation-specific login domain ✔ eg. idp.uni.ac.uk ✔ No more 'alternative login' ✔ Control over usernames ✔ User ID or email ✔ OpenID, Facebook etc
  56. 56. Project “Monteverde” • “Local Authentication in the cloud” • Available spring 2011 – Comprehensive beta programme • Programme of rollout to current OpenAthens MD customers
  57. 57. Questions? david.orrell@eduserv.org.uk http://www.flickr.com/photos/room_onfire/403830495/

×