• Like

OpenAthens roadmap to 2011

  • 1,063 views
Uploaded on

David Orrell, Senior Architect, sets out the roadmap for development of the OpenAthens framework in 2010 and 2011.

David Orrell, Senior Architect, sets out the roadmap for development of the OpenAthens framework in 2010 and 2011.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,063
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
14
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Current elopments dev david.orrell@eduserv.org.uk http://www.flickr.com/photos/fjny/528865728/
  • 2. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 http://www.flickr.com/photos/fjny/528865728/
  • 3. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 New services: – Statistics – Project 'Monteverde' http://www.flickr.com/photos/fjny/528865728/
  • 4. Federated identity...
  • 5. Identity providers “Describe” people via attributes Personal Name, age, email... Impersonal Affiliation, group...
  • 6. Common vocabulary... http://www.flickr.com/photos/fin5bjh/4308269739/
  • 7. Service providers Rely on trusted attributes received from Identity Providers May use them to restrict access or personalise their application
  • 8. The OpenAthens platform
  • 9. OpenAthens today OpenAthens Core Platform OpenID OAuth SAML 1 SAML 2 ... Protocols Identity Provider Service Provider
  • 10. OpenAthens today Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 11. OpenAthens today Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 12. OpenAthens today Account life-cycle tools Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 13. OpenAthens today Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Protocols Identity Provider Service Provider
  • 14. OpenAthens today Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 15. “Athens vs Shibboleth” “Shibboleth is the new Athens” “OpenAthens is Shibboleth”
  • 16. “Athens vs Shibboleth” “Shibboleth is the new Athens” “OpenAthens is Shibboleth”
  • 17. OpenAthens Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 18. Shibboleth Access Management Protocols Identity Provider Service Provider
  • 19. Shibboleth • Not a protocol or standard • An implementation of the SAML standards • Not an identity management system Access Management Protocols Identity Provider Service Provider
  • 20. Roadmap themes Local authentication Statistics Support Account Account Account monitoring Consultancy activation expiry Self-registration Bulk-upload Statistics and Reporting Access SSO High availability Identity Management Management Protocols Identity Provider Service Provider
  • 21. 1) Getting started 2) Statistics 3) Diagnostics http://www.flickr.com/photos/tomdegay/4005363371/
  • 22. Getting started Tools to improve 'supportability'...
  • 23. Getting started New administration interface for OpenAthens SP
  • 24. Getting started Ease of upgrade: Seamless migration between versions
  • 25. Statistics 'Live reporting' integrated into OpenAthens LA 2.1
  • 26. Statistics Breakdown of usage: • Per user category • Across services
  • 27. Statistics Current usage and long-term trends
  • 28. Statistics Visual and report formats
  • 29. Diagnostics Day-to-day support of problems • Can't log in • Can't access resource
  • 30. 'Live' filtering
  • 31. Diagnostics When it breaks... • Is it my problem or theirs? • What the heck does this error code mean?
  • 32. OpenAthens SP 2.0 • Objectives for this release: – Brand new Eduserv-hosted administration interface – Health-check monitoring tools – Deep integration with ASP.NET platform – rpm, deb packages and repository • Available summer 2010 • No additional cost for OpenAthens subscribers
  • 33. OpenAthens LA 2.1 • Objectives for this release: – New tools for reporting and supportability • Live usage statistics • User activity auditing and problem diagnostics – Setup wizards – Improve delegation of administration • Available summer 2010 • No additional cost for OpenAthens subscribers
  • 34. Questions? david.orrell@eduserv.org.uk http://www.flickr.com/photos/room_onfire/403830495/
  • 35. Roadmap Future david.orrell@eduserv.org.uk http://www.flickr.com/photos/fjny/528865728/
  • 36. OpenAthens today Updated products: – OpenAthens LA 2.1 – OpenAthens SP 2.0 New services: – Statistics – Project 'Monteverde' http://www.flickr.com/photos/fjny/528865728/
  • 37. More on statistics • OpenAthens LA 2.1 starting to introduce reporting features • In the UK Federation, the current picture is bleak! • JISC funding some work in this area: – RAPTOR project (Cardiff) – PIRIUS project • Article-level statistics
  • 38. Athens Statistics Athens Attributes Identity Provider Statistics Service Providers
  • 39. Federated Statistics Attributes SAML Identity Providers Service Providers
  • 40. Federated Statistics Attributes SAML Identity Providers Statistics Service Providers
  • 41. Statistics • IdP/SP logs provide inferred statistics – Not accurate – Remains interim solution
  • 42. OpenAthens Statistics Attributes SAML Identity Providers Service Providers Statistics Statistics OpenAthens
  • 43. Key features • Statistics service – For organisations and service providers – Integrated into management tools (LA and SP) – Fully anonymised by contributors • Open APIs – For data input and reporting (RESTful) – Can be used with any product (Shibboleth, ezProxy etc)
  • 44. Project “Monteverde” http://www.flickr.com/photos/heilemann/8412697/
  • 45. Project “Monteverde” “Local Authentication in The Cloud” http://www.flickr.com/photos/heilemann/8412697/
  • 46. Project “Monteverde” “Local Authentication in The Cloud” Next generation Managed Directory http://www.flickr.com/photos/heilemann/8412697/
  • 47. Why? OpenAthens MD OpenAthens LA Fully outsourced Fully in-house
  • 48. Why? [unintentionally left blank] OpenAthens MD OpenAthens LA Fully outsourced Fully in-house
  • 49. Project 'Monteverde' • Goals – Long-term replacement for current managed directory – Based on OpenAthens LA technology – Runs on cloud infrastructure – Enable us to provide highly tailored service for individual customers
  • 50. Federation support • OpenAthens LA • OpenAthens MD – UK Federation – UK Federation – Virtually any SAML – Any OpenAthens federation Service Provider – Ad-hoc local federations
  • 51. Federation support ✔ Robust support for UK Federation ✔ Support for other international federations ✔ Support for ad-hoc local federations ✔ No need to register in UK Federation
  • 52. Identity Management • OpenAthens LA • OpenAthens MD – Requires local IdM – Easy web-based IdM infrastructure – Bulk upload – Supports any attribute – Fixed attribute set sets – Shared namespace – Supports any namespace
  • 53. Identity Management ✔ Completely new web UI ✔ Subscribing organisations will get own namespace ✔ No more account prefixes! ✔ Can use email address ✔ Extensible attribute sets, compatible with multiple federations
  • 54. User experience • OpenAthens LA • OpenAthens MD – Customisable login – Standard OpenAthens branded login – Shared login domain (auth.athensams.net)
  • 55. User experience ✔ Fully cutomisable login pages ✔ Organisation-specific login domain ✔ eg. idp.uni.ac.uk ✔ No more 'alternative login' ✔ Control over usernames ✔ User ID or email ✔ OpenID, Facebook etc
  • 56. Project “Monteverde” • “Local Authentication in the cloud” • Available spring 2011 – Comprehensive beta programme • Programme of rollout to current OpenAthens MD customers
  • 57. Questions? david.orrell@eduserv.org.uk http://www.flickr.com/photos/room_onfire/403830495/