SlideShare a Scribd company logo

Federation Policy

Download as PPT, PDF
J
JISC.AM

This presentation gives an overview of the policy developed for the UK Access Management Federation

TechnologyBusiness
1 of 13
Federation Policy Issues The UK Perspective Nicole Harris Programme Manager – JISC
Issues from the UK ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Moving from SDSS to the UK Access Management Federation UKERNA EDINA National Data Centre Home National Programme Scale Ongoing 3 years Duration Service Project Status UK federation SDSS federation
Differences for Users in Transition from SDSS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Federation Stats: 13 th April 2007 ,[object Object],[object Object],[object Object],[object Object],[object Object]
Policy Document 1: Rules of Membership ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy Document 2:Recommendations for Use of Personal Data ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy Document 3: Technical Recommendations for Participants ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
UK Federation Required Attributes Used when a specific resource has a specific entitlement condition not covered elsewhere: must be over 21, must have completed foundation course module. eduPersonEntitlement (expressed as an agreed URI) mutually agreed by institution and service Used when a persistent user identifier is required across services. Typically used in for internal institutional services. Real identity can be established from attribute. eduPersonPrincipalName (harrisnv) defined by institution – login name ‘ A persistent user pseudonym’ to allow for service personalisation and usage monitoring across sessions. Not a real world identity. eduPersonTargetedID (r001xf4rg2ss) opaque string defined by institution Establishes user’s relationship with institution – e.g. staff, student, member. Terms as used in JISC Model license. Most authorisation can be done against this attribute. eduPersonScopedAffiliation ( [email_address] ) UK specific controlled vocabulary WHAT THIS REALLY MEANS TECHNICAL ATTRIBUTE NAME
Policy Document 4: Federation Technical Specification and Policy Document 5: Federation Operator Procedures ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Upcoming…in Policy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Gateways ATHENS INSTITUTION UK ACCESS MANAGEMENT FEDERATION FEDERATED INSTITUTION ATHENS CENTRAL ATHENS PROTECTED RESOURCE FEDERATED RESOURCE IdP Gateway SP Gateway
[object Object],[object Object],[object Object],[object Object]

Recommended

JISC License Workshop
JISC License WorkshopJISC License Workshop
JISC License WorkshopJISC.AM
 
Joining the UK Access Management Federation
Joining the UK Access Management FederationJoining the UK Access Management Federation
Joining the UK Access Management FederationJISC.AM
 
Federated Access Management: the Business Case
Federated Access Management: the Business CaseFederated Access Management: the Business Case
Federated Access Management: the Business CaseJISC.AM
 
Technical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationTechnical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationJISC.AM
 
Service Providers within the UK Access Management Federation
Service Providers within the UK Access Management FederationService Providers within the UK Access Management Federation
Service Providers within the UK Access Management FederationJISC.AM
 
Educause2006 - Federated Access Management in the UK
Educause2006 - Federated Access Management in the UKEducause2006 - Federated Access Management in the UK
Educause2006 - Federated Access Management in the UKJISC.AM
 
Online Educa: JISC Access and Identity Management
Online Educa: JISC Access and Identity ManagementOnline Educa: JISC Access and Identity Management
Online Educa: JISC Access and Identity ManagementJISC.AM
 
Karen Church - A Large-Scale Study of European Mobile Information Access
Karen Church - A Large-Scale Study of European Mobile Information AccessKaren Church - A Large-Scale Study of European Mobile Information Access
Karen Church - A Large-Scale Study of European Mobile Information AccessAIC_UCD
 

Recommended

JISC License Workshop
JISC License WorkshopJISC License Workshop
JISC License WorkshopJISC.AM
 
Joining the UK Access Management Federation
Joining the UK Access Management FederationJoining the UK Access Management Federation
Joining the UK Access Management FederationJISC.AM
 
Federated Access Management: the Business Case
Federated Access Management: the Business CaseFederated Access Management: the Business Case
Federated Access Management: the Business CaseJISC.AM
 
Technical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationTechnical Requirements of the UK Access Management Federation
Technical Requirements of the UK Access Management FederationJISC.AM
 
Service Providers within the UK Access Management Federation
Service Providers within the UK Access Management FederationService Providers within the UK Access Management Federation
Service Providers within the UK Access Management FederationJISC.AM
 
Educause2006 - Federated Access Management in the UK
Educause2006 - Federated Access Management in the UKEducause2006 - Federated Access Management in the UK
Educause2006 - Federated Access Management in the UKJISC.AM
 
Online Educa: JISC Access and Identity Management
Online Educa: JISC Access and Identity ManagementOnline Educa: JISC Access and Identity Management
Online Educa: JISC Access and Identity ManagementJISC.AM
 
Karen Church - A Large-Scale Study of European Mobile Information Access
Karen Church - A Large-Scale Study of European Mobile Information AccessKaren Church - A Large-Scale Study of European Mobile Information Access
Karen Church - A Large-Scale Study of European Mobile Information AccessAIC_UCD
 
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web siteAthens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web siteEduserv Foundation
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth PresentationJISC.AM
 
1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case StudyJISC.AM
 
Slawek Korea
Slawek KoreaSlawek Korea
Slawek KoreaSlawek
 
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007JISC.AM
 
Jane Charlton Intro To F A M
Jane Charlton Intro To F A MJane Charlton Intro To F A M
Jane Charlton Intro To F A MJISC.AM
 
Business Case Essentials Final
Business Case Essentials FinalBusiness Case Essentials Final
Business Case Essentials FinalDavid Whelbourn, MBA, PMP, PRINCE2, MSP
 
SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...EDINA, University of Edinburgh
 
Services Day Liam Earney
Services Day Liam EarneyServices Day Liam Earney
Services Day Liam EarneyJISC.AM
 
FAM The Basics 13 Feb08
FAM The Basics 13 Feb08FAM The Basics 13 Feb08
FAM The Basics 13 Feb08Mike Moran
 
Access Management - the Issues for FE Colleges
Access Management - the Issues for FE CollegesAccess Management - the Issues for FE Colleges
Access Management - the Issues for FE CollegesMike Moran
 
Technical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationTechnical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationJISC.AM
 
Federated Access Management (SFEU)
Federated Access Management (SFEU)Federated Access Management (SFEU)
Federated Access Management (SFEU)JISC.AM
 
Identity Management and Collaborative Tools
Identity Management and Collaborative ToolsIdentity Management and Collaborative Tools
Identity Management and Collaborative ToolsJISC.AM
 
Extending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John PaschoudExtending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John PaschoudEduserv
 
E rate presentation
E rate presentationE rate presentation
E rate presentationKim Davis
 
Kim davis e rate power point
Kim davis e rate power pointKim davis e rate power point
Kim davis e rate power pointKim Davis
 
JISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future DirectionsJISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future DirectionsJISC.AM
 
K Ziai Share Point At Ut
K Ziai Share Point At UtK Ziai Share Point At Ut
K Ziai Share Point At UtArt Upton
 
B Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web ServicesB Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web ServicesArt Upton
 
OpenAthens and the future of access and identity management
OpenAthens and the future of access and identity managementOpenAthens and the future of access and identity management
OpenAthens and the future of access and identity managementEduserv Foundation
 
The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)JISC.AM
 

More Related Content

What's hot

Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web siteAthens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web siteEduserv Foundation
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth PresentationJISC.AM
 
1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case StudyJISC.AM
 
Slawek Korea
Slawek KoreaSlawek Korea
Slawek KoreaSlawek
 
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007JISC.AM
 
Jane Charlton Intro To F A M
Jane Charlton Intro To F A MJane Charlton Intro To F A M
Jane Charlton Intro To F A MJISC.AM
 
SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...EDINA, University of Edinburgh
 
Services Day Liam Earney
Services Day Liam EarneyServices Day Liam Earney
Services Day Liam EarneyJISC.AM
 
FAM The Basics 13 Feb08
FAM The Basics 13 Feb08FAM The Basics 13 Feb08
FAM The Basics 13 Feb08Mike Moran
 
Access Management - the Issues for FE Colleges
Access Management - the Issues for FE CollegesAccess Management - the Issues for FE Colleges
Access Management - the Issues for FE CollegesMike Moran
 
Technical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationTechnical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationJISC.AM
 
Federated Access Management (SFEU)
Federated Access Management (SFEU)Federated Access Management (SFEU)
Federated Access Management (SFEU)JISC.AM
 
Identity Management and Collaborative Tools
Identity Management and Collaborative ToolsIdentity Management and Collaborative Tools
Identity Management and Collaborative ToolsJISC.AM
 
Extending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John PaschoudExtending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John PaschoudEduserv
 
E rate presentation
E rate presentationE rate presentation
E rate presentationKim Davis
 
Kim davis e rate power point
Kim davis e rate power pointKim davis e rate power point
Kim davis e rate power pointKim Davis
 
JISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future DirectionsJISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future DirectionsJISC.AM
 
K Ziai Share Point At Ut
K Ziai Share Point At UtK Ziai Share Point At Ut
K Ziai Share Point At UtArt Upton
 
B Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web ServicesB Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web ServicesArt Upton
 

What's hot (20)

Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web siteAthens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
Athens, Shibboleth, The Uk Access Management - Single sign-on for your Web site
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
 
1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study1345 1400 Fiona Cullock Edina Case Study
1345 1400 Fiona Cullock Edina Case Study
 
Slawek Korea
Slawek KoreaSlawek Korea
Slawek Korea
 
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007'Connecting poeple to resources' by Nicole Harris at UKSG 2007
'Connecting poeple to resources' by Nicole Harris at UKSG 2007
 
Jane Charlton Intro To F A M
Jane Charlton Intro To F A MJane Charlton Intro To F A M
Jane Charlton Intro To F A M
 
Business Case Essentials Final
Business Case Essentials FinalBusiness Case Essentials Final
Business Case Essentials Final
 
SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...SAML protected resources: the theory and practice of granularity and manageme...
SAML protected resources: the theory and practice of granularity and manageme...
 
Services Day Liam Earney
Services Day Liam EarneyServices Day Liam Earney
Services Day Liam Earney
 
FAM The Basics 13 Feb08
FAM The Basics 13 Feb08FAM The Basics 13 Feb08
FAM The Basics 13 Feb08
 
Access Management - the Issues for FE Colleges
Access Management - the Issues for FE CollegesAccess Management - the Issues for FE Colleges
Access Management - the Issues for FE Colleges
 
Technical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management FederationTechnical Developments within the UK Access Management Federation
Technical Developments within the UK Access Management Federation
 
Federated Access Management (SFEU)
Federated Access Management (SFEU)Federated Access Management (SFEU)
Federated Access Management (SFEU)
 
Identity Management and Collaborative Tools
Identity Management and Collaborative ToolsIdentity Management and Collaborative Tools
Identity Management and Collaborative Tools
 
Extending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John PaschoudExtending Access Management to Business & Community Engagement - John Paschoud
Extending Access Management to Business & Community Engagement - John Paschoud
 
E rate presentation
E rate presentationE rate presentation
E rate presentation
 
Kim davis e rate power point
Kim davis e rate power pointKim davis e rate power point
Kim davis e rate power point
 
JISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future DirectionsJISC Access and Identity Management: Future Directions
JISC Access and Identity Management: Future Directions
 
K Ziai Share Point At Ut
K Ziai Share Point At UtK Ziai Share Point At Ut
K Ziai Share Point At Ut
 
B Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web ServicesB Chambers Doculabs Shared Web Services
B Chambers Doculabs Shared Web Services
 

Similar to Federation Policy

OpenAthens and the future of access and identity management
OpenAthens and the future of access and identity managementOpenAthens and the future of access and identity management
OpenAthens and the future of access and identity managementEduserv Foundation
 
The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)JISC.AM
 
TSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyTSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyzdooly
 
Ciepd board 25.5.10 item 3c privacy t kirkham
Ciepd board 25.5.10 item 3c privacy t kirkham Ciepd board 25.5.10 item 3c privacy t kirkham
Ciepd board 25.5.10 item 3c privacy t kirkham stuartwood555
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCloudIDSummit
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
Software Engineering - Chapter 4 - Requirements engineering
Software Engineering - Chapter 4 - Requirements engineering Software Engineering - Chapter 4 - Requirements engineering
Software Engineering - Chapter 4 - Requirements engineering Ra'Fat Al-Msie'deen
 
Semantic interoperability courses training module 3 - reference data v0.10
Semantic interoperability courses training module 3 - reference data v0.10Semantic interoperability courses training module 3 - reference data v0.10
Semantic interoperability courses training module 3 - reference data v0.10Semic.eu
 
Federated Access Management, JISC Presentation
Federated Access Management, JISC PresentationFederated Access Management, JISC Presentation
Federated Access Management, JISC PresentationJISC RSC Southeast
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STakishaPeck109
 
Electronic credential authentication_standard
Electronic credential authentication_standardElectronic credential authentication_standard
Electronic credential authentication_standardHai Nguyen
 
Trust and identity
Trust and identityTrust and identity
Trust and identityJisc
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Jisc
 
Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An EnablerSLA-Ready Network
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
Provider Directory Task Force 01-04-11
Provider Directory Task Force 01-04-11Provider Directory Task Force 01-04-11
Provider Directory Task Force 01-04-11Brian Ahier
 
Identity Matters
Identity MattersIdentity Matters
Identity Mattersguest0dc425
 
ACS Code of Professional Conduct Case Studies .docx
ACS Code of Professional Conduct Case Studies .docxACS Code of Professional Conduct Case Studies .docx
ACS Code of Professional Conduct Case Studies .docxnettletondevon
 

Similar to Federation Policy (20)

OpenAthens and the future of access and identity management
OpenAthens and the future of access and identity managementOpenAthens and the future of access and identity management
OpenAthens and the future of access and identity management
 
The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)The Identity Project (Rhys Smith)
The Identity Project (Rhys Smith)
 
TSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdoolyTSSG Security research unit May11_zdooly
TSSG Security research unit May11_zdooly
 
Vinod Rebello
Vinod RebelloVinod Rebello
Vinod Rebello
 
Ciepd board 25.5.10 item 3c privacy t kirkham
Ciepd board 25.5.10 item 3c privacy t kirkham Ciepd board 25.5.10 item 3c privacy t kirkham
Ciepd board 25.5.10 item 3c privacy t kirkham
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from Pilots
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
 
Software Engineering - Chapter 4 - Requirements engineering
Software Engineering - Chapter 4 - Requirements engineering Software Engineering - Chapter 4 - Requirements engineering
Software Engineering - Chapter 4 - Requirements engineering
 
Semantic interoperability courses training module 3 - reference data v0.10
Semantic interoperability courses training module 3 - reference data v0.10Semantic interoperability courses training module 3 - reference data v0.10
Semantic interoperability courses training module 3 - reference data v0.10
 
Federated Access Management, JISC Presentation
Federated Access Management, JISC PresentationFederated Access Management, JISC Presentation
Federated Access Management, JISC Presentation
 
To meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, STo meet the requirements for lab 10 you were to perform Part 1, S
To meet the requirements for lab 10 you were to perform Part 1, S
 
Electronic credential authentication_standard
Electronic credential authentication_standardElectronic credential authentication_standard
Electronic credential authentication_standard
 
Trust and identity
Trust and identityTrust and identity
Trust and identity
 
Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44Trust and identity in the Géant project - Networkshop44
Trust and identity in the Géant project - Networkshop44
 
Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An Enabler
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
 
Provider Directory Task Force 01-04-11
Provider Directory Task Force 01-04-11Provider Directory Task Force 01-04-11
Provider Directory Task Force 01-04-11
 
Identity Matters
Identity MattersIdentity Matters
Identity Matters
 
NHIN Workgroup
NHIN WorkgroupNHIN Workgroup
NHIN Workgroup
 
ACS Code of Professional Conduct Case Studies .docx
ACS Code of Professional Conduct Case Studies .docxACS Code of Professional Conduct Case Studies .docx
ACS Code of Professional Conduct Case Studies .docx
 

More from JISC.AM

Identity Assurance Profiles
Identity Assurance ProfilesIdentity Assurance Profiles
Identity Assurance ProfilesJISC.AM
 
Assurance
AssuranceAssurance
AssuranceJISC.AM
 
I2 Fedsoup
I2 FedsoupI2 Fedsoup
I2 FedsoupJISC.AM
 
Cuckoo (Graham Mason, Ed Beddows)
Cuckoo (Graham Mason, Ed Beddows)Cuckoo (Graham Mason, Ed Beddows)
Cuckoo (Graham Mason, Ed Beddows)JISC.AM
 
Federated Futures (Nicole Harris)
Federated Futures (Nicole Harris)Federated Futures (Nicole Harris)
Federated Futures (Nicole Harris)JISC.AM
 
Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)JISC.AM
 
Shibboleth 2.0 IdP slides - Installfest (Edited)
Shibboleth 2.0 IdP slides - Installfest (Edited)Shibboleth 2.0 IdP slides - Installfest (Edited)
Shibboleth 2.0 IdP slides - Installfest (Edited)JISC.AM
 
Shibboleth 2.0 SP slides - Installfest
Shibboleth 2.0 SP slides - InstallfestShibboleth 2.0 SP slides - Installfest
Shibboleth 2.0 SP slides - InstallfestJISC.AM
 
SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)JISC.AM
 
Names project (Amanda Hill)
Names project (Amanda Hill)Names project (Amanda Hill)
Names project (Amanda Hill)JISC.AM
 
Studies in advanced access mgmt: GFIVO project (Cal Racey)
Studies in advanced access mgmt: GFIVO project (Cal Racey)Studies in advanced access mgmt: GFIVO project (Cal Racey)
Studies in advanced access mgmt: GFIVO project (Cal Racey)JISC.AM
 
Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)JISC.AM
 
Shintau And VPMan proejcts (David Chadwick)
Shintau And VPMan proejcts (David Chadwick)Shintau And VPMan proejcts (David Chadwick)
Shintau And VPMan proejcts (David Chadwick)JISC.AM
 
Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)JISC.AM
 
Internet2 Fall MM 2007 - Jane Charlton
Internet2 Fall MM 2007 - Jane CharltonInternet2 Fall MM 2007 - Jane Charlton
Internet2 Fall MM 2007 - Jane CharltonJISC.AM
 
Federated Access Management 102
Federated Access Management 102Federated Access Management 102
Federated Access Management 102JISC.AM
 
Federated Access Management (Sconul Access Conference)
Federated Access Management (Sconul Access Conference)Federated Access Management (Sconul Access Conference)
Federated Access Management (Sconul Access Conference)JISC.AM
 
OpenID and Usercentric Identity: It's All About Me
OpenID and Usercentric Identity: It's All About MeOpenID and Usercentric Identity: It's All About Me
OpenID and Usercentric Identity: It's All About MeJISC.AM
 
McShib2: UK federation update
McShib2: UK federation updateMcShib2: UK federation update
McShib2: UK federation updateJISC.AM
 

More from JISC.AM (20)

Identity Assurance Profiles
Identity Assurance ProfilesIdentity Assurance Profiles
Identity Assurance Profiles
 
Assurance
AssuranceAssurance
Assurance
 
I2 Fedsoup
I2 FedsoupI2 Fedsoup
I2 Fedsoup
 
Cuckoo (Graham Mason, Ed Beddows)
Cuckoo (Graham Mason, Ed Beddows)Cuckoo (Graham Mason, Ed Beddows)
Cuckoo (Graham Mason, Ed Beddows)
 
Federated Futures (Nicole Harris)
Federated Futures (Nicole Harris)Federated Futures (Nicole Harris)
Federated Futures (Nicole Harris)
 
Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)Introduction to Shib 2.0 (Chad La Joie)
Introduction to Shib 2.0 (Chad La Joie)
 
Shibboleth 2.0 IdP slides - Installfest (Edited)
Shibboleth 2.0 IdP slides - Installfest (Edited)Shibboleth 2.0 IdP slides - Installfest (Edited)
Shibboleth 2.0 IdP slides - Installfest (Edited)
 
Shibboleth 2.0 SP slides - Installfest
Shibboleth 2.0 SP slides - InstallfestShibboleth 2.0 SP slides - Installfest
Shibboleth 2.0 SP slides - Installfest
 
SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)SARoNGS project (Jens Jensen)
SARoNGS project (Jens Jensen)
 
Names project (Amanda Hill)
Names project (Amanda Hill)Names project (Amanda Hill)
Names project (Amanda Hill)
 
Studies in advanced access mgmt: GFIVO project (Cal Racey)
Studies in advanced access mgmt: GFIVO project (Cal Racey)Studies in advanced access mgmt: GFIVO project (Cal Racey)
Studies in advanced access mgmt: GFIVO project (Cal Racey)
 
Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)
 
Shintau And VPMan proejcts (David Chadwick)
Shintau And VPMan proejcts (David Chadwick)Shintau And VPMan proejcts (David Chadwick)
Shintau And VPMan proejcts (David Chadwick)
 
Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)Identity: Future directions (David Orrell, Eduserv Foundation)
Identity: Future directions (David Orrell, Eduserv Foundation)
 
Internet2 Fall MM 2007 - Jane Charlton
Internet2 Fall MM 2007 - Jane CharltonInternet2 Fall MM 2007 - Jane Charlton
Internet2 Fall MM 2007 - Jane Charlton
 
Openid
OpenidOpenid
Openid
 
Federated Access Management 102
Federated Access Management 102Federated Access Management 102
Federated Access Management 102
 
Federated Access Management (Sconul Access Conference)
Federated Access Management (Sconul Access Conference)Federated Access Management (Sconul Access Conference)
Federated Access Management (Sconul Access Conference)
 
OpenID and Usercentric Identity: It's All About Me
OpenID and Usercentric Identity: It's All About MeOpenID and Usercentric Identity: It's All About Me
OpenID and Usercentric Identity: It's All About Me
 
McShib2: UK federation update
McShib2: UK federation updateMcShib2: UK federation update
McShib2: UK federation update
 

Recently uploaded

Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineUXDXConf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 

Recently uploaded (20)

Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 

Federation Policy

  • 1. Federation Policy Issues The UK Perspective Nicole Harris Programme Manager – JISC
  • 2.
  • 3. Moving from SDSS to the UK Access Management Federation UKERNA EDINA National Data Centre Home National Programme Scale Ongoing 3 years Duration Service Project Status UK federation SDSS federation
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. UK Federation Required Attributes Used when a specific resource has a specific entitlement condition not covered elsewhere: must be over 21, must have completed foundation course module. eduPersonEntitlement (expressed as an agreed URI) mutually agreed by institution and service Used when a persistent user identifier is required across services. Typically used in for internal institutional services. Real identity can be established from attribute. eduPersonPrincipalName (harrisnv) defined by institution – login name ‘ A persistent user pseudonym’ to allow for service personalisation and usage monitoring across sessions. Not a real world identity. eduPersonTargetedID (r001xf4rg2ss) opaque string defined by institution Establishes user’s relationship with institution – e.g. staff, student, member. Terms as used in JISC Model license. Most authorisation can be done against this attribute. eduPersonScopedAffiliation ( [email_address] ) UK specific controlled vocabulary WHAT THIS REALLY MEANS TECHNICAL ATTRIBUTE NAME
  • 10.
  • 11.
  • 12. The Gateways ATHENS INSTITUTION UK ACCESS MANAGEMENT FEDERATION FEDERATED INSTITUTION ATHENS CENTRAL ATHENS PROTECTED RESOURCE FEDERATED RESOURCE IdP Gateway SP Gateway
  • 13.