3. Moving from SDSS to the UK Access Management Federation UKERNA EDINA National Data Centre Home National Programme Scale Ongoing 3 years Duration Service Project Status UK federation SDSS federation
4.
5.
6.
7.
8.
9. UK Federation Required Attributes Used when a specific resource has a specific entitlement condition not covered elsewhere: must be over 21, must have completed foundation course module. eduPersonEntitlement (expressed as an agreed URI) mutually agreed by institution and service Used when a persistent user identifier is required across services. Typically used in for internal institutional services. Real identity can be established from attribute. eduPersonPrincipalName (harrisnv) defined by institution – login name ‘ A persistent user pseudonym’ to allow for service personalisation and usage monitoring across sessions. Not a real world identity. eduPersonTargetedID (r001xf4rg2ss) opaque string defined by institution Establishes user’s relationship with institution – e.g. staff, student, member. Terms as used in JISC Model license. Most authorisation can be done against this attribute. eduPersonScopedAffiliation ( [email_address] ) UK specific controlled vocabulary WHAT THIS REALLY MEANS TECHNICAL ATTRIBUTE NAME
10.
11.
12. The Gateways ATHENS INSTITUTION UK ACCESS MANAGEMENT FEDERATION FEDERATED INSTITUTION ATHENS CENTRAL ATHENS PROTECTED RESOURCE FEDERATED RESOURCE IdP Gateway SP Gateway