Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

UKSG webinar: Authentication technology update: RA21 and OpenAthens with Josh Howlett, Jisc and Phil Leahy, Eduserv

868 views

Published on

Authentication technologies have come a long way from IP recognition and EZ Proxy but most services have not addressed the poor user experience associated with off-campus access, particularly on mobile and tablet devices. In 2017 the conversation around streamlining remote access has moved on from talk to real solutions.

In this webinar Josh Howlett of Jisc will update us on the RA21 initiative, while Phil Leahy will explore why organisations are moving to managed identity management solutions and how OpenAthens has responded to publisher feedback with its new OpenAthens Cloud product.

Published in: Education
  • Be the first to comment

  • Be the first to like this

UKSG webinar: Authentication technology update: RA21 and OpenAthens with Josh Howlett, Jisc and Phil Leahy, Eduserv

  1. 1. www.openathens.org Authentication technology update: OpenAthens Phil Leahy Service Relationship Manager phil.leahy@eduserv.org.uk
  2. 2. www.openathens.org Coming up • The access management toolkit • Security, privacy and personalisation • What opportunities are new technologies bringing? • How OpenAthens helps organisations and their content provider suppliers
  3. 3. www.openathens.org Helping over 2,200 organisations in 48 countries, enable access to hundreds of thousands of journals, databases and ebooks for over 4 million end users.
  4. 4. www.openathens.org The access management toolkit • Vendor-supplied credentials • Referral URLs • IP recognition • Peer-to-peer SAML connections • Federated access management
  5. 5. www.openathens.org
  6. 6. www.openathens.org Changing user requirements • Mobile access is key • Personalisation is expected • Multiple devices are used
  7. 7. www.openathens.org Changing librarian requirements • More tech services to manage • Multiple tech services must integrate • Monitor e-library engagement
  8. 8. www.openathens.org What is local authentication? • Uses existing usernames and passwords, typically held in Active Directory • Same account used for ‘local’ and external systems • VLE • Google Apps / Office 365 • OpenAthens • Reduces administration • Reduces user queries
  9. 9. www.openathens.org Security is paramount • Authentication within Federations uses SAML • Data encryption comes as standard • Individual level accountability • Permission setting features – easier to comply with restricted content licences • Authentication servers monitored for misuse
  10. 10. www.openathens.org Directory integrations CAS (Client Access Server)
  11. 11. www.openathens.org Build against an API • Log your users into the system based on credentials stored in any system you can gain programmatic access to • Great when you cannot use other connection types
  12. 12. www.openathens.org Connecting to SAML applications • OpenAthens can interact with many Apps • Better overall experience for end users • ‘True’ single sign-on
  13. 13. www.openathens.org Integration with SAML applications
  14. 14. www.openathens.org Is user privacy at risk? • SAML encrypts data by default… • …but is that sufficient? • personalisation requires that content providers know something about a user… • …what is acceptable? 3l3dfaspfr96k36vcsj6bjl6r8 https://twitter.com/lisalibrarian/status/927534622799548416
  15. 15. www.openathens.org Attribute release in OpenAthens
  16. 16. www.openathens.org • Benefit from SAML without installing it • OpenAthens Cloud offers the same benefits • OpenID Connect is the hook… • …but what is OpenID Connect? OpenAthens Cloud
  17. 17. www.openathens.org Federation standards OpenID Connect • Web-scale • Modern, developer- friendly • Only implicit trust SAML • Enterprise • Mid-2000s tech, hard to adopt • Scalable trust-network
  18. 18. www.openathens.org OpenAthens Cloud
  19. 19. www.openathens.org
  20. 20. www.openathens.org OpenAthens Wayfinder: helping content providers help users
  21. 21. www.openathens.org New technologies = new opportunities?
  22. 22. www.openathens.org Google Scholar CASA “CASA builds on Google Scholar’s Subscriber Links program which provides direct links in the search interface to subscribed collections for on- campus users. With CASA, a researcher can start a literature survey on campus and resume where she left off once she is home, or travelling, with no hoops to jump through. Her subscribed collections are highlighted in Google Scholar searches and she is able to access articles in exactly the same way as on campus.” Users must access on-campus at least every 30 days to maintain off- campus access. https://home.heinonline.org/blog/2017/09/casa-en-nuestra-casa-casa-in-our-house/
  23. 23. www.openathens.org BeyondCorp at Google • Principles • Connecting from a particular network must not determine which services you can access. • Access to services is granted based on what we know about you and your device. • All access to services must be authenticated, authorized and encrypted. https://cloud.google.com/beyondcorp/
  24. 24. www.openathens.org Federation standards OpenID Connect • Web-scale • Modern, developer- friendly • Only implicit trust SAML • Enterprise • Mid-2000s tech, hard to adopt • Scalable trust-network Convergence?
  25. 25. www.openathens.org More information What does it take to run an access management federation? http://bit.ly/2AWSUUz OpenAthens Cloud uses OpenID Connect http://bit.ly/2y3pZz6
  26. 26. www.openathens.org Phil Leahy OpenAthens Service Relationship Manager phil.leahy@eduserv.org.uk +44 (0)1225 474302 Any questions? What does it take to run an access management federation? http://bit.ly/2AWSUUz OpenAthens Cloud uses OpenID Connect http://bit.ly/2y3pZz6
  27. 27. Contacts Josh Howlett, Head of trust and identity, Jisc Josh.Howlett@jisc.ac.uk Phil Leahy, OpenAthens Service Relationship Manager phil.leahy@eduserv.org.uk Tasha Mellins-Cohen, Director of Publishing, Microbiology Society t.mellins-cohen@microbiologysociety.org Feel free to e-mail your questions and look out for the slides on uksg.org/webinars/authentication

×