The document outlines the access management transition program led by Jisc, detailing the evolution of the Athens system for authentication in higher education from 1995 to various international collaborations and developments. It highlights the aims of creating a unified access management system for both intra- and inter-institutional resources and emphasizes the importance of standards over specific technologies. Additionally, it mentions ongoing projects, federated identity management, and international partnerships to enhance collaboration in digital resource access.

1. Access Management Transition Programme Meeting Access Management Futures: JISC and International Development Strategy Nicole Harris Senior Services Transition Manager, JISC

2. A Little Background

3. Some Background 1995: Athens developed by NISS (National Information Services and Systems) at University of Bath as an in-house system. 1996: eLib Study ‘Technologies to Support Authentication in Higher Education’ identified Athens as a potential solution for all JISC Services. 1997: Athens in use in all JISC Data Centres and rolled out across HEIs / FEIs over the next two years. 1998: CNI White Paper on AAA requirements. JISC commits to using as a basis for next-generation technologies. 1997 – 2000: three year contract for Athens provision with University of Bath and then Eduserv. 2000 – 2008: two three year plus one two year contract with Eduserv for Athens provision. 2000: Alan Robiette and JCAS scope requirements for next generation access management system (ANGEL project starts testing Shibboleth and PAPI technologies). 2002 – 2004: AAA Programme – audit of next generation technologies and ratification of requirements. 2004 – 2007: Core Middleware Programmes. JISC decision to support federated access management. 2006 – 2009: Access Management: Transition Programme. Roll-out and embedding.

4. The Requirements A single access management system for: Intra-institutional resources. Third party digital library type resources. Inter-institutional resources for secure long-term collaboration. Inter-institutional resources for ad-hoc (virtual organisation) collaboration. Evolving strategy: Where possible, JISC should focus on fostering development and use of standards rather than specific technologies. Institutions should have the widest possible range of options, from full open source to commercial support. Solutions should be in line with international developments in the field. Solution must provide real benefits to institutions and service providers.

5. Not just about preventing.. Copyright: Getty Images from the Education Image Gallery

6. ..but about collaborating and sharing Copyright: Getty Images from the Education Image Gallery

7. The UK Development Landscape Athens Gateways CA Bridge eduRoam Gateway Development Level of Assurance – FAME project Identity Management – inter- and intra- NHS / Government N-tier Developments – SPIE project Authorisation Tools - PERMIS, DYVOSE (Authority Delegation) Interfaces / User Tools Virtual Home for Identities Federation Tools Identity / Service Providers outreach support federation Federation Services

8. JISC Plans

9. Access Management Transition Programme!

10. e-Infrastructure Programme Continued support for integration of UK federation and Grid. Levels of Assurance: ES-LOA. Identity Project. Federated tools: 5 new projects. Federated Identities and virtual organisations with Grouper Virtual Organisations and management of organisations objects Integrated Authorisation for Shibboleth/Grid. Integrating VOMS and PERMIS Virtual Organisation tools Upcoming ITTs / Calls / other work in the areas of…

11. Orphans American evangelist Dwight Lyman Moody (1837 - 1899) with a group of orphans at one of his Chicago missions. Courtesy of the Education Image Gallery Copyright: Getty Images

12. Identity Management outside Institutions

13. Multiple Affiliations

14. Attributes and Personalisation Copyright: HEFCE

15. e-Research Access Management for complex data Flexible Service Provider models for virtual organisations Ongoing work with the National Grid Service, including the CA Copyright: Getty Images Education Image Gallery

16. Federated Tools such as ShARPE

17. Internet2 Plans

18. SAML 2.0 Scott Cantor: technical editor of SAML 2.0 specification and lead Shibboleth architect. SC describes it as a ‘vulcan mind-meld’ of SAML 1.1, Shibboleth and Liberty ID-FF 1.2. You can expect in the long-term: Focus on federated identity management. Single log-out. Account linking / management. More features / more complexity. Copyright: Getty Images Education Image Gallery

19. Shibboleth 2.0 Major changes: New and broadening concepts New configuration files Metadata updates Minor installation differences Partial SAML 2.0 support (AuthnRequest, AttributeQuery, SingleLogout). Better session management Better authentication packaged with Shib Better attribute management – particularly attribute filter policy Focus on SP side discovery service (the future?) Better audit and access logs Java Service Provider https://spaces.internet2.edu/display/SHIB/ShibTwoRoadmap .

20. Other Internet2 Stuff More work in collaborative scenarios: virtual organisations etc. Application integration with infrastructure: wikis, SharePoint, Sakai, mailing lists etc. Integrated application providers: yahoo, google, e-bay etc. Easier install IdPs. Information card integration including CardSpace (in place now). Open Liberty Integration

21. International Plans

22. Work with our International Partners International Vendor Liaison, with specific emphasis on work with SURF and Internet2. Directory Schema work with TERENA through TF-EMC2. Inter-federation and licensing work with Knowledge Exchange Partners in Netherlands, Germany and Denmark. Inter-federation work with TERENA, Internet2 and DEST. Contributions to the Shibboleth code-base through team at EDINA. Continued international dialogue

23. and developing the UK federation… (see Josh Howlett presentation)