SlideShare a Scribd company logo

Trust and identity - enabling intra- and inter-organisational authentication and authorisation

Jisc
Jisc

A presentation from Networkshop48 by Rhys Smith, chief technical architect, trust and identity, Jisc and Mark Williams, UK Access Management Federation manager, Jisc. Jisc has a range of trust and identity services that enable intra- and inter-organisational authentication and authorisation. These already play a key part in enabling on- and off- campus access to both internal resources (such as VLEs) and external resources (e-books, journals, collaboration tools). In these extraordinary times, these are more important than ever.

Technology
1 of 31
Download to read offline
Trust and identity: Enabling intra- and inter-organisational authentication and authorisation Dr Rhys Smith, chief technical architect, Trust and identity, Jisc
• Dr Rhys Smith – Chief technical architect, Trust and identity (Jisc) • Mark Williams – UK federation service manager (Jisc) Speakers Enabling intra- and inter-organisational authentication and authorisation2
• What’s the main aim of Jisc’s Trust and identity portfolio? • What are Jisc’s Trust and identity services and what do they do? • Which services can help during the Covid-19 crisis, and how? • Q&A and community discussion Agenda Enabling intra- and inter-organisational authentication and authorisation3
“Easy and secure access to anything, anywhere, anytime” All of Jisc’s Trust and identity services revolve around enabling all aspects of this proposition.
Jisc’s Trust and identity services UKfederation Assent Shibboleth Managedservices Certificateservice Studentvoter Helpdesk VerifID Consultancy Member and professional services Federation Identity and access Domainregistry Verification Enabling intra- and inter-organisational authentication and authorisation5
Federation services Enabling intra- and inter-organisational authentication and authorisation6 • These are underlying trust infrastructure to enable federated authentication / authorisation between members - Solves the problem of N2 interactions • At the business and at the technical level UKfederation Assent Federation
Identity and access Enabling intra- and inter-organisational authentication and authorisation7 • Software and services to help members make use of our services, where appropriate Shibboleth ManagedServices Identity and access
Verification Enabling intra- and inter-organisational authentication and authorisation8 • Ensures the secure validation of various aspects of our membership’s interactions with each other Certificateservice Studentvoter VerifID DomainregistryVerification
Member and professional services Enabling intra- and inter-organisational authentication and authorisation9 • Providing help, support and guidance on the use of all of our services Helpdesk Consultancy Member and professional services
Quality assurance and information security Enabling intra- and inter-organisational authentication and authorisation10 All of the T&I services are included within Jisc’s ISO 9001 and 27001 scopes
Federation services
UK Access Management Federation 12 Enabling intra- and inter-organisational authentication and authorisation Web single sign-on federation • Cross-organizational SSO to web resources • Est. 2006, part of the Jisc core subscription • Vendor-agnostic (SAML based) • ~1200 members, ~2,500 entities - 100% of HE, ~80% of FE, also schools, government, libraries, NHS, etc • Global Inter-federation with 68 other countries via eduGAIN - ~7,000 entities total
Assent 13 Enabling intra- and inter-organisational authentication and authorisation Non-web single sign-on federation • Cross-organisational access to non- web resources (eg SSH) • Est. 2015, part of the Jisc core subscription • Vendor-agnostic (ABFAB based) • Primarily aimed at research and complex virtual organisations with complex services and requirements
Identity and access
Shibboleth 15 Enabling intra- and inter-organisational authentication and authorisation Open source, standards based, software • Jisc is a board member and Principal Member of the Shibboleth Consortium on behalf of our community • The consortium ensures the development, maintenance and sustainability of the Shibboleth software • Software is free to use and open source • ~70% of entities in the UK federation use Shibboleth
Managed services 16 Enabling intra- and inter-organisational authentication and authorisation Currently in development… Watch this space
Verification services
Certificate service 18 Enabling intra- and inter-organisational authentication and authorisation Verifies: Web services • We are a registration authority for issuing SSL (TLS) and email certificates to secure web services • Provides significant discount and cost- savings for our members • Free to join, per-certificate cost at present • Issued hundreds of thousands of certs • Reprocuring this year – watch this space for exciting news!
Student voter registration 19 Enabling intra- and inter-organisational authentication and authorisation Verifies: Student voter enrolment • Promotes civic engagement and helps an organisation meet its statutory requirements from the OfS • Shared service for students to register their term-time and home-time address to government to be able to vote in local and national elections • Additional paid-for service over and above Jisc membership
Domain Registry 20 Enabling intra- and inter-organisational authentication and authorisation Verifies: DNS names • Jisc is the domain registrar for: - .ac.uk - .gov.uk (on behalf of Cabinet Office) - .gov.scot (on behalf of Scottish Government) - .gov.wales / llyw.cymru (on behalf of Welsh Government) • Free to join, per-domain cost • Tens of thousands of domains managed • We verify all requests and therefore the underlying trust framework • (Jisc also runs the DNS itself)
VerifID 21 Enabling intra- and inter-organisational authentication and authorisation Verifies: Studentness! • Commercial verification of student status • Uses UK federation as source of data • Currently mostly used by providers of student discount • Paid-for service (by providers), per verification • Helps subsidise the UK federation • To ensure optimal student experience: - Ensure you are releasing “student” affiliation value as appropriate
Member and professional services
T&I helpdesk 23 Enabling intra- and inter-organisational authentication and authorisation Free support and guidance • Provides help, support and guidance for using any of the T&I services • Email trustandidentity@jisc.ac.uk or call 0300 300 2212.
T&I consultancy 24 Enabling intra- and inter-organisational authentication and authorisation Paid-for bespoke support • For those with needs beyond our free helpdesk support • Targeted bespoke support, advice, training • Remote or in-person • One-off engagements through to retained expertise • Covers UK federation, Assent, eduroam, govroam, Identity Management, etc
Jisc trust and identity services and Covid-19
Covid-19 and Jisc’s T&I services Enabling intra- and inter-organisational authentication and authorisation26 Largely business as usual • Our trust and identity services are designed to facilitate easy and secure access to anything, anywhere, anytime • Importance of the services has increased, but general requirements are the same • All staff now working from home, of course, but hasn’t impacted any of our service or helpdesk offerings due to extensive pre-existing BCP planning
Specific changes Enabling intra- and inter-organisational authentication and authorisation27 However, some tweaking was desirable • Instituted service-wide change freeze during lockdown - Stability and reliable of services is paramount while membership adapts to new circumstances • UK federation metadata validity period temporarily increased - To ensure additional time to respond to issues in the management processes • Increased priority of support for gov.uk domain registry - Primary source of interaction between public and government • Domain suspension/expiry policy temporarily relaxed - Ensuring domains don’t “accidentally” expire (may be missed in the mayhem)
Some advice and guidance Enabling intra- and inter-organisational authentication and authorisation28 Across the services • Secure SSO to internal and external resources now of paramount importance - Ensure your UK federation IdP (whatever flavour) is up to date and configured correctly - Consider adopting R&S support in your IdP to enable your researchers to more easily collaborate on Covid-19 related research • Users are now primarily off-premise, BYOD usage increased - If you have any internally signed certificates, consider swapping for properly supported certs via our certificate service for fewer issues on non-managed devices
• Free health-check for UK federation Shibboleth IdPs - Offered on a first-come-first-served basis, Shib IdP v3+ only - Usually undertaken remotely via our consultancy service - Ensure your Shib IdP is fully functioning and safe (OS patch state and IdP version checking, attribute and attribute release configuration check, resource checking, etc) • Free three hours consultancy to help deal with any simple issues highlighted in the health-check • To register your interest, email trustandidentity@jisc.ac.uk Offerings to the membership Enabling intra- and inter-organisational authentication and authorisation29
Discussion and Q&A Facilitated by Mark Williams
Dr Rhys Smith Chief technical architect, trust and identity rhys.smith@jisc.ac.uk 4 Portwall Lane, Bristol, BS1 6NB Thankyou customerservices@jisc.ac.uk jisc.ac.uk

Recommended

How gbics is helping education and research organisations
How gbics is helping education and research organisationsHow gbics is helping education and research organisations
How gbics is helping education and research organisations
Jisc
 
ibtekkar Company Profile-New
ibtekkar Company Profile-New ibtekkar Company Profile-New
ibtekkar Company Profile-New
Manal Hammoud
 
Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2
Archiver
 
1-7 P2PMS P2P-Next
1-7 P2PMS P2P-Next1-7 P2PMS P2P-Next
1-7 P2PMS P2P-Next
skame
 
Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...
Jisc
 
Anixter
AnixterAnixter
Anixter
rrakib
 
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: FinlandION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
Deploy360 Programme (Internet Society)
 
Jisc RSC Eastern Technical Managers forum 'Janet' presentation
Jisc RSC Eastern Technical Managers forum 'Janet' presentationJisc RSC Eastern Technical Managers forum 'Janet' presentation
Jisc RSC Eastern Technical Managers forum 'Janet' presentation
JISC RSC Eastern
 

Recommended

How gbics is helping education and research organisations
How gbics is helping education and research organisationsHow gbics is helping education and research organisations
How gbics is helping education and research organisations
Jisc
 
ibtekkar Company Profile-New
ibtekkar Company Profile-New ibtekkar Company Profile-New
ibtekkar Company Profile-New
Manal Hammoud
 
Geant cloud peering-v2
Geant cloud peering-v2Geant cloud peering-v2
Geant cloud peering-v2
Archiver
 
1-7 P2PMS P2P-Next
1-7 P2PMS P2P-Next1-7 P2PMS P2P-Next
1-7 P2PMS P2P-Next
skame
 
Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...Session initiation protocol (sip) the force awakens in the Janet network comm...
Session initiation protocol (sip) the force awakens in the Janet network comm...
Jisc
 
Anixter
AnixterAnixter
Anixter
rrakib
 
ION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: FinlandION Malta - IPv6 Case Study: Finland
ION Malta - IPv6 Case Study: Finland
Deploy360 Programme (Internet Society)
 
Jisc RSC Eastern Technical Managers forum 'Janet' presentation
Jisc RSC Eastern Technical Managers forum 'Janet' presentationJisc RSC Eastern Technical Managers forum 'Janet' presentation
Jisc RSC Eastern Technical Managers forum 'Janet' presentation
JISC RSC Eastern
 
Actions against DNS security issues which .JP faced
Actions against DNS security issues which .JP facedActions against DNS security issues which .JP faced
Actions against DNS security issues which .JP faced
APNIC
 
ZyXEL Introduction
ZyXEL IntroductionZyXEL Introduction
ZyXEL Introduction
Zyxel Communications Corp.
 
FTTH Demand Drivers
FTTH Demand DriversFTTH Demand Drivers
FTTH Demand Drivers
Martin Gutberlet
 
Servo Overview
Servo OverviewServo Overview
Servo Overview
dgarfit
 
Bcf associate member presentation
Bcf associate member presentationBcf associate member presentation
Bcf associate member presentation
AnnabelleRobertson2
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: Ciena
Jisc
 
Bcf associate member presentation
Bcf associate member presentationBcf associate member presentation
Bcf associate member presentation
AnnabelleRobertson2
 
OCRE Project overview by David Heyns, GÉANT
OCRE Project overview by David Heyns, GÉANTOCRE Project overview by David Heyns, GÉANT
OCRE Project overview by David Heyns, GÉANT
OCRE | Open Clouds for Research Environments
 
ZyXEL Profile
ZyXEL ProfileZyXEL Profile
ZyXEL Profile
zyxelamerica
 
LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016
Mandy Lintz
 
Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009
Videoguy
 
Trust and identity
Trust and identityTrust and identity
Trust and identity
Jisc
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
Jisc
 
US Digital Immigration Credentials Overview
US Digital Immigration Credentials OverviewUS Digital Immigration Credentials Overview
US Digital Immigration Credentials Overview
Anil John
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
Jisc
 
HSCIC: NHS Pathways - Intelligent Data Toolkit
HSCIC: NHS Pathways - Intelligent Data ToolkitHSCIC: NHS Pathways - Intelligent Data Toolkit
HSCIC: NHS Pathways - Intelligent Data Toolkit
The Health and Social Care Information Centre
 
IT4 Foundation vir kahoot v22.3.pptx
IT4 Foundation vir kahoot v22.3.pptxIT4 Foundation vir kahoot v22.3.pptx
IT4 Foundation vir kahoot v22.3.pptx
ScottDickenson2
 
IT Manager, Leader, Excellent Communicator, and negotiator
IT Manager, Leader, Excellent Communicator, and negotiatorIT Manager, Leader, Excellent Communicator, and negotiator
IT Manager, Leader, Excellent Communicator, and negotiator
Grigory Vainberg
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital Identity
Noreen Whysel
 
Intranet Case Studies
Intranet Case StudiesIntranet Case Studies
Intranet Case Studies
Prescient Digital Media
 
Intranet Case Studies
Intranet Case StudiesIntranet Case Studies
Intranet Case Studies
Toby Ward
 
HE archives and accreditation
HE archives and accreditationHE archives and accreditation
HE archives and accreditation
Melinda Haunton
 

More Related Content

What's hot

Servo Overview
Servo OverviewServo Overview
Servo Overview
dgarfit
 
LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016
Mandy Lintz
 
Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009
Videoguy
 

What's hot (11)

Actions against DNS security issues which .JP faced
Actions against DNS security issues which .JP facedActions against DNS security issues which .JP faced
Actions against DNS security issues which .JP faced
 
ZyXEL Introduction
ZyXEL IntroductionZyXEL Introduction
ZyXEL Introduction
 
FTTH Demand Drivers
FTTH Demand DriversFTTH Demand Drivers
FTTH Demand Drivers
 
Servo Overview
Servo OverviewServo Overview
Servo Overview
 
Bcf associate member presentation
Bcf associate member presentationBcf associate member presentation
Bcf associate member presentation
 
Exhibitor session: Ciena
Exhibitor session: CienaExhibitor session: Ciena
Exhibitor session: Ciena
 
Bcf associate member presentation
Bcf associate member presentationBcf associate member presentation
Bcf associate member presentation
 
OCRE Project overview by David Heyns, GÉANT
OCRE Project overview by David Heyns, GÉANTOCRE Project overview by David Heyns, GÉANT
OCRE Project overview by David Heyns, GÉANT
 
ZyXEL Profile
ZyXEL ProfileZyXEL Profile
ZyXEL Profile
 
LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016LightowerCorporateOverview April 2016
LightowerCorporateOverview April 2016
 
Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009Microsoft PowerPoint - Desktop Video Conferencing 2009
Microsoft PowerPoint - Desktop Video Conferencing 2009
 

Similar to Trust and identity - enabling intra- and inter-organisational authentication and authorisation

dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET
 

Similar to Trust and identity - enabling intra- and inter-organisational authentication and authorisation (20)

Trust and identity
Trust and identityTrust and identity
Trust and identity
 
eduTEAMS
eduTEAMSeduTEAMS
eduTEAMS
 
US Digital Immigration Credentials Overview
US Digital Immigration Credentials OverviewUS Digital Immigration Credentials Overview
US Digital Immigration Credentials Overview
 
Jisc trust and identity update
Jisc trust and identity updateJisc trust and identity update
Jisc trust and identity update
 
HSCIC: NHS Pathways - Intelligent Data Toolkit
HSCIC: NHS Pathways - Intelligent Data ToolkitHSCIC: NHS Pathways - Intelligent Data Toolkit
HSCIC: NHS Pathways - Intelligent Data Toolkit
 
IT4 Foundation vir kahoot v22.3.pptx
IT4 Foundation vir kahoot v22.3.pptxIT4 Foundation vir kahoot v22.3.pptx
IT4 Foundation vir kahoot v22.3.pptx
 
IT Manager, Leader, Excellent Communicator, and negotiator
IT Manager, Leader, Excellent Communicator, and negotiatorIT Manager, Leader, Excellent Communicator, and negotiator
IT Manager, Leader, Excellent Communicator, and negotiator
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital Identity
 
Intranet Case Studies
Intranet Case StudiesIntranet Case Studies
Intranet Case Studies
 
Intranet Case Studies
Intranet Case StudiesIntranet Case Studies
Intranet Case Studies
 
HE archives and accreditation
HE archives and accreditationHE archives and accreditation
HE archives and accreditation
 
NWCSC March 2022 event.pptx
NWCSC March 2022 event.pptxNWCSC March 2022 event.pptx
NWCSC March 2022 event.pptx
 
'Change the game' conference june 2015 nick eatock
'Change the game' conference june 2015 nick eatock'Change the game' conference june 2015 nick eatock
'Change the game' conference june 2015 nick eatock
 
Digital Transformation Business Evolution
Digital Transformation Business Evolution Digital Transformation Business Evolution
Digital Transformation Business Evolution
 
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
UNICOM Conference on Digital Transformation - The Trust Framework Initiative ...
 
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
dkNET Webinar - Vivli: A Global Clinical Trials Data Sharing Platform 12/11/2020
 
Business archives and accreditation
Business archives and accreditation Business archives and accreditation
Business archives and accreditation
 
Academic affiliate overview - higher education
Academic affiliate overview - higher education Academic affiliate overview - higher education
Academic affiliate overview - higher education
 
CIRAS @ icce conference
CIRAS @ icce conferenceCIRAS @ icce conference
CIRAS @ icce conference
 
Knowledge Management
Knowledge ManagementKnowledge Management
Knowledge Management
 

More from Jisc

More from Jisc (20)

Adobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptxAdobe Express Engagement Webinar (Delegate).pptx
Adobe Express Engagement Webinar (Delegate).pptx
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
Jisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of SheffieldJisc's value to HE: the University of Sheffield
Jisc's value to HE: the University of Sheffield
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...International students’ digital experience: understanding and mitigating the ...
International students’ digital experience: understanding and mitigating the ...
 
Digital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptxDigital Storytelling Community Launch!.pptx
Digital Storytelling Community Launch!.pptx
 
Open Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptxOpen Access book publishing understanding your options (1).pptx
Open Access book publishing understanding your options (1).pptx
 
Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...Scottish Universities Press supporting authors with requirements for open acc...
Scottish Universities Press supporting authors with requirements for open acc...
 
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...How Bloomsbury is supporting authors with UKRI long-form open access requirem...
How Bloomsbury is supporting authors with UKRI long-form open access requirem...
 
Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023Jisc Northern Ireland Strategy Forum 2023
Jisc Northern Ireland Strategy Forum 2023
 
Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023Jisc Scotland Strategy Forum 2023
Jisc Scotland Strategy Forum 2023
 
Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023Jisc stakeholder strategic update 2023
Jisc stakeholder strategic update 2023
 
JISC Presentation.pptx
JISC Presentation.pptxJISC Presentation.pptx
JISC Presentation.pptx
 
Community-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptxCommunity-led Open Access Publishing webinar.pptx
Community-led Open Access Publishing webinar.pptx
 

Recently uploaded

Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

Trust and identity - enabling intra- and inter-organisational authentication and authorisation

  • 1. Trust and identity: Enabling intra- and inter-organisational authentication and authorisation Dr Rhys Smith, chief technical architect, Trust and identity, Jisc
  • 2. • Dr Rhys Smith – Chief technical architect, Trust and identity (Jisc) • Mark Williams – UK federation service manager (Jisc) Speakers Enabling intra- and inter-organisational authentication and authorisation2
  • 3. • What’s the main aim of Jisc’s Trust and identity portfolio? • What are Jisc’s Trust and identity services and what do they do? • Which services can help during the Covid-19 crisis, and how? • Q&A and community discussion Agenda Enabling intra- and inter-organisational authentication and authorisation3
  • 4. “Easy and secure access to anything, anywhere, anytime” All of Jisc’s Trust and identity services revolve around enabling all aspects of this proposition.
  • 5. Jisc’s Trust and identity services UKfederation Assent Shibboleth Managedservices Certificateservice Studentvoter Helpdesk VerifID Consultancy Member and professional services Federation Identity and access Domainregistry Verification Enabling intra- and inter-organisational authentication and authorisation5
  • 6. Federation services Enabling intra- and inter-organisational authentication and authorisation6 • These are underlying trust infrastructure to enable federated authentication / authorisation between members - Solves the problem of N2 interactions • At the business and at the technical level UKfederation Assent Federation
  • 7. Identity and access Enabling intra- and inter-organisational authentication and authorisation7 • Software and services to help members make use of our services, where appropriate Shibboleth ManagedServices Identity and access
  • 8. Verification Enabling intra- and inter-organisational authentication and authorisation8 • Ensures the secure validation of various aspects of our membership’s interactions with each other Certificateservice Studentvoter VerifID DomainregistryVerification
  • 9. Member and professional services Enabling intra- and inter-organisational authentication and authorisation9 • Providing help, support and guidance on the use of all of our services Helpdesk Consultancy Member and professional services
  • 10. Quality assurance and information security Enabling intra- and inter-organisational authentication and authorisation10 All of the T&I services are included within Jisc’s ISO 9001 and 27001 scopes
  • 12. UK Access Management Federation 12 Enabling intra- and inter-organisational authentication and authorisation Web single sign-on federation • Cross-organizational SSO to web resources • Est. 2006, part of the Jisc core subscription • Vendor-agnostic (SAML based) • ~1200 members, ~2,500 entities - 100% of HE, ~80% of FE, also schools, government, libraries, NHS, etc • Global Inter-federation with 68 other countries via eduGAIN - ~7,000 entities total
  • 13. Assent 13 Enabling intra- and inter-organisational authentication and authorisation Non-web single sign-on federation • Cross-organisational access to non- web resources (eg SSH) • Est. 2015, part of the Jisc core subscription • Vendor-agnostic (ABFAB based) • Primarily aimed at research and complex virtual organisations with complex services and requirements
  • 15. Shibboleth 15 Enabling intra- and inter-organisational authentication and authorisation Open source, standards based, software • Jisc is a board member and Principal Member of the Shibboleth Consortium on behalf of our community • The consortium ensures the development, maintenance and sustainability of the Shibboleth software • Software is free to use and open source • ~70% of entities in the UK federation use Shibboleth
  • 16. Managed services 16 Enabling intra- and inter-organisational authentication and authorisation Currently in development… Watch this space
  • 18. Certificate service 18 Enabling intra- and inter-organisational authentication and authorisation Verifies: Web services • We are a registration authority for issuing SSL (TLS) and email certificates to secure web services • Provides significant discount and cost- savings for our members • Free to join, per-certificate cost at present • Issued hundreds of thousands of certs • Reprocuring this year – watch this space for exciting news!
  • 19. Student voter registration 19 Enabling intra- and inter-organisational authentication and authorisation Verifies: Student voter enrolment • Promotes civic engagement and helps an organisation meet its statutory requirements from the OfS • Shared service for students to register their term-time and home-time address to government to be able to vote in local and national elections • Additional paid-for service over and above Jisc membership
  • 20. Domain Registry 20 Enabling intra- and inter-organisational authentication and authorisation Verifies: DNS names • Jisc is the domain registrar for: - .ac.uk - .gov.uk (on behalf of Cabinet Office) - .gov.scot (on behalf of Scottish Government) - .gov.wales / llyw.cymru (on behalf of Welsh Government) • Free to join, per-domain cost • Tens of thousands of domains managed • We verify all requests and therefore the underlying trust framework • (Jisc also runs the DNS itself)
  • 21. VerifID 21 Enabling intra- and inter-organisational authentication and authorisation Verifies: Studentness! • Commercial verification of student status • Uses UK federation as source of data • Currently mostly used by providers of student discount • Paid-for service (by providers), per verification • Helps subsidise the UK federation • To ensure optimal student experience: - Ensure you are releasing “student” affiliation value as appropriate
  • 23. T&I helpdesk 23 Enabling intra- and inter-organisational authentication and authorisation Free support and guidance • Provides help, support and guidance for using any of the T&I services • Email trustandidentity@jisc.ac.uk or call 0300 300 2212.
  • 24. T&I consultancy 24 Enabling intra- and inter-organisational authentication and authorisation Paid-for bespoke support • For those with needs beyond our free helpdesk support • Targeted bespoke support, advice, training • Remote or in-person • One-off engagements through to retained expertise • Covers UK federation, Assent, eduroam, govroam, Identity Management, etc
  • 25. Jisc trust and identity services and Covid-19
  • 26. Covid-19 and Jisc’s T&I services Enabling intra- and inter-organisational authentication and authorisation26 Largely business as usual • Our trust and identity services are designed to facilitate easy and secure access to anything, anywhere, anytime • Importance of the services has increased, but general requirements are the same • All staff now working from home, of course, but hasn’t impacted any of our service or helpdesk offerings due to extensive pre-existing BCP planning
  • 27. Specific changes Enabling intra- and inter-organisational authentication and authorisation27 However, some tweaking was desirable • Instituted service-wide change freeze during lockdown - Stability and reliable of services is paramount while membership adapts to new circumstances • UK federation metadata validity period temporarily increased - To ensure additional time to respond to issues in the management processes • Increased priority of support for gov.uk domain registry - Primary source of interaction between public and government • Domain suspension/expiry policy temporarily relaxed - Ensuring domains don’t “accidentally” expire (may be missed in the mayhem)
  • 28. Some advice and guidance Enabling intra- and inter-organisational authentication and authorisation28 Across the services • Secure SSO to internal and external resources now of paramount importance - Ensure your UK federation IdP (whatever flavour) is up to date and configured correctly - Consider adopting R&S support in your IdP to enable your researchers to more easily collaborate on Covid-19 related research • Users are now primarily off-premise, BYOD usage increased - If you have any internally signed certificates, consider swapping for properly supported certs via our certificate service for fewer issues on non-managed devices
  • 29. • Free health-check for UK federation Shibboleth IdPs - Offered on a first-come-first-served basis, Shib IdP v3+ only - Usually undertaken remotely via our consultancy service - Ensure your Shib IdP is fully functioning and safe (OS patch state and IdP version checking, attribute and attribute release configuration check, resource checking, etc) • Free three hours consultancy to help deal with any simple issues highlighted in the health-check • To register your interest, email trustandidentity@jisc.ac.uk Offerings to the membership Enabling intra- and inter-organisational authentication and authorisation29
  • 30. Discussion and Q&A Facilitated by Mark Williams
  • 31. Dr Rhys Smith Chief technical architect, trust and identity rhys.smith@jisc.ac.uk 4 Portwall Lane, Bristol, BS1 6NB Thankyou customerservices@jisc.ac.uk jisc.ac.uk