Current A A Developments in the UK Alan Robiette

Зарегистрируйтесь, чтобы просмотреть полный документ!

Current A&A Developments in the UK Alan Robiette, JISC Development Group <a. robiette@jisc. ac. uk> 25 Nov 2002 TF-AACE, Stockholm Supporting further and higher education

Overview • The JISC community • The Athens service and Athens developments • Additional and longer term development projects 25 Nov 2002 TF-AACE, Stockholm 2

The JISC community • JISC strategy is constrained by two factors – Large and varied community • 180 higher education sites • 500 further education colleges • Potentially ~ 6 million staff & students – An existing access management system • The Athens service 25 Nov 2002 TF-AACE, Stockholm 3

What is Athens? • A system developed over several years to manage access to UK national data services • Originally designed by a team at the University of Bath (JISC-funded) • Now owned, developed and operated by Edu. Serv (http: //www. eduserv. org. uk) • Besides JISC, Athens is also used similarly by the National Health Service (National Electronic Library for Health) 25 Nov 2002 TF-AACE, Stockholm 4

Some recent statistics • These cover both education and NHS, unless otherwise stated • 497 FE + HE sites; 769 sites total including NHS • Approximately 2 million user accounts • Average authenticated access requests per day 85, 650 (August 2002) • 51 content providers, offering between them 249 Athens-controlled resources 25 Nov 2002 TF-AACE, Stockholm 5

How does it work? • Originally a “trusted third party” network service • Essentially a large database of user ID and authorisation data • Replicated to provide a resilient service • Each participating college or university administers its own part of the database • Content providers refer access requests to Athens for validation, and run special plug-in software to achieve this 25 Nov 2002 TF-AACE, Stockholm 6

Athens data flows © Edu. Serv, 2002 25 Nov 2002 TF-AACE, Stockholm 7

Service providers • Need to run special software to carry out the dialogue with Athens • Athens “agent” plug-ins provided either as toolkit (C, Java, Perl implementations all available) for integration into supplier’s system – Important for many commercial publishers with complex front ends to multiple products • Or as pre-packaged modules (Apache or IIS) 25 Nov 2002 TF-AACE, Stockholm 8

Athens developments • “Single sign-on” introduced in early 2002 • Limited-life ticket created at initial signon, allows access to all service providers running latest software plug-in • Devolution of authentication back to user’s campus • Initially via campus LDAP directory • Also prototype using client-side X. 509 certificate 25 Nov 2002 TF-AACE, Stockholm 9

Devolved authentication © Edu. Serv, 2002 25 Nov 2002 TF-AACE, Stockholm 10

Latest announcements • Earlier this month Edu. Serv announced their intention to add Shibboleth compliance to Athens • Allowing sites in an Athens community to access Shibboleth-protected resources • Target date 1 st quarter 2003 • Cf http: //www. athensams. net/development 25 Nov 2002 TF-AACE, Stockholm 11

Additional development • Programme of development projects undertaken beginning October/November 2002 – Jointly sponsored by two of the JISC functional sub-committees • Research Support Committee • Information Environment Committee 25 Nov 2002 TF-AACE, Stockholm 12

Principal objectives • To explore in depth authentication via client-side X. 509 certificates • Certificates are coming whether we like it or not (Grid, NHS, e-Government) • What are the issues involved in using them in a university/college context? • To examine emerging solutions for authorisation • Is a common solution achievable, e. g. for electronic information and Grid? 25 Nov 2002 TF-AACE, Stockholm 13

Basic data • 11 projects funded (out of 22 received) • 4 mainly to do with authentication • 4 mainly to do with authorisation • 3 miscellaneous (see later) • Project durations 6 to 24 months • Committees considering commissioning some further studies to fill gaps 25 Nov 2002 TF-AACE, Stockholm 14

Authentication projects • Three looking at embedding certificate use in institutions • London School of Economics • University of Oxford (+ partners) • University of Edinburgh – Edinburgh proposal also includes University of Paisley and two FE colleges • One project to develop tools for certificate management • University of Leeds 25 Nov 2002 TF-AACE, Stockholm 15

Authorisation projects • University of London • PAPI (ULL, UL External Programme) • Manchester Computing/ESNW • Akenti (Zetoc) • University of Salford • Akenti and Permis (architectures) • University of Warwick • Roles and institutional memberships – Includes North Warwickshire College and Warwick-Leicester Medical School 25 Nov 2002 TF-AACE, Stockholm 16

Questions? 25 Nov 2002 TF-AACE, Stockholm Supporting further and higher education

Скачать презентацию Current A A Developments in the UK Alan Robiette

78eaeee0d0fcf350767f1355109eb858.ppt

Количество слайдов: 17