logging in or signing up Winderemere Shibboleth 2005 11 Alohomora Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 42 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters: MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005Where We Are From - Eduserv: Where We Are From - Eduserv Eduserv is a not-for-profit IT services group born from services developed within universities The Eduserv Foundation funds initiatives supporting application of IT in education Over 10 years experience delivering Access Management Athens Contracted by the JISC to provide the MATU service assist HE & FE with early adoption of ShibbolethMATU Objectives: MATU Objectives Middleware Assisted Take Up Service A JISC sponsored Eduserv Service Support JISC Core Middleware Project Early Adopters Provide a central repository information advice training The Problem Shibboleth® Addresses: The Problem Shibboleth® Addresses Users accessing many different systems proliferation of credentials one pair of credentials per resource forgotten passwords Security & Integrity compromised “abc123” issue passwords sent in the clear and shared proprietary systems – locked in no organisational control centreWhat Shibboleth® is NOT: What Shibboleth® is NOT NOT an all-in-one identity management solution one of many components NOT an authentication or a SSO system need to plug one in (CAS, pubcookie, …) NOT an Attribute Store need to plug one in (Directory, Database, …) NOT a fixed specification ongoing evolutionInternet2: Internet2 Collection of over 200 U.S. Universities involved in a wide variety of initiatives: advanced network applications research and higher education creating tomorrow’s Internet Wide variety of: Groups Working, Specialist Interest, Advisory, … InitiativesInternet2 - Middleware Initiative: Internet2 - Middleware Initiative Initiatives: Shibboleth® eduPerson both of which are under umbrella of MACE Others MACE activities: Grouper Middleware End-To-End Diagnostics Advisory Group SignetInternet2 - Shibboleth®: Internet2 - Shibboleth® Share secured online services Control access to restricted digital content Leverages campus identity and access management infrastructures authenticate individual users sends information about users to resource site enables resource provider to make authorisation decisions Common SSO layer over existing systemsWhat is a Federation …: What is a Federation … Group of organizations sharing set of agreed policies, rules for access to online resources enable the members to establish trust and shared understanding of language or terminology provide a structure / legal framework that enables authentication and authorization Supporting technologies: Shibboleth SAMLSWITCHaai - Switzerland: SWITCHaai - Switzerland Useful demo SWITCHaai: - http://www.switch.ch/aai/SWITCHaai - Process Demo: SWITCHaai - Process DemoAdoption History - World Wide …: Adoption History - World Wide … Europe SWITCH - AAI - Switzerland Authentication & Authorization Infrastructure 8 universities, > 110k users integrated user directories into AAI e-learning shared resources > 10k users on a regular basis HAKA - Finland Identity Federation of Universities… Adoption History - World Wide: … Adoption History - World Wide USA widespread adoption by educational and commercial organisations Australia MAMS Meta Access Management System Macquarie - lead UniversityAdoption History - UK …: Adoption History - UK … Started with Core Middleware Programme started July 2004 / first trial November 2004 strategic initiative A subset - Early Adopters over 20 H.E. institutions includes e-Learning strand interim reports available … Adoption History - UK: … Adoption History - UK Bodington open source Virtual Learning Environment / Learning Management System supports teaching and learning across entire range of learning institutions UK and worldwide Guanxi Project UHI - University of Highlands and Islands institutional collaborations e-learning & e-deliveryUK Federations: UK Federations Athens UK Shibboleth Federation production federation SDSS project at EDINA building development Shibboleth federation … academic online resources put in place essential technical components provide environment to assist other projects JISC Core Middleware: Infrastructure Programme SWISh, Gilead, JISC - Shibboleth®: JISC - Shibboleth® The Joint Information Systems Committee UK HE / FE support organisation JISC - Middleware Adoption funding a major initiative - 4 years access to internally and externally produced resources is a one step process for users development of next generation access management system based on Shibboleth UK FederationMATU Support - Ethos / Approach: MATU Support - Ethos / Approach "One Stop Shop" Informed Authoritative Impartial Avoid dilution of message and advice Long term individual relationships Mutual support – cyclical we also need assistance & feedback returned to early adopters communityMATU People: MATU People Service Manager - Richard Dunning operations and project specialist Service Analyst - Richard Annett formerly DSP and AthensDA support Trainer - Steve Edwards consulting & development: J2EE, XML, Web Services International activities: IBM, BEA, … Others involved include: James Mulhern project director, head of R & D David Orrell technical architect heavily involved in the middleware arena nationally & internationallyMATU Service: MATU Service A Comprehensive Website FAQS, Guidance, Installation guides, business cases, downloads Software downloads Internet2 software Eduserv software Other software e.g. Guanxi Service desk Telephone and Email support Access to some of the leading experts on Access Management and Shibboleth Test infrastructure Training Seminars / Workshops ConferencesMATU Assisted Projects: MATU Assisted Projects Twenty projects in total comprising of: Over 20 early adopter projects 16 institutions 9 e-learning strand early adopter projects 11 institutions 15-18 new projects to be announced mid-November 2005Workshops & Events: Workshops & Events October Introduction to Shibboleth: v1.3 - IdP & SP November JISC Conference December Introduction to Shibboleth: v1.3 - IdP & SP October workshop repeated for new project intake January Deploying Shibboleth: v1.3 IdP Deploying Shibboleth: v1.3 SP LDAP - Lightweight Directory Access Protocol February Federations and the LawCurrent Activities : Current Activities Getting to know the projects aims: give early adopters confidence get early adopters to outline their projects form relationships help with problem solving at an early stage One-to-one meetings with project owners include: University of Essex (Chimera) London School of Economics University of Essex (UK Data Archive (SAFARI)) Liverpool University University of Nottingham University of Bristol University of Exeter University of Cardiff University of StaffordshireShibboleth / Athens Interoperability : Shibboleth / Athens Interoperability Eduserv's JISC contract for Access Management services to UK HE & FE, commits us to delivering full Shibboleth Athens interoperability: Athens Federation providing a governance framework for Athens registered organisations and online resources Athens Identity Manager (AthensIM) fully supported and standalone Shibboleth Identity Provider (origin) software Shibboleth to Athens Gateway providing Shibboleth-enabled organisations access to Athens-enabled resourcesPrerequisites : Prerequisites Users IDs and credentials Database Directory Flat files A web-based Single Sign-On System e.g. Pubcookie Yale CAS Bespoke Network & Server Infrastructure Skilled PeopleGetting Started? : Getting Started? MATU Support Think carefully about how you are going to use Shibboleth who and where are your users what are you looking to access / share / protect what Federation is best for you Make sure you know who you and your stakeholders are! Identity Provider Service Provider both! Align your Access Management to your IT strategy and adapt Align your Attribute Release Policy with Institutional DP & Privacy Ensure you have all the necessary building blocks A populated Information Store A Web SSO system Plan how you are going to deliver and resource your new service Decide what software is best for youAdvice to Projects: Advice to Projects Plan especially access to institutional data Keep it simple limit the use of user attributes at least initially Try, test, prototype but avoid live kit Put the necessary prerequisites in place Weigh up privacy v. personalisation Do not go it aloneAnd Now?: And Now? MATU is here to support early adopters in using Shibboleth We want to: talk to them understand their requirements to ensure a smoother start to assist with minimising problemsContact Us: Contact Us Contact the MATU team at: support@matu.ac.uk Postal address: Eduserv MATU Queen Anne House 11 Charlotte Street Bath BA1 2NE Phone: 01225 474373 Fax: 01225 474332 Website: www.matu.ac.uk You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Winderemere Shibboleth 2005 11 Alohomora Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 42 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters: MATU: Middleware Assisted Take Up Service For JISC Funded Early Adopters Steve Edwards - MATU - Windermere 14 – 15 November 2005Where We Are From - Eduserv: Where We Are From - Eduserv Eduserv is a not-for-profit IT services group born from services developed within universities The Eduserv Foundation funds initiatives supporting application of IT in education Over 10 years experience delivering Access Management Athens Contracted by the JISC to provide the MATU service assist HE & FE with early adoption of ShibbolethMATU Objectives: MATU Objectives Middleware Assisted Take Up Service A JISC sponsored Eduserv Service Support JISC Core Middleware Project Early Adopters Provide a central repository information advice training The Problem Shibboleth® Addresses: The Problem Shibboleth® Addresses Users accessing many different systems proliferation of credentials one pair of credentials per resource forgotten passwords Security & Integrity compromised “abc123” issue passwords sent in the clear and shared proprietary systems – locked in no organisational control centreWhat Shibboleth® is NOT: What Shibboleth® is NOT NOT an all-in-one identity management solution one of many components NOT an authentication or a SSO system need to plug one in (CAS, pubcookie, …) NOT an Attribute Store need to plug one in (Directory, Database, …) NOT a fixed specification ongoing evolutionInternet2: Internet2 Collection of over 200 U.S. Universities involved in a wide variety of initiatives: advanced network applications research and higher education creating tomorrow’s Internet Wide variety of: Groups Working, Specialist Interest, Advisory, … InitiativesInternet2 - Middleware Initiative: Internet2 - Middleware Initiative Initiatives: Shibboleth® eduPerson both of which are under umbrella of MACE Others MACE activities: Grouper Middleware End-To-End Diagnostics Advisory Group SignetInternet2 - Shibboleth®: Internet2 - Shibboleth® Share secured online services Control access to restricted digital content Leverages campus identity and access management infrastructures authenticate individual users sends information about users to resource site enables resource provider to make authorisation decisions Common SSO layer over existing systemsWhat is a Federation …: What is a Federation … Group of organizations sharing set of agreed policies, rules for access to online resources enable the members to establish trust and shared understanding of language or terminology provide a structure / legal framework that enables authentication and authorization Supporting technologies: Shibboleth SAMLSWITCHaai - Switzerland: SWITCHaai - Switzerland Useful demo SWITCHaai: - http://www.switch.ch/aai/SWITCHaai - Process Demo: SWITCHaai - Process DemoAdoption History - World Wide …: Adoption History - World Wide … Europe SWITCH - AAI - Switzerland Authentication & Authorization Infrastructure 8 universities, > 110k users integrated user directories into AAI e-learning shared resources > 10k users on a regular basis HAKA - Finland Identity Federation of Universities… Adoption History - World Wide: … Adoption History - World Wide USA widespread adoption by educational and commercial organisations Australia MAMS Meta Access Management System Macquarie - lead UniversityAdoption History - UK …: Adoption History - UK … Started with Core Middleware Programme started July 2004 / first trial November 2004 strategic initiative A subset - Early Adopters over 20 H.E. institutions includes e-Learning strand interim reports available … Adoption History - UK: … Adoption History - UK Bodington open source Virtual Learning Environment / Learning Management System supports teaching and learning across entire range of learning institutions UK and worldwide Guanxi Project UHI - University of Highlands and Islands institutional collaborations e-learning & e-deliveryUK Federations: UK Federations Athens UK Shibboleth Federation production federation SDSS project at EDINA building development Shibboleth federation … academic online resources put in place essential technical components provide environment to assist other projects JISC Core Middleware: Infrastructure Programme SWISh, Gilead, JISC - Shibboleth®: JISC - Shibboleth® The Joint Information Systems Committee UK HE / FE support organisation JISC - Middleware Adoption funding a major initiative - 4 years access to internally and externally produced resources is a one step process for users development of next generation access management system based on Shibboleth UK FederationMATU Support - Ethos / Approach: MATU Support - Ethos / Approach "One Stop Shop" Informed Authoritative Impartial Avoid dilution of message and advice Long term individual relationships Mutual support – cyclical we also need assistance & feedback returned to early adopters communityMATU People: MATU People Service Manager - Richard Dunning operations and project specialist Service Analyst - Richard Annett formerly DSP and AthensDA support Trainer - Steve Edwards consulting & development: J2EE, XML, Web Services International activities: IBM, BEA, … Others involved include: James Mulhern project director, head of R & D David Orrell technical architect heavily involved in the middleware arena nationally & internationallyMATU Service: MATU Service A Comprehensive Website FAQS, Guidance, Installation guides, business cases, downloads Software downloads Internet2 software Eduserv software Other software e.g. Guanxi Service desk Telephone and Email support Access to some of the leading experts on Access Management and Shibboleth Test infrastructure Training Seminars / Workshops ConferencesMATU Assisted Projects: MATU Assisted Projects Twenty projects in total comprising of: Over 20 early adopter projects 16 institutions 9 e-learning strand early adopter projects 11 institutions 15-18 new projects to be announced mid-November 2005Workshops & Events: Workshops & Events October Introduction to Shibboleth: v1.3 - IdP & SP November JISC Conference December Introduction to Shibboleth: v1.3 - IdP & SP October workshop repeated for new project intake January Deploying Shibboleth: v1.3 IdP Deploying Shibboleth: v1.3 SP LDAP - Lightweight Directory Access Protocol February Federations and the LawCurrent Activities : Current Activities Getting to know the projects aims: give early adopters confidence get early adopters to outline their projects form relationships help with problem solving at an early stage One-to-one meetings with project owners include: University of Essex (Chimera) London School of Economics University of Essex (UK Data Archive (SAFARI)) Liverpool University University of Nottingham University of Bristol University of Exeter University of Cardiff University of StaffordshireShibboleth / Athens Interoperability : Shibboleth / Athens Interoperability Eduserv's JISC contract for Access Management services to UK HE & FE, commits us to delivering full Shibboleth Athens interoperability: Athens Federation providing a governance framework for Athens registered organisations and online resources Athens Identity Manager (AthensIM) fully supported and standalone Shibboleth Identity Provider (origin) software Shibboleth to Athens Gateway providing Shibboleth-enabled organisations access to Athens-enabled resourcesPrerequisites : Prerequisites Users IDs and credentials Database Directory Flat files A web-based Single Sign-On System e.g. Pubcookie Yale CAS Bespoke Network & Server Infrastructure Skilled PeopleGetting Started? : Getting Started? MATU Support Think carefully about how you are going to use Shibboleth who and where are your users what are you looking to access / share / protect what Federation is best for you Make sure you know who you and your stakeholders are! Identity Provider Service Provider both! Align your Access Management to your IT strategy and adapt Align your Attribute Release Policy with Institutional DP & Privacy Ensure you have all the necessary building blocks A populated Information Store A Web SSO system Plan how you are going to deliver and resource your new service Decide what software is best for youAdvice to Projects: Advice to Projects Plan especially access to institutional data Keep it simple limit the use of user attributes at least initially Try, test, prototype but avoid live kit Put the necessary prerequisites in place Weigh up privacy v. personalisation Do not go it aloneAnd Now?: And Now? MATU is here to support early adopters in using Shibboleth We want to: talk to them understand their requirements to ensure a smoother start to assist with minimising problemsContact Us: Contact Us Contact the MATU team at: support@matu.ac.uk Postal address: Eduserv MATU Queen Anne House 11 Charlotte Street Bath BA1 2NE Phone: 01225 474373 Fax: 01225 474332 Website: www.matu.ac.uk