aai in swiss higher education - garr2006 © switch aai in swiss higher education, rome, 16 feb 2006...
TRANSCRIPT
2006 © SWITCH 2AAI in Swiss Higher Education, Rome, 16 Feb 2006
University A
Library B
University C
Without AAI
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
AuthorizationUser AdministrationAuthentication Resource Credentials
Tedious user registrationat all resources
Unreliable and outdateduser data at resources
Different login processes
Many different passwords
Many resources notprotected due to difficulties
Often IP-basedauthorization
Costly implementation ofinter-institutional access
e-Journals
2006 © SWITCH 3AAI in Swiss Higher Education, Rome, 16 Feb 2006
University A
Library B
University C
AAI
With AAI
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
AuthorizationUser AdministrationAuthentication Resource Credentials
No user registration anduser data maintenance atresource needed
Single login process forthe users
Many new resourcesavailable for the users
Enlarged usercommunities for resources
Authorization independentof location
Efficient implementation ofinter-institutional access
e-Journals
2006 © SWITCH 4AAI in Swiss Higher Education, Rome, 16 Feb 2006
SWITCHaai Project Timeline
2001 2002 2003 2004 2005 2006 2007
ImplementationPilot Operation Study
ArchitectureEvaluation
-> Shibboleth
Study, Planning …
2006 © SWITCH 5AAI in Swiss Higher Education, Rome, 16 Feb 2006
Shibboleth
Open Source Developed by Internet2 Federated Approach Privacy National deployment projects in the US, UK and Finland,
growing interest in other European countries For web resources only - as a first step Based on SAML Cooperations with Liberty Alliance Cooperations with Content Providers (e-journals)
http://shibboleth.internet2.edu/
2006 © SWITCH 6AAI in Swiss Higher Education, Rome, 16 Feb 2006
Demo (Try it yourself)
http://www.switch.ch/aai-> Live Demo-> demo resource
http://www.switch.ch/aai/demo/demo_live.html
2006 © SWITCH 7AAI in Swiss Higher Education, Rome, 16 Feb 2006
Demo
https://kelut.switch.ch/aai/viewer.php
2006 © SWITCH 8AAI in Swiss Higher Education, Rome, 16 Feb 2006
WAYF
Single Sign On
DemoResource
13
264
5Credentials
Home Org
8
9 wayf.switch.ch kelut.switch.ch
https://dokeos.unige.ch/aai/login.php
E-LearningResource
7
dokeos.unige.ch
10
2006 © SWITCH 9AAI in Swiss Higher Education, Rome, 16 Feb 2006
SWITCHaai Building Blocks
IdentityProviders
(Home Orgs)
Service Providers
(Resources)
OrganisationalFramework
Interoperation
CentralServices Funding
2006 © SWITCH 10AAI in Swiss Higher Education, Rome, 16 Feb 2006
Identity Providers (Home Orgs) in SWITCHaai
IdentityProviders
Operational
Coverage:130’000 Users (> 2/3 of all)In Swiss Higher Education
ETH Zürich
UniversitätZürich
SWITCH
Université deGenève
Zürcher HochschuleWinterthur
UniversitätLuzern
Université deFribourg
Universität Bern
Université deLausanne
Université deNeuchâtel
UniversitätBasel
Getting ready
University HospitalZürich
EPFL
SUPSI USI
UniversitätSt. Gallen
Pädagogische Hochschule Bern
FachhochschuleZentralschweizHES-SO
2006 © SWITCH 11AAI in Swiss Higher Education, Rome, 16 Feb 2006
Types of Service Providers
e-learning libraries
other web applications
DOIT@USZDOIT@USZ
VITELS@VITELS@UniBEUniBE
Vista@SVCVista@SVC
AD Learn & CoAD Learn & Co
eConfeConf-Portal@SWITCH-Portal@SWITCH
Web-SMS@SWITCHWeb-SMS@SWITCH
EZproxy@ETHBibEZproxy@ETHBib
commercial
ScienceDirectScienceDirect
WebCTWebCT@ETHZ@ETHZ
OLAT@OLAT@UniZHUniZH
MoodleMoodle
BlackboardBlackboard
SwissLexSwissLex
IS-AcademiaIS-Academia
ILIAS@ETHZILIAS@ETHZ
TwikiTwiki@SWITCH@SWITCH eShopseShops
……
CompiCampusCompiCampus@ETHZ@ETHZ
dokeosdokeos@@UniGEUniGE
CablecomCablecom
BundesgerichtBundesgericht
16’000 active users79 resources
ServiceProviders
2006 © SWITCH 12AAI in Swiss Higher Education, Rome, 16 Feb 2006
Organisational Framework
SWITCH acts as SWITCHaai Federation Service ProviderFederation membership based on signed service agreements
Organisation
2006 © SWITCH 13AAI in Swiss Higher Education, Rome, 16 Feb 2006
Personal
Unique IdentifierSurnameGiven name
E-mailAddress(es)Phone number(s)Preferred languageDate of birthGender
Group Membership
Home Organization NameHome Organization TypeAffiliation (student, staff, …)
Study branchStudy levelStaff categoryGroup membershipOrganization PathOrganizational Unit Path
Implementation of Attributes Mandatory Recommended or optional
Based on eduPerson Attributes “Schweizerisches
Hochschulinformationssystem”(SHIS)
NO username, password
Authorization Attributes
Interoperation
Attribute Specification: http://www.switch.ch/aai/docs/AAI_Attr_Specs.pdf
2006 © SWITCH 14AAI in Swiss Higher Education, Rome, 16 Feb 2006
Access Control Example: DOITDOIT: Dermatology Online with Interactive Technology
Resource
Universtié de Lausanne
Universität Zürich
Universität Bern
Identity Provider
Access Rule:
HomeOrg = UniZH | UniBE | UniLAffiliation = StudentStudyBranch = MedicineStudyLevel = 20
ServiceProviders
2006 © SWITCH 15AAI in Swiss Higher Education, Rome, 16 Feb 2006
Central AAI-Services
Strategy & Marketing International Contacts Support, Consulting, Training Providing Federation-specific Files and
Configuration Guides Operating WAYF (Where Are You From Server) Test-HomeOrg and Test-Resource Tools (AAIportal, Resource Registry) Virtual Home Organization Jump Start Service
CentralServices
2006 © SWITCH 16AAI in Swiss Higher Education, Rome, 16 Feb 2006
Questions ?
Q & A
http://www.switch.ch/aai