Agenda

• Project beginnings and funding.

• Purpose of the federation.

• Federation members.

• Federation protocols.

• Special features in our federation.

• Pilot project

• Inter-federation prospects

Question

• Q: How do you enable access to your services for users registered at other institutions ?

A: Central directory of users B: Issue accounts for remote user C: OpenID D: Federated Access

Question

• Q: What is federated access? A: A way to authenticate users without having

to know the users username/password B: A way to authenticate yourself using the

same credentials you use at your institution. C: A way to authorize users based on their

role at the remote institution... ... or based on your own rules..

UK Access Management Federation

• http://video.google.co.uk/videoplay?docid=6664146721575915928

Project beginnings and funding

• Forfás report -short term infrastructure

• National Development Plan (PRTLI)

• Application for SIF-II funding of mini-grants for IdP's and SP's approved (but paused)

• Other revenue streams under consideration.

Federation Purpose• Initially...

– Foster cross institutional collaboration

• Now...– Enable shared services (e.g. NDLR)– Enable SaaS (e.g. Google Apps)– Supplement GRID/HPC– Validate student identity (e-commerce)– Potential alternative to Athens AM

Federation Members• IdP's

– Any entity within Ireland with a student body

• SP's...– Any entity providing services to institutions – Any entity providing services to students

Notable Members• IdP's

– Open to primary/second level schools (single IdP)

• SP's...– Commercial entities offering a 'student discount'– GRID to supplement existing authorisation

Potential Members• SP's...

– Institutional libraries– Elsvier, EBSCO, Thomson Reuters– Any member of the UK Federation– National Library– National Digital Learning Repository– Exptertise Ireland– IReL

Potential Members• IdP's...

– Universities– Institutes of Technology– Schools– Research agencies (ESRI, EPA etc.)– Athens AM (or similar)

Federation Protocol

• Initially...– SAML1/SAML2/ADFS/Shibboleth 1.3 and 2.0

• Now– SAML2 with specific binding/protocol

• Interoperability between SAML implementations...• ...allowing commercial SAML products...• ...alongside open-source

Options for IdP's

• Self-managed IdP– No fee (for HEA funded institutions)– Small fee (for non HEA-funded)

• Managed or Hosted IdP.– Additional fee– Shibboleth 2.1

Options for SP's

• Self-managed SP– No fee for HEA funded institutions– Membership fee for non HEA-funded

• Managed or Hosted SP.– Additional fee– Shibboleth 2.1 and simpleSAMLphp

Special features

• Collaboration and access to resources– Federation established for cross-institutional

access to protected content– Virtual Learning Environments– Digital Libraries– Centralised, pooled, or shared services– Intra-library loans

Special features

• Shibboleth web-based administration– Config. can be difficult for those new to Shibb.– Web-based interface is designed to make

configuration easier.– Wizard outputs downloadable configuration files– The wizards are based on SWITCH RR*

Special features

• IdP default release policy...

Special features

• View SP attribute requirement policy.

Pilot Project

• Call for participation.

• Response from GRID and one institution

• Workshops.

• Another call for participation;– Response from small group of IdP and SP's

including HPC.

• Technical trial commenced

Pilot Project

• Pilot project will continue in parallel to;– Call to libraries– Further workshops– Additional pilot participants

Pilot Project• Expected Outcomes;

– Technical• Agreed Attribute Schema• Agreed Protocol

– Policy• Agreed Rules of Membership• Agreed Membership criteria• Agreed model to steer the federation in the future• Agreed production launch date.

Inter-federation

• Bilaterally– Attribute schema based on UK Federation Schema

to ease bilateral federation.– UK Federation will be ready for SAML2 in the

future

Inter-federation

• Multilaterally.– As number of Bilateral agreements grow an inter-

federation agreement will emerge.– Technical solution may be based on SAML2

metadata mergers where possible– eduGAIN where not possible

Summary• Project beginnings and funding.

• Purpose of the federation.

• Federation members.

• Federation protocols.

• Special features

• Pilot project

• Inter-federation prospects

• Some final words...

Final words...IP Address rules can not be relied upon.Use SAML for allow access to your content and services for users on or off your campus. 'Must support federated access' in your tenders.Do you have resources of interest to the wider academic community.Thank You

•www.edugate.ie