Joint Information Systems Committee 04/08/2023 | | Slide 1Joint Information Systems Committee Supporting education and research

Access & Identity Management ProgrammeIdentity Management Matters, Aston – 16 Nov 2010

Christopher Brown, c.brown@jisc.ac.uk

#jiscaim

Joint Information Systems Committee

AIM – supporting Innovation

How does AIM fit in to JISC?

16/11/2010 | Slide 2

Innovation Group

Content

e-Learning

Digital Infrastructure(eResearch & Information

Environment)

OUTJIR

Committee

AIM

Joint Information Systems Committee

AIM – supporting Innovation

16/11/2010 | Slide 3

eResearch

Research Comm

Eng

JIR Committee

AIM

VREResearch

Data Mgmt

Research Infrastruc

JSR Committee

Joint Information Systems Committee

AIM Programme

1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)

Focus:– Process– Policy– Technology

Objectives

– Build foundations for production systems that universities might adopt in the future

– Prepare the sector for future developments– Improve user experience– Increase value and make AIM relevant to wider community – Enable integrated systems architecture– Develop practical tools to enable AIM

16/11/2010 | Slide 4

Exploring Innovative new areas

Joint Information Systems Committee

AIM Programme

UK Access Management Federation

– Support

– Expand

– Improve

– Increase uptake

Funding

– Shibboleth Consortium (JISC, Internet2, SWITCH)• Technical roadmap• Governance mechanisms• Operate open source project => Shibboleth Foundation?

– Extending Access Mgmt into BCE– Publisher Support– WAYFless URLs

16/11/2010 | Slide 5

Joint Information Systems Committee

Online and PDF versions

Aimed at executive and technical staff in HE & FE

Review, assess and improve performance of IdM

Raise and maintain awareness, importance and key issues of IdM

Launched UCISA/JISC conferences Spring 2010

Website:

– www.identity-project.org

Support:

– jisc-identity-management@jiscmail.ac.uk

AIM Projects – IdM Toolkit

16/11/2010 | Slide 6

John PaschoudLSECompleted June 2010

Joint Information Systems Committee

AIM Projects – IdM Toolkit Pilots

Pilots (Feb – Aug 2011)

– £200K for 3-6 projects piloting the IdM Toolkit

Institutional Benefits

– Institutions assess and review their IdM processes and policies

– Cost savings from using and acting on advice in the Toolkit

Toolkit Benefits

– Tests the Toolkit through implementation

– Increase the uptake of the Toolkit

– Not a static Toolkit

– Further develop its usefulness

16/11/2010 | Slide 7

Joint Information Systems Committee

Previous projects– GFIVO – common tools, set up wikis and blogs. Easy to set up

groups– CUCKOO – institutional level: roll it out and use it

GRAND (Granularity, Audit, N-tier and Delegation)– 1) Granularity and Delegation

• How to most effectively structure Grouper– 2) Audit and accounting

• How to process Shib and Grouper logs– 3) N-tier

• How to do integrated auto login for Shib• How to exploit Kerberos n-tier support in Shib

– http://research.ncl.ac.uk/grand

Benefits expected: • Greater uptake of access control• Scalable service • Useful audit records• Accounting ability• Improved Login experience• Practical n-tier integration• Systems integration

AIM Projects - Grouper

16/11/2010 | Slide 8

Cal RaceyUniversity of Newcastle 15 months

Joint Information Systems Committee

AIM Projects – Usage Statistics

RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of Online Resource)

– Software toolkit that will allow visualisation of e-resource usage to non-technical people

– Also allow for publishing aggregated usage information to a federation operator. Aimed at installing at the institutional level, but can aggregate upwards

– Open source / open standards

– Fully documented and easy to set up/customise

– Collaborating with SWITCH and MIMAS

16/11/2010 | Slide 9

Graham MasonCardiff Univ/Kidderminster 15 months

Joint Information Systems Committee

AIM Projects – Web Services

WSTIERIA (Web Services Tiered Internet Authorization )– Make web services work with UK federation – Investigating two approaches:

• using “façade” to handle authentication• new Shib features to invoke web service between SPs

– Tested on two application domains:• Geospatial web service (SEE-GEO)• WebDAV (widely deployed remote file-access protocol layered on

HTTP)– Community Benefit

• Web services interoperate with FAM• Improve end-user experience by application componentization

– Real components need authorization• Access presently hidden web services

– Discussing with MIMAS, SDSS, Shibboleth

16/11/2010 | Slide 10

Fiona CullochEDINA 12 months

Joint Information Systems Committee

AIM Projects – NGS

A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service– Develop proxy certificate auditing infrastructure that supports

monitoring/auditing use of proxy credential• General usage monitoring• Patterns of use and prediction of misuse• Exploit and harden existing software for this

• Globus Incubator project• Extensions to support

• VO-specific monitoring and usage• Resource-specific monitoring and usage

– Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects

• includes usage of NGS, ScotGrid, TeraGrid, D‐Grid

16/11/2010 | Slide 11

Wie JieThames Valley University 15 months

Joint Information Systems Committee

SOFA (Service-Oriented Federated Authorization)– Two broad goals:

• The facilitation of data aggregation across distributed, heterogeneous data sources

• The provision of secure, assured data sharing– sif: middleware framework that facilitates the secure sharing and

aggregation of data from disparate, heterogeneous data stores– SOFA: an extension of sif that allows data owners to leverage their

access control paradigm of choice (RBAC, XACML support)– Value:

• Low cost• Limited impact• Data ownership remains unchanged

– Applications: student administration; heart modelling; research into Bipolar disorder

AIM Projects – Data sets

16/11/2010 | Slide 12

Andrew SimpsonUniversity of Oxford 12 months

Joint Information Systems Committee

SMART(Student-Managed Access to online Resources)

– There is a need for efficient, secure and usable access management system that:

• supports data owners with sharing their data

• supports data consumers with accessing this data

– Develop online data management system based on User-Managed Access (UMA) protocol

– Deploy at Newcastle to allow data to be shared more efficiently and securely.

– Evaluate UMA at Newcastle

– Contribute to standardisation effort of UMA protocol by actively participating in the UMA WG

Benefits:• Participation in the UMA WG ensures that HE requirements

for access management are taken into consideration. It also ensures that JISC and UK HE remains at the forefront of developments in Web authorisation solutions

• Scenario for UMA use case shows applicability of the new technology to HE environments

• Conducted research, experience and developed software for UMA to be reused by AIM community within and outside UK

AIM Projects – UMA

16/11/2010 | Slide 13

Maciej MachulakUniversity of Newcastle 15 months

Joint Information Systems Committee

AIM Projects – ePortfolios

eCert

– Giving you back control of your data

– To develop and test a suitable protocol for electronic certificates

– Maintain information privacy, ensure owner can have control over the usage of their eCertificates

– Prevent unauthorized modification, able to be verified in a legal context

– Lifetime validation, independent from issuing body. Allow for verification nationwide

– Easy to use while maintaining security controls, suit users with low IT skills, both students and reviewers

– Can be accessed through the issuing organisations’ or any owner-preferred ePortfolio, or be used as a standalone application

16/11/2010 | Slide 14

Lisha Chen-WilsonUniversity of Southampton15 months

Joint Information Systems Committee

AIM Projects – Logins4Life

Logins for Life– Addresses the needs of a University to engage with users throughout

their lives. – Create use cases, policies and recommendations for dealing with user

accounts throughout their changing roles while catering for existing digital identities.

– Create a test environment which will demonstrate how these policies can be delivered using open source tools.

– http://sec.cs.kent.ac.uk/demos

16/11/2010 | Slide 15

Matthew SloweKent University 15 months

Joint Information Systems Committee

AIM Projects – Social Net and Shib

Identity and Access Management using Social Networking Technologies

– FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships

– produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids

– Bridge to SAML/Shibboleth

• Converting information available in RDF into SAML attributes

– e.g. WebID URI into eduPersonPrincipalName

– Easy to derive membership of a project or (virtual) organisation based on the FOAF relations

– Easier ad-hoc collaborations (potentially with people outside the federation too)

16/11/2010 | Slide 16

Mike JonesUniversity of Manchester 9 months

Joint Information Systems Committee 16/11/2010 | Slide 17

AIM – International Links

EUROPE

TERENA (TNC2010, TF-EMC2, REFEDS) - NRENS

Knowledge Exchange (JISC, SURFfoundation, DFG, DEF)

USA

Internet2

Kantara

Australasia

AAF (Australian Access Federation)

CAUDIT (The Council of Australian University Directors of Information Technology)

eWorks – Technical and Further Education (TAFE) sector

MoRST (Ministry of Research, Science and Technology)

Joint Information Systems Committee

Blog: http://aimprog.jiscinvolve.org/

Netvibes (#jiscaim): http://www.netvibes.com/jiscaim

JISC AIM queries: c.brown@jisc.ac.uk

Toolkit queries: jisc-identity-management@jiscmail.ac.uk

Programme tag #jiscaim

AIM – Information

16/11/2010 | Slide 18

Joint Information Systems Committee

AIM – The road ahead

Reduced funding

Concentrate on key areas of IdM

Make a business case for money from committees

More direct funding?

Community building

16/11/2010 | Slide 19

Joint Information Systems Committee

AIM – Future?

16/11/2010 | Slide 20

What should the AIM programme fund?

http

://w

ww

.flic

kr.c

om/p

hoto

s/21

2325

64@

N06

/223

4726

613/

size

s/l/

http

://w

ww

.flic

kr.c

om/p

hoto

s/tr

iple

max

imus

/156

5238

70/s

izes

/z/in

/pho

tost

ream

/ ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

chou

gh/3

6003

8163

5/si

zes/

m/in

/pho

tost

ream

/ ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

curio

usex

pedi

tions

/240

2300

942/

size

s/z/

in/p

hoto

stre

am/

ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

ugar

dene

r/24

9966

3609

/siz

es/z

/ ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

redu

ne/4

2260

64/s

izes

/o/in

/pho

tost

ream

/ ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

greg

loby

/351

5990

945/

size

s/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/es

chip

ul/1

6785

2691

/siz

es/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/aq

ua-m

arin

a/84

0167

789/

size

s/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/ja

sonm

icha

el/9

6615

7581

/siz

es/m

/in/p

hoto

stre

am/

/

http

://w

ww

.flic

kr.c

om/p

hoto

s/sm

ilygr

l/466

7529

998/

size

s/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/m

arc_

smith

/451

1843

933/

size

s/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/ca

vem

an_9

2223

/318

5534

518/

size

s/m

/in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/dm

-set

/343

5818

474/

size

s/z/

in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/in

fom

ania

c/23

8261

399/

size

s/z/

in/p

hoto

stre

am/

http

://w

ww

.flic

kr.c

om/p

hoto

s/ig

uana

jo/2

8387

0516

3/si

zes/

m/in

/pho

tost

ream

/ ht

tp:/

/ww

w.f

lickr

.com

/pho

tos/

mic

_n_2

_sug

ars/

5645

7027

6/si

zes/

o/

http

://w

ww

.flic

kr.c

om/p

hoto

s/tr

avel

inlib

raria

n/22

3839

049/

size

s/l/