openathens roadmap to 2011
DESCRIPTION
David Orrell, Senior Architect, sets out the roadmap for development of the OpenAthens framework in 2010 and 2011.TRANSCRIPT
![Page 2: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/2.jpg)
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
![Page 3: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/3.jpg)
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
New services:– Statistics– Project 'Monteverde'
![Page 4: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/4.jpg)
Federated identity...
![Page 5: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/5.jpg)
Identity providers
“Describe” people via attributes
PersonalName, age, email...
ImpersonalAffiliation, group...
![Page 6: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/6.jpg)
http://www.flickr.com/photos/fin5bjh/4308269739/
Common vocabulary...
![Page 7: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/7.jpg)
Service providers
Rely on trusted attributes received from Identity Providers
May use them to restrict access or personalise their application
![Page 8: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/8.jpg)
The OpenAthensplatform
![Page 9: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/9.jpg)
Identity Provider Service Provider
OpenAthens Core Platform
SAML 1OpenID OAuth SAML 2
Protocols
OpenAthens today
...
![Page 10: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/10.jpg)
SSO Identity Management AccessManagement
Identity Provider Service Provider
High availability
Protocols
OpenAthens today
![Page 11: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/11.jpg)
SSO Identity Management AccessManagementHigh availability
Protocols
Identity Provider Service Provider
OpenAthens today
Self-registration Bulk-upload Statistics and Reporting
![Page 12: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/12.jpg)
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Account life-cycle tools
Protocols
OpenAthens today
![Page 13: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/13.jpg)
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration
Protocols
Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens today
![Page 14: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/14.jpg)
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens today
![Page 15: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/15.jpg)
“Athens vs Shibboleth”“Shibboleth is the new Athens”
“OpenAthens is Shibboleth”
![Page 16: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/16.jpg)
“Athens vs Shibboleth”“Shibboleth is the new Athens”
“OpenAthens is Shibboleth”
![Page 17: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/17.jpg)
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens
![Page 18: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/18.jpg)
AccessManagement
Identity Provider Service Provider
Protocols
Shibboleth
![Page 19: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/19.jpg)
AccessManagement
Identity Provider Service Provider
Protocols
Shibboleth• Not a protocol or standard• An implementation of the SAML standards• Not an identity management system
![Page 20: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/20.jpg)
SSO
Bulk-upload
Accountactivation
Identity Management
Self-registration
AccessManagement
Statistics and Reporting
Identity Provider Service Provider
Accountexpiry
High availability
Account monitoring Consultancy
Protocols
Support
Roadmap themes
Statistics Local authentication
![Page 21: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/21.jpg)
http://www.flickr.com/photos/tomdegay/4005363371/
1) Getting started2) Statistics3) Diagnostics
![Page 22: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/22.jpg)
Getting started
Tools to improve 'supportability'...
![Page 23: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/23.jpg)
Getting started
New administration interface for OpenAthens SP
![Page 24: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/24.jpg)
![Page 25: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/25.jpg)
![Page 26: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/26.jpg)
![Page 27: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/27.jpg)
Getting started
Ease of upgrade:Seamless migration between versions
![Page 28: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/28.jpg)
Statistics
'Live reporting' integrated into OpenAthens LA 2.1
![Page 29: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/29.jpg)
![Page 30: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/30.jpg)
Statistics
Breakdown of usage:• Per user category• Across services
![Page 31: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/31.jpg)
Statistics
Current usage and long-term trends
![Page 32: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/32.jpg)
![Page 33: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/33.jpg)
Statistics
Visual and report formats
![Page 34: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/34.jpg)
Diagnostics
Day-to-day support of problems• Can't log in
• Can't access resource
![Page 35: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/35.jpg)
![Page 36: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/36.jpg)
'Live' filtering
![Page 37: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/37.jpg)
Diagnostics
When it breaks...• Is it my problem or theirs?
• What the heck does this error code mean?
![Page 38: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/38.jpg)
![Page 39: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/39.jpg)
![Page 40: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/40.jpg)
OpenAthens SP 2.0• Objectives for this release:
– Brand new Eduserv-hosted administration interface– Health-check monitoring tools– Deep integration with ASP.NET platform– rpm, deb packages and repository
• Available summer 2010• No additional cost for OpenAthens subscribers
![Page 41: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/41.jpg)
OpenAthens LA 2.1• Objectives for this release:
– New tools for reporting and supportability• Live usage statistics• User activity auditing and problem diagnostics
– Setup wizards– Improve delegation of administration
• Available summer 2010• No additional cost for OpenAthens subscribers
![Page 44: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/44.jpg)
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
New services:– Statistics– Project 'Monteverde'
![Page 45: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/45.jpg)
More on statistics• OpenAthens LA 2.1 starting to introduce reporting
features• In the UK Federation, the current picture is bleak!• JISC funding some work in this area:
– RAPTOR project (Cardiff)– PIRIUS project
• Article-level statistics
![Page 46: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/46.jpg)
Athens Statistics
Attributes
Statistics
Athens
Identity Provider
Service Providers
![Page 47: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/47.jpg)
Federated Statistics
Attributes
Identity Providers
Service Providers
SAML
![Page 48: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/48.jpg)
Federated Statistics
Attributes
Statistics
Identity Providers
Service Providers
SAML
![Page 49: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/49.jpg)
Statistics• IdP/SP logs provide inferred statistics
– Not accurate– Remains interim solution
![Page 50: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/50.jpg)
OpenAthens Statistics
Attributes
Identity ProvidersSAML
Statistics
Service Providers
Statistics
OpenAthens
![Page 51: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/51.jpg)
Key features• Statistics service
– For organisations and service providers– Integrated into management tools (LA and SP)– Fully anonymised by contributors
• Open APIs– For data input and reporting (RESTful)– Can be used with any product (Shibboleth, ezProxy etc)
![Page 52: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/52.jpg)
http://www.flickr.com/photos/heilemann/8412697/
Project “Monteverde”
![Page 53: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/53.jpg)
http://www.flickr.com/photos/heilemann/8412697/
“Local Authenticationin The Cloud”
Project “Monteverde”
![Page 54: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/54.jpg)
http://www.flickr.com/photos/heilemann/8412697/
“Local Authenticationin The Cloud”
Next generationManaged Directory
Project “Monteverde”
![Page 55: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/55.jpg)
Why?
OpenAthens LA
Fully outsourced Fully in-house
OpenAthens MD
![Page 56: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/56.jpg)
Why?
OpenAthens LA
Fully outsourced Fully in-house
OpenAthens MD
[unintentionally left blank]
![Page 57: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/57.jpg)
Project 'Monteverde'• Goals
– Long-term replacement for current managed directory– Based on OpenAthens LA technology– Runs on cloud infrastructure– Enable us to provide highly tailored service for individual
customers
![Page 58: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/58.jpg)
Federation support• OpenAthens LA
– UK Federation– Virtually any SAML
federation– Ad-hoc local
federations
• OpenAthens MD– UK Federation– Any OpenAthens
Service Provider
![Page 59: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/59.jpg)
Federation support✔ Robust support for UK Federation✔ Support for other international federations✔ Support for ad-hoc local federations
✔ No need to register in UK Federation
![Page 60: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/60.jpg)
Identity Management• OpenAthens LA
– Requires local IdM infrastructure
– Supports any attribute sets
– Supports any namespace
• OpenAthens MD– Easy web-based IdM– Bulk upload– Fixed attribute set– Shared namespace
![Page 61: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/61.jpg)
Identity Management✔ Completely new web UI✔ Subscribing organisations will get own namespace
✔ No more account prefixes!✔ Can use email address
✔ Extensible attribute sets, compatible with multiple federations
![Page 62: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/62.jpg)
User experience• OpenAthens LA
– Customisable login• OpenAthens MD
– Standard OpenAthens branded login
– Shared login domain (auth.athensams.net)
![Page 63: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/63.jpg)
User experience✔ Fully cutomisable login pages✔ Organisation-specific login domain
✔ eg. idp.uni.ac.uk✔ No more 'alternative login'✔ Control over usernames
✔ User ID or email✔ OpenID, Facebook etc
![Page 64: OpenAthens roadmap to 2011](https://reader036.vdocuments.mx/reader036/viewer/2022062405/5577b79fd8b42a1c068b4851/html5/thumbnails/64.jpg)
Project “Monteverde”• “Local Authentication in the cloud”• Available spring 2011
– Comprehensive beta programme• Programme of rollout to current OpenAthens MD
customers