View
3.743
Download
1
Category
Tags:
Preview:
DESCRIPTION
Presentation given at OpenAthens workshops in Feburary/March 2009. It provides an introduction to the upcoming, second version of OpenAthens Local Authentication. OpenAthens LA provides an easy to manage multi-protocol identity provider for federated access to online services.
Citation preview
David Orrell, Eduservdavid.orrell@eduserv.org.uk
www.eduserv.org.uk
OpenAthensLA 2.0:An introduction
OpenAthens workshops, February/March 2009
2
Product goals and rationale
Architecture
Demo of administration tools
What is OpenAthens LA?
Software to enable federated access to internal and external Web resources
Identity Provider Service Providers
(resources)
Federated identity
ControlPolicy
Subscriptions
Management
Identity Provider Service Providers
(resources)
Federated identity
ControlPolicy
Subscriptions
Management
OpenAthens LA 1.0
• You know it as Athens DA
• 'Semi' federated– depends on central service
• Not fully standards compliant– only via central service
Since 1.0, a lot has changed...
1) Formation of The UK Access Management Federation, and other federations
2) Changing user behaviour• Web 2.0
• User-centric identity
• Social networks
3) Multiple identity standards• SAML
• OpenID
• Information Cards
That's all very well... but...
But...
• We've lost control and flexibility!
• We can't meet students expectations
• Athens also...– hid much of the complexity
– provided web-based administration→ distributed control
– provided statistics
Shibboleth administration
Shibboleth server
User-repository
System administrator
LibrarianConfiguration
IT Services
Our top 3 priorities for OpenAthens LA 2.0...
Priorities
1) Ease of installation, configuration & maintenance
• Web-based administration
• Built-in diagnostics and statistics
Priorities
2) Support for multiple, Open Standards
Priorities
3) Extendable• Modular architecture
• Open APIs – write your own extensions
OpenAthens LA 2.0
• Greater control...
OpenAthens LA 2.0: administration
ModelRuntime
Runtime server(s)Administration server
User-repository
System administrator
Librarian
Staff / students
Admin application(s) Model
Administration interface
Administration server
Admin application(s) Model
Administration interface
Administration server
Model history
OpenAthens LA 2.0
• More flexibility...
OpenAthens 'Atacama' platform
Protocol modules
Platform
OpenAthens LA 2.0: modules
Webserver
OpenAthens LA runtime
Platform
OpenAthens LA 2.0: modules
Webserver
• Authentication
OpenAthens LA runtime
Platform
OpenAthens LA 2.0: modules
Webserver
• Authentication
• Data-store connectors
OpenAthens LA runtime
Platform
OpenAthens LA 2.0: modules
Webserver
• Authentication
• Data-store connectors
• Identity protocols (SAML, OpenID etc)
OpenAthens LA runtime
Platform
OpenAthens LA 2.0: modules
Webserver
• Authentication
• Data-store connectors
• Identity protocols (SAML, OpenID etc)
• Attribute release policies
OpenAthens LA runtime
Platform
OpenAthens LA 2.0: modules
Webserver
• Authentication
• Data-store connectors
• Identity protocols (SAML, OpenID etc)
• Attribute release policies
• Custom attributes
• …
OpenAthens LA runtime
Open APIs: write your own modules
• OpenAthens platform is multi-language– C/C++, C#/.NET, Java, PHP, Ruby
• Can write in-line 'scriptlets'– JavaScript, Ruby
OpenAthens LA runtime
OpenAthens LA 2.0: release schedule
March 2009:Initial Alpha
April 2009:Beta release
July 2009:OpenAthens LA 2.0General Availability
2009
June 2009:End of Betaprogramme
Thank you!
david.orrell@eduserv.org.uk
Recommended