Embed Size (px)
Citation preview
Developments in Access and Identity Management
Phil Leahy – Athens Product Manager
Access management choices
• Now in transition period
• A mix of access management tools– IP authentication
– vendor usernames/passwords
– EZproxy
– Athens (classic or AthensDA)
– …and now Shibboleth® too
• Choices for the future must be based on organisational IT strategy
Dealing with change
• Standards are evolving– Mixture of technologies
– Increase in complexity
• Standards and technologies are ‘talked up’ by their promoting communities– Education -> Shibboleth®
– Commercial vendors -> Liberty Alliance
– Microsoft/IBM -> WS-*/CardSpace
• Need for agility to meet changing demands
Where are we headed?
• Federated access management– separates authentication from
authorisation– reduces the number of IDs for users– allows organisations to decide what
information about users is released– allow organisations to take greater
control of access management procedures
– Organisations with common policies form a federation
The changing AMS environment
• JISC encouraging UK FE and HE to implement Shibboleth®
• NHS expecting their SSO project to be SAML-compliant– No fixed date
• Small number of publishers with SAML/ Shibboleth® support
• Costs of change are significant
Implications for organisations (1)
• Acquire skills needed for implementation
– Shibboleth® and related technologies are new and complex
• Develop local interfaces– User management, usage statistics,
misuse reporting
• Reduced administrative overheads– No need to manage multiple usernames
and passwords
Implications for organisations (2)
• Should your organisation do this?– Robust directory service a prerequisite– Some organisations still using multiple
local databases
• Consider using an outsourced identity provider
– Classic Athens or Athens Devolved Authentication (AthensDA)
– Evolving towards full support for open standards (e.g. is already Shibboleth®-compliant)
What this means for publishers
• Access-control requirements evolve, e.g.
– Emerging standards– Multiple standards
• Business needs of publishers change, e.g.
– New customer base– Change of customer requirements
• Athens <-> Shibboleth® gateways– Only transitional tools
Choices for publishers
• Acquire skills needed for implementation
– Shibboleth® and related technologies are new and complex
• Use a middleware provider– Technical staff can support core
business
– Reduced implementation and maintenance costs
Eduserv’s Atacama programme
• Beta programme launched October 2006
• Open to all Athens service providers– Other publishers welcome
• Single authentication mechanism– Modular– Integrate once– Adapt to changing environment– Allows publishers to connect to multiple
user bases and federations
Why Eduserv?
• 10 years experience of supplying middleware to publishers
– Technical support– Service– Applications
• Single point of support– Support role of JISC’s UK federation
under discussion
• Continue to rely on Eduserv’s resilience– 100% uptime since 1999
More information
www.athensams.net
