federated access management: the business case
Post on 01-Nov-2014
4.212 Views
Preview:
DESCRIPTION
TRANSCRIPT
Joint Information Systems Committee 04/08/23 | | Slide 1
Connecting People to Resources
Federated Access: Building the Business CaseNicole HarrisProgramme Manager
Joint Information Systems Committee 04/08/23 | slide 2
The JISC Roadmap
Joint Information Systems Committee 04/08/23 | slide 3
Reviewing Readiness
State
d po
sition
100%0% 50%10% 20% 30% 40% 60% 70% 80% 90%
Pragmatic range
Pragmatic range
HE
FE
State
d po
sition
100%0% 50%10% 20% 30% 40% 60% 70% 80% 90%
How many institutions will adopt federated access by July 2008?
(FE figures: Scotland, Wales and Northern Ireland only)
Joint Information Systems Committee 04/08/23 | | Slide 4
Federated Access: Developing a Business Case
Writing the Business Case
Joint Information Systems Committee 04/08/23 | slide 5
JISC InfoNet Toolkits
Joint Information Systems Committee 04/08/23 | slide 6
JISC InfoNet: Example Business Case
Example of Electronic and Document Management System Business Case Development
Joint Information Systems Committee 04/08/23 | slide 7
NMI-EDIT Enterprise Directory Implementation Roadmap
Joint Information Systems Committee 04/08/23 | slide 8
Alpha University Business Case
Joint Information Systems Committee 04/08/23 | slide 9
NMI Enterprise Authentication Roadmap
Joint Information Systems Committee 04/08/23 | slide 10
Elements of a Business Case
Strategic Fit: making the strategic case.
– Inputs and background, institutional strategy drivers (information strategy), other strategic drivers (external), timing implications, critical success factors.
Options Appraisal: the economic case.
– Including costs and benefits analysis for each option.
Commercial aspects: the financial case (1).
– Looks specifically at outsourcing and procurement issues.
Affordability: the financial case (2).
– Funds available for project (implementation) and ongoing running.
Achievability: the project management case.
– Can this be achieved within the organisation’s current capability and capacity?
Joint Information Systems Committee 04/08/23 | | Slide 11
Federated Access: Developing a Business Case
The Strategic Case
Joint Information Systems Committee 04/08/23 | slide 12
The Strategic Case: Questions to Ask
Are there institutional drivers for:
The implementation of an enterprise directory / identity management solution?
– Need to manage ‘non-standard’ users more efficiently, need to manage all users more efficiently!
Single (simplified) sign-on / devolved authentication?
– System for both internal and external resources.
Collaborative access to resources within other institutions?
– HE / FE collaboration; franchises in other countries.
Research collaboration? Private sector collaboration?
– ‘Virtual Organisation’ support; third-stream funding opportunities.
Joint Information Systems Committee 04/08/23 | slide 13
Strategic Case: Example – Kings College London
VISION STATEMENT: “Using a single password, postgraduate students can access not only King’s own electronic resources but also those of other universities and institutions by co-operative agreements.
VISION STATEMENT: “Provide services which reduce the burden of administration and information management.”
VISION STATEMENT: “Provide services which facilitate scholarly communication, collaboration and research
Federated access management allows not only single sign-on internally using an institutional password, but also allows users to access resources (such as VLEs) at other institutions using that same password (i.e. no need to register elsewhere).
Devolved authentication means that institution do not have to administer Athens accounts and single sign-on reduces the need for libraries to manage people as well as resources.
Federated access management supports the adoption of ‘virtual organisations and key research tools (such as open access repositories) have been ‘federated’.
Joint Information Systems Committee 04/08/23 | | Slide 14
Federated Access: Developing a Business Case
The Options Appraisal
Joint Information Systems Committee 04/08/23 | slide 15
Institutional Options
BECOME A FULL MEMBER OF THE FEDERATION USING COMMUNITY SUPPORTED TOOLS
– COSTS: Institutional effort to implement software, join federation and enhance institutional directories
– BENEFITS: Full institutional control, skilled staff and access management solution for internal, external and collaborative resources
BECOME A FULL MEMBER OF THE FEDERATION USING TOOLS WITH PAID-FOR SUPPORT
– COSTS: Cost of support from supplier and institutional effort in liaison with supplier and Federation
– BENEFITS: Full support in implementation and access management solution for internal, external and collaborative resources
SUBSCRIBE TO AN ‘OUTSOURCED IDENTITY PROVIDER’ TO WORK THROUGH THE FEDERATION ON YOUR BEHALF (SUCH AS USE OF CLASSIC ATHENS WITH THE GATEWAYS)
– COSTS: Subscription costs to external supplier (from July 2008) and internal administration role
– BENEFITS: Minimum institutional effort to achieve access to external resources only
Joint Information Systems Committee 04/08/23 | slide 16
JISC Options
Options appraisal for Services taken at the point where technology, capability and requirements of the community had been fully established through JISC Development programmes.
A. Move Athens to subscription model, no future development.
B. Continue funding Athens, no future development.
C. Continue funding Athens, continue funding development.
D. Transition to federated service, no continued Athens funding.
E. Transition to federated service, limited Athens support.
F. Transition to federated service, continued Athens support.
Joint Information Systems Committee 04/08/23 | slide 17
Options Appraisal: JISC example
Overview This option would amount to JISC taking the decision to cease financially supporting access management solutions for the community. It presumes that the Athens service is now a stable and self-sustaining model, and that an appropriate subscription model can be applied across HEIs, FEIs and Service Providers.
Cost Eduserv have announced that they will charge a maximum of 50p per account per institution per annum for continued provision of the Athens service. At current service provision (3.5 million user accounts), the cost to UK Higher and Further Education Institutions will be £1,750,000. This represents an increase in cost of the community of £1,120,000 above the JISC managed solution currently supplied.
Benefits - Release of JISC service funds.- Meets approach of the JISC Development – Service model in terms of moving robust
services to subscription models.
Risks - Fails to meet JISC Strategy on several fronts – ceasing to be innovative and world class status; failing to be economic and efficient in terms of services offered.
- Negative reaction from community.- Access Management a core function of service provision within the strategy. Failure to
support will impact on all areas of JISC. - Lack of innovation affects UK / JISC International standing.
Recommendation Not recommended as a strategically sound direction for JISC.
Joint Information Systems Committee 04/08/23 | | Slide 18
Federated Access: Developing a Business Case
The Financial Case
Joint Information Systems Committee 04/08/23 | slide 19
Financial Case: procurement and commercial issues
JISC ‘Institutional Preparedness’ Study (170 institutions):
Directory Services:
– 66% HE / 69% FE use Active Directory
– 31% HE / 13% FE use Novell eDirectory
– 27% HE / 31 % FE use OpenLDAP
Outsourcing / Delegation of Identity Management:
– 2% of HE / 0% FE outsource directory / identity management
– 25% HE allow departmental control of identity management
Current use of Athens:
– Classic Athens: 57% HE / 78% FE
– AthensDA: 35% HE / 7% FE
Joint Information Systems Committee 04/08/23 | slide 20
Financial Case: implementation and ongoing
Costs associated with adopting federated access management need to be assessed on an institution by institution basis.
Depend on starting point (state of directory services, choice of directory services, use of Athens, size of institution etc. etc.).
Depends on ‘end’ goal (full single sign-on implementation or more lightweight approach).
Use case studies of ‘early adopters’ to judge where you might be – please contact me.
Talk to the early adopters (they are very nice).
NMI-EDIT full Enterprise Directory project example: £250,000 capital, £130,000 recurrent.
Simple adoption of federated access management: £5,000.
Early adopter projects: £50,000. All successful within these constraints.
Athens: no more than 50p per user account for all Athens systems.
Joint Information Systems Committee 04/08/23 | | Slide 21
Federated Access: Developing a Business Case
The Project Management Case
Joint Information Systems Committee 04/08/23 | slide 22
Technical Capability / Management Buy-In
Outreach and Outsource
Outreach
Low High
Low
Tec
hnic
al C
apab
ility
Federation Support
Hig
h
Management Buy-In
Training
Joint Information Systems Committee 04/08/23 | slide 23
Achievability: Skill Set (with thanks to Swish!)
Skill area Minimum requirements
Operating System Security policy management for controlling port use .Where to install applications, configuration files. Syslogd operation, writing startup services, obtaining and inspecting packet dumps, writing scripts to monitor and control multiple log files in many windows and using filtering, sorting and pattern matching to reformat output.
Webserver (Apache, IIS) Knowledge of the configuration files for the webserver and being able to correctly specify values for all directives. Virtual host configuration with SSL. Adding modules, building modules Configuring a content management system to host documentation about procedures and configuration file changes.
SSL PKI; Use of the openssl command and every optionTrust stores and certificate storesObtaining certificates, installing them, converting to/from different encoded methods.Building certificate chains.
HTTP and HTML Writing simple web pages; Meaning of every HTTP code; CSS authoring
Tomcat Configuration files: server.xml, workers2.properties, tomcat-users.xmlApplication WAR deployment; Use of conf, webapps, WEB-INF and classes directories.Mod_jk use and Tomcat modification to use it; “ant command” and editing build.properties and build.xml files.Build WAR and dist files.
Java Log4j and log4cpp configuration options;Analyzing stack traces and locating configuration errors.
XML Format and content of XML files; Namespace (xmlns) definition and use; XML Schema definitions
SAML Profiles, bindings and extensions
CVS Setting up a CVS Repository; Populating (importing) new data;Check out/in.
Joint Information Systems Committee 04/08/23 | slide 24
In Summary
All institutions have options to consider regarding the adoption of federated access management.
– Gateways ensure that it is your decision and not ‘chicken and egg’.
Institutions have a wide range of drivers that support the adoption of federated access management.
– Collaborative eLearning, eResearch, ePortfolios, Open Access Repositories, Information / Knowledge Strategies.
It is important that this is planned and considered on an institutional basis.
– What is the best fit for your institution?
– What’s in your strategy already?
Lots of resources available to help in the planning process.
Joint Information Systems Committee 04/08/23 | slide 25
References and Contacts
CONTACTS
Nicole Harris, JISC Programme Manager: n.harris@jisc.ac.uk; 07734 058308.
JISC Access Management Outreach Team: jisc-access-management@jiscmail.ac.uk
REFERENCES
JISC InfoNet: www.jiscinfonet.ac.uk
NMI-EDIT: www.nmi-edit.org
JISC Support: www.jisc.ac.uk/federation
UK Access Management Federation: www.ukfederation.org.uk
top related