jisc's aim programme
Post on 21-Nov-2014
672 Views
Preview:
DESCRIPTION
TRANSCRIPT
Joint Information Systems Committee 04/08/2023 | | Slide 1Joint Information Systems Committee Supporting education and research
Access & Identity Management ProgrammeIdentity Management Matters, Aston – 16 Nov 2010
Christopher Brown, c.brown@jisc.ac.uk
#jiscaim
Joint Information Systems Committee
AIM – supporting Innovation
How does AIM fit in to JISC?
16/11/2010 | Slide 2
Innovation Group
Content
e-Learning
Digital Infrastructure(eResearch & Information
Environment)
OUTJIR
Committee
AIM
Joint Information Systems Committee
AIM – supporting Innovation
16/11/2010 | Slide 3
eResearch
Research Comm
Eng
JIR Committee
AIM
VREResearch
Data Mgmt
Research Infrastruc
JSR Committee
Joint Information Systems Committee
AIM Programme
1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)
Focus:– Process– Policy– Technology
Objectives
– Build foundations for production systems that universities might adopt in the future
– Prepare the sector for future developments– Improve user experience– Increase value and make AIM relevant to wider community – Enable integrated systems architecture– Develop practical tools to enable AIM
16/11/2010 | Slide 4
Exploring Innovative new areas
Joint Information Systems Committee
AIM Programme
UK Access Management Federation
– Support
– Expand
– Improve
– Increase uptake
Funding
– Shibboleth Consortium (JISC, Internet2, SWITCH)• Technical roadmap• Governance mechanisms• Operate open source project => Shibboleth Foundation?
– Extending Access Mgmt into BCE– Publisher Support– WAYFless URLs
16/11/2010 | Slide 5
Joint Information Systems Committee
Online and PDF versions
Aimed at executive and technical staff in HE & FE
Review, assess and improve performance of IdM
Raise and maintain awareness, importance and key issues of IdM
Launched UCISA/JISC conferences Spring 2010
Website:
– www.identity-project.org
Support:
– jisc-identity-management@jiscmail.ac.uk
AIM Projects – IdM Toolkit
16/11/2010 | Slide 6
John PaschoudLSECompleted June 2010
Joint Information Systems Committee
AIM Projects – IdM Toolkit Pilots
Pilots (Feb – Aug 2011)
– £200K for 3-6 projects piloting the IdM Toolkit
Institutional Benefits
– Institutions assess and review their IdM processes and policies
– Cost savings from using and acting on advice in the Toolkit
Toolkit Benefits
– Tests the Toolkit through implementation
– Increase the uptake of the Toolkit
– Not a static Toolkit
– Further develop its usefulness
16/11/2010 | Slide 7
Joint Information Systems Committee
Previous projects– GFIVO – common tools, set up wikis and blogs. Easy to set up
groups– CUCKOO – institutional level: roll it out and use it
GRAND (Granularity, Audit, N-tier and Delegation)– 1) Granularity and Delegation
• How to most effectively structure Grouper– 2) Audit and accounting
• How to process Shib and Grouper logs– 3) N-tier
• How to do integrated auto login for Shib• How to exploit Kerberos n-tier support in Shib
– http://research.ncl.ac.uk/grand
Benefits expected: • Greater uptake of access control• Scalable service • Useful audit records• Accounting ability• Improved Login experience• Practical n-tier integration• Systems integration
AIM Projects - Grouper
16/11/2010 | Slide 8
Cal RaceyUniversity of Newcastle 15 months
Joint Information Systems Committee
AIM Projects – Usage Statistics
RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of Online Resource)
– Software toolkit that will allow visualisation of e-resource usage to non-technical people
– Also allow for publishing aggregated usage information to a federation operator. Aimed at installing at the institutional level, but can aggregate upwards
– Open source / open standards
– Fully documented and easy to set up/customise
– Collaborating with SWITCH and MIMAS
16/11/2010 | Slide 9
Graham MasonCardiff Univ/Kidderminster 15 months
Joint Information Systems Committee
AIM Projects – Web Services
WSTIERIA (Web Services Tiered Internet Authorization )– Make web services work with UK federation – Investigating two approaches:
• using “façade” to handle authentication• new Shib features to invoke web service between SPs
– Tested on two application domains:• Geospatial web service (SEE-GEO)• WebDAV (widely deployed remote file-access protocol layered on
HTTP)– Community Benefit
• Web services interoperate with FAM• Improve end-user experience by application componentization
– Real components need authorization• Access presently hidden web services
– Discussing with MIMAS, SDSS, Shibboleth
16/11/2010 | Slide 10
Fiona CullochEDINA 12 months
Joint Information Systems Committee
AIM Projects – NGS
A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service– Develop proxy certificate auditing infrastructure that supports
monitoring/auditing use of proxy credential• General usage monitoring• Patterns of use and prediction of misuse• Exploit and harden existing software for this
• Globus Incubator project• Extensions to support
• VO-specific monitoring and usage• Resource-specific monitoring and usage
– Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
• includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
16/11/2010 | Slide 11
Wie JieThames Valley University 15 months
Joint Information Systems Committee
SOFA (Service-Oriented Federated Authorization)– Two broad goals:
• The facilitation of data aggregation across distributed, heterogeneous data sources
• The provision of secure, assured data sharing– sif: middleware framework that facilitates the secure sharing and
aggregation of data from disparate, heterogeneous data stores– SOFA: an extension of sif that allows data owners to leverage their
access control paradigm of choice (RBAC, XACML support)– Value:
• Low cost• Limited impact• Data ownership remains unchanged
– Applications: student administration; heart modelling; research into Bipolar disorder
AIM Projects – Data sets
16/11/2010 | Slide 12
Andrew SimpsonUniversity of Oxford 12 months
Joint Information Systems Committee
SMART(Student-Managed Access to online Resources)
– There is a need for efficient, secure and usable access management system that:
• supports data owners with sharing their data
• supports data consumers with accessing this data
– Develop online data management system based on User-Managed Access (UMA) protocol
– Deploy at Newcastle to allow data to be shared more efficiently and securely.
– Evaluate UMA at Newcastle
– Contribute to standardisation effort of UMA protocol by actively participating in the UMA WG
Benefits:• Participation in the UMA WG ensures that HE requirements
for access management are taken into consideration. It also ensures that JISC and UK HE remains at the forefront of developments in Web authorisation solutions
• Scenario for UMA use case shows applicability of the new technology to HE environments
• Conducted research, experience and developed software for UMA to be reused by AIM community within and outside UK
AIM Projects – UMA
16/11/2010 | Slide 13
Maciej MachulakUniversity of Newcastle 15 months
Joint Information Systems Committee
AIM Projects – ePortfolios
eCert
– Giving you back control of your data
– To develop and test a suitable protocol for electronic certificates
– Maintain information privacy, ensure owner can have control over the usage of their eCertificates
– Prevent unauthorized modification, able to be verified in a legal context
– Lifetime validation, independent from issuing body. Allow for verification nationwide
– Easy to use while maintaining security controls, suit users with low IT skills, both students and reviewers
– Can be accessed through the issuing organisations’ or any owner-preferred ePortfolio, or be used as a standalone application
16/11/2010 | Slide 14
Lisha Chen-WilsonUniversity of Southampton15 months
Joint Information Systems Committee
AIM Projects – Logins4Life
Logins for Life– Addresses the needs of a University to engage with users throughout
their lives. – Create use cases, policies and recommendations for dealing with user
accounts throughout their changing roles while catering for existing digital identities.
– Create a test environment which will demonstrate how these policies can be delivered using open source tools.
– http://sec.cs.kent.ac.uk/demos
16/11/2010 | Slide 15
Matthew SloweKent University 15 months
Joint Information Systems Committee
AIM Projects – Social Net and Shib
Identity and Access Management using Social Networking Technologies
– FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships
– produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids
– Bridge to SAML/Shibboleth
• Converting information available in RDF into SAML attributes
– e.g. WebID URI into eduPersonPrincipalName
– Easy to derive membership of a project or (virtual) organisation based on the FOAF relations
– Easier ad-hoc collaborations (potentially with people outside the federation too)
16/11/2010 | Slide 16
Mike JonesUniversity of Manchester 9 months
Joint Information Systems Committee 16/11/2010 | Slide 17
AIM – International Links
EUROPE
TERENA (TNC2010, TF-EMC2, REFEDS) - NRENS
Knowledge Exchange (JISC, SURFfoundation, DFG, DEF)
USA
Internet2
Kantara
Australasia
AAF (Australian Access Federation)
CAUDIT (The Council of Australian University Directors of Information Technology)
eWorks – Technical and Further Education (TAFE) sector
MoRST (Ministry of Research, Science and Technology)
Joint Information Systems Committee
Blog: http://aimprog.jiscinvolve.org/
Netvibes (#jiscaim): http://www.netvibes.com/jiscaim
JISC AIM queries: c.brown@jisc.ac.uk
Toolkit queries: jisc-identity-management@jiscmail.ac.uk
Programme tag #jiscaim
AIM – Information
16/11/2010 | Slide 18
Joint Information Systems Committee
AIM – The road ahead
Reduced funding
Concentrate on key areas of IdM
Make a business case for money from committees
More direct funding?
Community building
16/11/2010 | Slide 19
Joint Information Systems Committee
AIM – Future?
16/11/2010 | Slide 20
What should the AIM programme fund?
http
://w
ww
.flic
kr.c
om/p
hoto
s/21
2325
64@
N06
/223
4726
613/
size
s/l/
http
://w
ww
.flic
kr.c
om/p
hoto
s/tr
iple
max
imus
/156
5238
70/s
izes
/z/in
/pho
tost
ream
/ ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
chou
gh/3
6003
8163
5/si
zes/
m/in
/pho
tost
ream
/ ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
curio
usex
pedi
tions
/240
2300
942/
size
s/z/
in/p
hoto
stre
am/
ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
ugar
dene
r/24
9966
3609
/siz
es/z
/ ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
redu
ne/4
2260
64/s
izes
/o/in
/pho
tost
ream
/ ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
greg
loby
/351
5990
945/
size
s/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/es
chip
ul/1
6785
2691
/siz
es/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/aq
ua-m
arin
a/84
0167
789/
size
s/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/ja
sonm
icha
el/9
6615
7581
/siz
es/m
/in/p
hoto
stre
am/
/
http
://w
ww
.flic
kr.c
om/p
hoto
s/sm
ilygr
l/466
7529
998/
size
s/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/m
arc_
smith
/451
1843
933/
size
s/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/ca
vem
an_9
2223
/318
5534
518/
size
s/m
/in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/dm
-set
/343
5818
474/
size
s/z/
in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/in
fom
ania
c/23
8261
399/
size
s/z/
in/p
hoto
stre
am/
http
://w
ww
.flic
kr.c
om/p
hoto
s/ig
uana
jo/2
8387
0516
3/si
zes/
m/in
/pho
tost
ream
/ ht
tp:/
/ww
w.f
lickr
.com
/pho
tos/
mic
_n_2
_sug
ars/
5645
7027
6/si
zes/
o/
http
://w
ww
.flic
kr.c
om/p
hoto
s/tr
avel
inlib
raria
n/22
3839
049/
size
s/l/
top related