kc-rolo project
Post on 11-Jan-2016
18 Views
Preview:
DESCRIPTION
TRANSCRIPT
KC-ROLO Project
Kidderminster College
Repository Of Learning Objects
Graham Mason&
Ed Beddows
Implementing Shibboleth at
Kidderminster College • Nearly 3 years ago we embarked on a JISC Core Middleware
Shibboleth project
• Why? because we adopted an open source VLE and other technologies within the College
• Within the College we have always had a strong open source team
• JISC advocates open source technology
What will be the benefits of Shibboleth?
• Users will have a single sign-on using an institutional ID and password for a wide range of resources, as well as the assurance that their personal data will not be disclosed to third parties.
• LRC will be free of the burden of user name and password administration, and will have new tools for managing licenses and service subscriptions.
• IT Managers will have more control of the access management process, i.e. centralised access management using the college Active Directory/LDAP store
• Institutions will have a single service to meet the requirements of e-learning, e-research and library-managed resources.
• Started with an IdP on Linux Box
• Although the Internet2 documentation was accurate in its description of how Shibboleth works
• The technical guidelines were generic and not specific, this was apparent in creating an “SP”
The Project “Birth of KC-ROLO”
Get the Documentation in place
• Our main ally was documentation
• Log progress at each step
• With pre-written scripts to download
• Continually updating scripts
How we’re using Shibboleth
• To share internal VLEs with different sections
• To share VLEs with partner institutions
• To share learning objects with partner institutions via an Open Source repository
• Contains learning objects, NLN and custom materials
• Search front end protected by shibboleth, no code change
• Shibbolized repository submitter, only members of Kidderminster College with the “Staff” attribute can submit.
Without Shibboleth
With Shibboleth
Benefits to the Users
• No multiple logins to put them off
• Access to resources at other sites provides greater choiceof materials
• Students & staff can collaborate with members of other institutions
Federated Access Management?
What is Federated Access Management?
• Federated Access Management builds a trust relationship between Identity Providers (IdP) and Service Providers (SP).
• It devolves the responsibility for authentication to a user’s home institution,
• and establishes authorisation through the secure exchange of information (known as attributes) between the two parties.
There will be three options
• Become a full member of the UK Access Management Federation, using community-supported tools.
• Become a full member of the UK Access Management Federation, using tools with paid-for support.
• Subscribe to an ‘outsourced Identity Provider’ to work through the Federation on your behalf, such as continued use of Athens with the gateways.
A little confusing? What does this mean to the college?
• Option 1. College will have a server in-house installed with Shibboleth IdP (Identity Provider) and linked to their Active Directory or LDAP store, supported by the College ICT Services.
• Options 2. College purchases the server, (this is were we have been active in carrying out this service for college’s) – install Shibboleth– link to your AD/LDAP store, provide Technical support and
documentation.
• Options 3. College will pay Athens a subscription cost to external supplier and an internal administration role.
Questions?
top related