Joint Information Systems Committee 04/25/2022 | | Slide 1 Joint Information Systems Committee Supporting education and research Access & Identity Management Programme Identity Management Matters, Aston – 16 Nov 2010 Christopher Brown, [email protected]#jiscai m
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Joint Information Systems Committee 04/08/2023 | | Slide 1Joint Information Systems Committee Supporting education and research
Access & Identity Management ProgrammeIdentity Management Matters, Aston – 16 Nov 2010
1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)
Focus:– Process– Policy– Technology
Objectives
– Build foundations for production systems that universities might adopt in the future
– Prepare the sector for future developments– Improve user experience– Increase value and make AIM relevant to wider community – Enable integrated systems architecture– Develop practical tools to enable AIM
RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of Online Resource)
– Software toolkit that will allow visualisation of e-resource usage to non-technical people
– Also allow for publishing aggregated usage information to a federation operator. Aimed at installing at the institutional level, but can aggregate upwards
– Open source / open standards
– Fully documented and easy to set up/customise
– Collaborating with SWITCH and MIMAS
16/11/2010 | Slide 9
Graham MasonCardiff Univ/Kidderminster 15 months
Joint Information Systems Committee
AIM Projects – Web Services
WSTIERIA (Web Services Tiered Internet Authorization )– Make web services work with UK federation – Investigating two approaches:
• using “façade” to handle authentication• new Shib features to invoke web service between SPs
– Tested on two application domains:• Geospatial web service (SEE-GEO)• WebDAV (widely deployed remote file-access protocol layered on
HTTP)– Community Benefit
• Web services interoperate with FAM• Improve end-user experience by application componentization
– Real components need authorization• Access presently hidden web services
– Discussing with MIMAS, SDSS, Shibboleth
16/11/2010 | Slide 10
Fiona CullochEDINA 12 months
Joint Information Systems Committee
AIM Projects – NGS
A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service– Develop proxy certificate auditing infrastructure that supports
monitoring/auditing use of proxy credential• General usage monitoring• Patterns of use and prediction of misuse• Exploit and harden existing software for this
• Globus Incubator project• Extensions to support
• VO-specific monitoring and usage• Resource-specific monitoring and usage
– Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
• includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
16/11/2010 | Slide 11
Wie JieThames Valley University 15 months
Joint Information Systems Committee
SOFA (Service-Oriented Federated Authorization)– Two broad goals:
• The facilitation of data aggregation across distributed, heterogeneous data sources
• The provision of secure, assured data sharing– sif: middleware framework that facilitates the secure sharing and
aggregation of data from disparate, heterogeneous data stores– SOFA: an extension of sif that allows data owners to leverage their
access control paradigm of choice (RBAC, XACML support)– Value:
• Low cost• Limited impact• Data ownership remains unchanged
– Applications: student administration; heart modelling; research into Bipolar disorder
AIM Projects – Data sets
16/11/2010 | Slide 12
Andrew SimpsonUniversity of Oxford 12 months
Joint Information Systems Committee
SMART(Student-Managed Access to online Resources)
– There is a need for efficient, secure and usable access management system that:
• supports data owners with sharing their data
• supports data consumers with accessing this data
– Develop online data management system based on User-Managed Access (UMA) protocol
– Deploy at Newcastle to allow data to be shared more efficiently and securely.
– Evaluate UMA at Newcastle
– Contribute to standardisation effort of UMA protocol by actively participating in the UMA WG
Benefits:• Participation in the UMA WG ensures that HE requirements
for access management are taken into consideration. It also ensures that JISC and UK HE remains at the forefront of developments in Web authorisation solutions
• Scenario for UMA use case shows applicability of the new technology to HE environments
• Conducted research, experience and developed software for UMA to be reused by AIM community within and outside UK
AIM Projects – UMA
16/11/2010 | Slide 13
Maciej MachulakUniversity of Newcastle 15 months
Joint Information Systems Committee
AIM Projects – ePortfolios
eCert
– Giving you back control of your data
– To develop and test a suitable protocol for electronic certificates
– Maintain information privacy, ensure owner can have control over the usage of their eCertificates
– Prevent unauthorized modification, able to be verified in a legal context
– Lifetime validation, independent from issuing body. Allow for verification nationwide
– Easy to use while maintaining security controls, suit users with low IT skills, both students and reviewers
– Can be accessed through the issuing organisations’ or any owner-preferred ePortfolio, or be used as a standalone application
16/11/2010 | Slide 14
Lisha Chen-WilsonUniversity of Southampton15 months
Joint Information Systems Committee
AIM Projects – Logins4Life
Logins for Life– Addresses the needs of a University to engage with users throughout
their lives. – Create use cases, policies and recommendations for dealing with user
accounts throughout their changing roles while catering for existing digital identities.
– Create a test environment which will demonstrate how these policies can be delivered using open source tools.
Identity and Access Management using Social Networking Technologies
– FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships
– produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids
– Bridge to SAML/Shibboleth
• Converting information available in RDF into SAML attributes
– e.g. WebID URI into eduPersonPrincipalName
– Easy to derive membership of a project or (virtual) organisation based on the FOAF relations
– Easier ad-hoc collaborations (potentially with people outside the federation too)
16/11/2010 | Slide 16
Mike JonesUniversity of Manchester 9 months
Joint Information Systems Committee 16/11/2010 | Slide 17