SlideShare une entreprise Scribd logo
1  sur  15
Télécharger pour lire hors ligne
Beyond Library eResources: Using OpenAthens for enterprise security,[object Object],Jonathan Richardson – Assistant CIS Director,[object Object],Robin Keith – Head of Web Development,[object Object]
March 14, 2011,[object Object],Who are we?,[object Object],300 acre campus university on the outskirts of Norwich,[object Object],23, 000 students,[object Object],Rated in the top 3 of main stream universities in the NSS,[object Object],fourth greatest concentration of ‘most highly cited researchers’ in the UK, after London, Oxford and Cambridge.,[object Object]
March 14, 2011,[object Object],Athens @ UEA,[object Object],Pre 2006 used Classic Athens,[object Object],High cost of management,[object Object],Non user friendly – multiple passwords,[object Object],2006 Implemented Athens DA ,[object Object],Is linked in to the UEA Identity Management System for roles, and Active Directory for authentication,[object Object],Uses Athens/Shibboleth gateway.,[object Object],We only access others/external resources – no UEA Service Provider.,[object Object],We need to move forwards…,[object Object]
March 14, 2011,[object Object],Why?What’s changed?,[object Object],Climate Science Hack has focused UEA on the security of our systems.,[object Object],UEA is a target for hackers and phishing attacks.,[object Object],Authentication and role based access from mobile devices needs addressing.,[object Object],Need to provide means to place UEA content in the users space,[object Object],Need to develop a seamless, flexible and consistent authentication environment.,[object Object],Need a way of putting more of our content into a federated environment.,[object Object]
March 14, 2011,[object Object],What we want to do:Our Objective…,[object Object],To have a single, seamless environment, that supports internal and external authentication, supporting automatic single sign on, via multiple protocols, to internal and external resources, based on the attributes of the user and level of confidence in the authentication and device being used.,[object Object],There are many providers of Federated Access products,[object Object],Only OpenAthens allows SAML, Shibboleth and Athens,[object Object]
What we want to do:Components…,[object Object],March 14, 2011,[object Object],Authentication,[object Object],Identity Management,[object Object],Federated Access,[object Object]
March 14, 2011,[object Object],Personnel,[object Object],Components:Identity Management…,[object Object],Dept,[object Object],Oracle Roles,[object Object],Grade,[object Object],AD Groups,[object Object],Visitors,[object Object],Contractor,,[object Object],Honorary, etc,[object Object],Blackboard Groups,[object Object],Course,[object Object],Students,[object Object],Library Rights,[object Object],FT/PT,[object Object],Physical Access,[object Object],Applicants,[object Object],Status,[object Object],E:resources,[object Object],Partners,[object Object],Alumni,[object Object]
March 14, 2011,[object Object],Components:Authentication,[object Object],Eliminates complexity by allowing Unix, Linux, and Mac systems to participate as “full citizens” in Active Directory,[object Object],Provides centralized authentication and single sign-on,[object Object],Allows smart card authentication for Unix and Linux systems,[object Object],Facilitates migration to a single Active Directory-based infrastructure for all systems and users,[object Object],Simplifies security and compliance Group Policy for Unix, Linux, and Mac OS X systems,[object Object],Vintella Services for Java enable AD authentication at the application level,[object Object],Vintella Authentication Services,[object Object]
OpenAthens LA,[object Object],Support multiple protocols so gives us the best flexibility,[object Object],OpenAthens SP,[object Object],For UEA collections provides the route for us to become a publisher.,[object Object],SimpleSAML,[object Object],Provides a lightweight route for us to SAML enable many internal resources,[object Object],Working with suppliers to enable SAML/Shibboleth authentication,[object Object],March 14, 2011,[object Object],Components:Federated Access…,[object Object]
Putting it together:Extending OpenAthens…,[object Object],Return Reason,[object Object],, ,[object Object],Password Expired,[object Object],Browser,[object Object],etc,[object Object],Capability,[object Object],VAS ,[object Object],YES,[object Object],SPNEGO,[object Object],Request In,[object Object],O,[object Object],Authentication,[object Object],N,[object Object],ATHENS,[object Object],Attribute Provider,[object Object],Login,[object Object],Automatic Login,[object Object],Authentication,[object Object],Anti Phishing,[object Object],SHIBOLETH,[object Object],Attributes,[object Object],NO,[object Object],SAML,[object Object],Y,[object Object],Roles,[object Object],LDAP,[object Object],Anti Phishing ,[object Object],Level of ,[object Object],Login Screen,[object Object],Authenticated,[object Object],E,[object Object],Response Out,[object Object],ID,[object Object],(,[object Object],via LDAP Proxy,[object Object],),[object Object],Screen,[object Object],confidence,[object Object],S,[object Object],Level of ,[object Object],Confidence,[object Object],ATHENS,[object Object],SHIBOLETH,[object Object],SAML,[object Object],Custom Auth ,[object Object],Provider,[object Object],Alternative,[object Object],Login Screen,[object Object],Mapping,[object Object],(,[object Object],Facebook etc,[object Object],),[object Object],rd,[object Object],3,[object Object],party Idp,[object Object],UEA IDMS,[object Object],(,[object Object],SPOT,[object Object],),[object Object]
OpenAthensIdP,[object Object],UEA Active Directory ,[object Object],SPOT GUI,[object Object],Blackboard,[object Object],UEA Alumni,[object Object],Always Authenticated Route,[object Object],Polopoly (intranet),[object Object],Single Sign On Route,[object Object],UEA CRM Contacts,[object Object],Polopoly (admin),[object Object],UEA Research Partners,[object Object],ePrints,[object Object],Athens,[object Object],OpenId,[object Object],External Journals,[object Object],InfoCard,[object Object],How?Enabling a variety of access…,[object Object]
March 14, 2011,[object Object],Progress:What we have done so far…,[object Object],Custom install of OpenAthens LA 2.1 – the basic install was not secure!,[object Object],https infrastructure,[object Object],Implemented automatic login via SPNEGO,[object Object],Integration with QAS (Quest/Vintella Product),[object Object],Return authentication sub errors via php auth module, enabling password expiry management,[object Object],Implemented SimpleSAML Service Provider,[object Object]
March 14, 2011,[object Object],Progress:What we have learnt so far..,[object Object],SAML setups are HARD - especially with pki's,[object Object],OpenAthens makes it a bit easier - but docs could be more detailed.,[object Object],Need better public documentation of setting up various Service Providers.,[object Object],Eduserve support has been really helpful.,[object Object]
March 14, 2011,[object Object],What’s Next?This is not a short term project!,[object Object],Configure internal apps for SAML,[object Object],Blackboard, Aleph, SITS e:Vision, etc.,[object Object],Research OpenAthens as a keystone for collaborative working tools,[object Object],Enable trusting the home institution.,[object Object],	Not just UKHEIs but globally, plus NHS and UK/EU governments.,[object Object],Address policy issues (ToCU etc),[object Object],Address Teaching and Learning, Admin, Student Experience,[object Object],- SU eVoting,[object Object],- Placements - Medical + PGCE courses, collaboration with placement partners,[object Object],Link external IDs like Facebook to internal accounts, with reduced levels of confidence.,[object Object]
Questions?,[object Object],March 14, 2011,[object Object]

Contenu connexe

Similaire à Beyond Library eResources: Using OpenAthens for Enterprise Security

Portal Coe Ishare Intro Deck
Portal Coe Ishare Intro DeckPortal Coe Ishare Intro Deck
Portal Coe Ishare Intro Deckandythompson
 
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...Santo Nucifora
 
Shibboleth - A technical perspective
Shibboleth - A technical perspectiveShibboleth - A technical perspective
Shibboleth - A technical perspectiveJISC RSC Southeast
 
ER&L 2011 - Innovative eResource Workflow Strategies
ER&L 2011 - Innovative eResource Workflow StrategiesER&L 2011 - Innovative eResource Workflow Strategies
ER&L 2011 - Innovative eResource Workflow StrategiesKelly Smith
 
JISC License Workshop
JISC License WorkshopJISC License Workshop
JISC License WorkshopJISC.AM
 
New Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTINew Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTIJohn Lewis
 
Designing your Product as a Platform
Designing your Product as a PlatformDesigning your Product as a Platform
Designing your Product as a PlatformMicah Laaker
 
Designing Product As A Platform
Designing Product As A PlatformDesigning Product As A Platform
Designing Product As A Platformanandkhisti
 
Remote login based library services
Remote login based library servicesRemote login based library services
Remote login based library servicesDr Trivedi
 
2004 01 10 Chef Sa V01
2004 01 10 Chef Sa V012004 01 10 Chef Sa V01
2004 01 10 Chef Sa V01jiali zhang
 
LifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social NetworksLifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social NetworksKalman Graffi
 
According To The Author Of “Build A Streamlined Refinery”,
According To The Author Of “Build A Streamlined Refinery”,According To The Author Of “Build A Streamlined Refinery”,
According To The Author Of “Build A Streamlined Refinery”,Jill Lyons
 
The Coming Functionality Mashup
The Coming Functionality MashupThe Coming Functionality Mashup
The Coming Functionality MashupCharles Severance
 
Norfolk Intranet 2.0
Norfolk Intranet 2.0Norfolk Intranet 2.0
Norfolk Intranet 2.0djoneseaccess
 
Future Technology Ideas For CIU
Future Technology Ideas For CIUFuture Technology Ideas For CIU
Future Technology Ideas For CIUthowell
 

Similaire à Beyond Library eResources: Using OpenAthens for Enterprise Security (20)

Portal Coe Ishare Intro Deck
Portal Coe Ishare Intro DeckPortal Coe Ishare Intro Deck
Portal Coe Ishare Intro Deck
 
Sup documentation
Sup documentationSup documentation
Sup documentation
 
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...
Seneca’s Implementation of Blackboard Learn as an Institutional Portal at BbW...
 
2011 03-03-blti-umass
2011 03-03-blti-umass2011 03-03-blti-umass
2011 03-03-blti-umass
 
Shibboleth - A technical perspective
Shibboleth - A technical perspectiveShibboleth - A technical perspective
Shibboleth - A technical perspective
 
ER&L 2011 - Innovative eResource Workflow Strategies
ER&L 2011 - Innovative eResource Workflow StrategiesER&L 2011 - Innovative eResource Workflow Strategies
ER&L 2011 - Innovative eResource Workflow Strategies
 
JISC License Workshop
JISC License WorkshopJISC License Workshop
JISC License Workshop
 
e-Framework Tools
e-Framework Toolse-Framework Tools
e-Framework Tools
 
E-granthalaya ILMS
E-granthalaya ILMSE-granthalaya ILMS
E-granthalaya ILMS
 
New Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTINew Opportunites to Connect Learning with LIS and LTI
New Opportunites to Connect Learning with LIS and LTI
 
Designing your Product as a Platform
Designing your Product as a PlatformDesigning your Product as a Platform
Designing your Product as a Platform
 
Designing Product As A Platform
Designing Product As A PlatformDesigning Product As A Platform
Designing Product As A Platform
 
Remote login based library services
Remote login based library servicesRemote login based library services
Remote login based library services
 
2004 01 10 Chef Sa V01
2004 01 10 Chef Sa V012004 01 10 Chef Sa V01
2004 01 10 Chef Sa V01
 
LifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social NetworksLifeSocial - A P2P-Platform for Secure Online Social Networks
LifeSocial - A P2P-Platform for Secure Online Social Networks
 
According To The Author Of “Build A Streamlined Refinery”,
According To The Author Of “Build A Streamlined Refinery”,According To The Author Of “Build A Streamlined Refinery”,
According To The Author Of “Build A Streamlined Refinery”,
 
The Coming Functionality Mashup
The Coming Functionality MashupThe Coming Functionality Mashup
The Coming Functionality Mashup
 
Norfolk Intranet 2.0
Norfolk Intranet 2.0Norfolk Intranet 2.0
Norfolk Intranet 2.0
 
Future Technology Ideas For CIU
Future Technology Ideas For CIUFuture Technology Ideas For CIU
Future Technology Ideas For CIU
 
Ideas
IdeasIdeas
Ideas
 

Plus de Eduserv

Phase two of OpenAthens SP evolution including OpenID connect option
Phase two of OpenAthens SP evolution including OpenID connect optionPhase two of OpenAthens SP evolution including OpenID connect option
Phase two of OpenAthens SP evolution including OpenID connect optionEduserv
 
Partnership Licensing - allowing access to licensed resources
Partnership Licensing - allowing access to licensed resources Partnership Licensing - allowing access to licensed resources
Partnership Licensing - allowing access to licensed resources Eduserv
 
Lightning talk - EBSCO
Lightning talk - EBSCOLightning talk - EBSCO
Lightning talk - EBSCOEduserv
 
Lightning talk - Boopsie
Lightning talk - BoopsieLightning talk - Boopsie
Lightning talk - BoopsieEduserv
 
Lightning talk - Softlink
Lightning talk - SoftlinkLightning talk - Softlink
Lightning talk - SoftlinkEduserv
 
Lightning talk - Third Iron BrowZine
Lightning talk - Third Iron BrowZineLightning talk - Third Iron BrowZine
Lightning talk - Third Iron BrowZineEduserv
 
Lightning talk - Eduserv Chest Agreements
Lightning talk - Eduserv Chest AgreementsLightning talk - Eduserv Chest Agreements
Lightning talk - Eduserv Chest AgreementsEduserv
 
Phase one of OpenAthens SP evolution
Phase one of OpenAthens SP evolutionPhase one of OpenAthens SP evolution
Phase one of OpenAthens SP evolutionEduserv
 
Key considerations when mapping your end user experience
Key considerations when mapping your end user experienceKey considerations when mapping your end user experience
Key considerations when mapping your end user experienceEduserv
 
Our product development methodology
Our product development methodologyOur product development methodology
Our product development methodologyEduserv
 
How Readers Discover Content
How Readers Discover ContentHow Readers Discover Content
How Readers Discover ContentEduserv
 
OpenAthens product update
OpenAthens product updateOpenAthens product update
OpenAthens product updateEduserv
 
OpenAthens Customer Conference - Welcome address
OpenAthens Customer Conference - Welcome addressOpenAthens Customer Conference - Welcome address
OpenAthens Customer Conference - Welcome addressEduserv
 
Generating leads with content marketing
Generating leads with content marketingGenerating leads with content marketing
Generating leads with content marketingEduserv
 
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016Eduserv
 
Mobius from Maplesoft
Mobius from MaplesoftMobius from Maplesoft
Mobius from MaplesoftEduserv
 
QSR NVivo
QSR NVivo QSR NVivo
QSR NVivo Eduserv
 
How Eduserv are helping local government organisations
How Eduserv are helping local government organisationsHow Eduserv are helping local government organisations
How Eduserv are helping local government organisationsEduserv
 
Is cloud the right fit for your needs?
Is cloud the right fit for your needs?Is cloud the right fit for your needs?
Is cloud the right fit for your needs?Eduserv
 
Planning your cloud strategy: Adur and Worthing Councils
Planning your cloud strategy: Adur and Worthing CouncilsPlanning your cloud strategy: Adur and Worthing Councils
Planning your cloud strategy: Adur and Worthing CouncilsEduserv
 

Plus de Eduserv (20)

Phase two of OpenAthens SP evolution including OpenID connect option
Phase two of OpenAthens SP evolution including OpenID connect optionPhase two of OpenAthens SP evolution including OpenID connect option
Phase two of OpenAthens SP evolution including OpenID connect option
 
Partnership Licensing - allowing access to licensed resources
Partnership Licensing - allowing access to licensed resources Partnership Licensing - allowing access to licensed resources
Partnership Licensing - allowing access to licensed resources
 
Lightning talk - EBSCO
Lightning talk - EBSCOLightning talk - EBSCO
Lightning talk - EBSCO
 
Lightning talk - Boopsie
Lightning talk - BoopsieLightning talk - Boopsie
Lightning talk - Boopsie
 
Lightning talk - Softlink
Lightning talk - SoftlinkLightning talk - Softlink
Lightning talk - Softlink
 
Lightning talk - Third Iron BrowZine
Lightning talk - Third Iron BrowZineLightning talk - Third Iron BrowZine
Lightning talk - Third Iron BrowZine
 
Lightning talk - Eduserv Chest Agreements
Lightning talk - Eduserv Chest AgreementsLightning talk - Eduserv Chest Agreements
Lightning talk - Eduserv Chest Agreements
 
Phase one of OpenAthens SP evolution
Phase one of OpenAthens SP evolutionPhase one of OpenAthens SP evolution
Phase one of OpenAthens SP evolution
 
Key considerations when mapping your end user experience
Key considerations when mapping your end user experienceKey considerations when mapping your end user experience
Key considerations when mapping your end user experience
 
Our product development methodology
Our product development methodologyOur product development methodology
Our product development methodology
 
How Readers Discover Content
How Readers Discover ContentHow Readers Discover Content
How Readers Discover Content
 
OpenAthens product update
OpenAthens product updateOpenAthens product update
OpenAthens product update
 
OpenAthens Customer Conference - Welcome address
OpenAthens Customer Conference - Welcome addressOpenAthens Customer Conference - Welcome address
OpenAthens Customer Conference - Welcome address
 
Generating leads with content marketing
Generating leads with content marketingGenerating leads with content marketing
Generating leads with content marketing
 
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
 
Mobius from Maplesoft
Mobius from MaplesoftMobius from Maplesoft
Mobius from Maplesoft
 
QSR NVivo
QSR NVivo QSR NVivo
QSR NVivo
 
How Eduserv are helping local government organisations
How Eduserv are helping local government organisationsHow Eduserv are helping local government organisations
How Eduserv are helping local government organisations
 
Is cloud the right fit for your needs?
Is cloud the right fit for your needs?Is cloud the right fit for your needs?
Is cloud the right fit for your needs?
 
Planning your cloud strategy: Adur and Worthing Councils
Planning your cloud strategy: Adur and Worthing CouncilsPlanning your cloud strategy: Adur and Worthing Councils
Planning your cloud strategy: Adur and Worthing Councils
 

Beyond Library eResources: Using OpenAthens for Enterprise Security

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.

Notes de l'éditeur

  1. Identity Management who a person is what we know about a personAuthentication are they who they say they areFederated Access what can they access
  2. Not using ldap – or use a secure versionHandle password errors etcAs we increase security we increase the need to support password changes Reducing help desk callsConsistent anti phishing