AWS Community Day CPH - Three problems of Terraform
Advancing the JISC Access & Identity Management Programme
1. Joint Information Systems Committee 1/30/2015 | | Slide 1Joint Information Systems Committee Supporting education and research
Access & Identity Management Programme
Identity Management Matters, Aston – 16 Nov 2010
Christopher Brown, c.brown@jisc.ac.uk
#jiscaim
2. Joint Information Systems Committee
AIM – supporting Innovation
How does AIM fit in to JISC?
16/11/2010 | Slide 2
Innovation Group
Content
e-Learning
Digital
Infrastructure
(eResearch &
Information
Environment)
OUT
JIR
Committee
AIM
3. Joint Information Systems Committee
AIM – supporting Innovation
16/11/2010 | Slide 3
eResearch
Research
Comm
Eng
JIR
Committee
AIM
VRE
Research
Data
Mgmt
Research
Infrastruc
JSR
Committee
4. Joint Information Systems Committee
AIM Programme
1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011)
Focus:
– Process
– Policy
– Technology
Objectives
– Build foundations for production systems that universities might adopt
in the future
– Prepare the sector for future developments
– Improve user experience
– Increase value and make AIM relevant to wider community
– Enable integrated systems architecture
– Develop practical tools to enable AIM
16/11/2010 | Slide 4
Exploring Innovative
new areas
5. Joint Information Systems Committee
AIM Programme
UK Access Management Federation
– Support
– Expand
– Improve
– Increase uptake
Funding
– Shibboleth Consortium (JISC, Internet2, SWITCH)
• Technical roadmap
• Governance mechanisms
• Operate open source project => Shibboleth Foundation?
– Extending Access Mgmt into BCE
– Publisher Support
– WAYFless URLs
16/11/2010 | Slide 5
6. Joint Information Systems Committee
Online and PDF versions
Aimed at executive and technical staff in HE & FE
Review, assess and improve performance of IdM
Raise and maintain awareness, importance and key issues of IdM
Launched UCISA/JISC conferences Spring 2010
Website:
– www.identity-project.org
Support:
– jisc-identity-management@jiscmail.ac.uk
AIM Projects – IdM Toolkit
16/11/2010 | Slide 6
John Paschoud
LSE
Completed June 2010
7. Joint Information Systems Committee
AIM Projects – IdM Toolkit Pilots
Pilots (Feb – Aug 2011)
– £200K for 3-6 projects piloting the IdM Toolkit
Institutional Benefits
– Institutions assess and review their IdM processes and policies
– Cost savings from using and acting on advice in the Toolkit
Toolkit Benefits
– Tests the Toolkit through implementation
– Increase the uptake of the Toolkit
– Not a static Toolkit
– Further develop its usefulness
16/11/2010 | Slide 7
8. Joint Information Systems Committee
Previous projects
– GFIVO – common tools, set up wikis and blogs. Easy to set up
groups
– CUCKOO – institutional level: roll it out and use it
GRAND (Granularity, Audit, N-tier and Delegation)
– 1) Granularity and Delegation
• How to most effectively structure Grouper
– 2) Audit and accounting
• How to process Shib and Grouper logs
– 3) N-tier
• How to do integrated auto login for Shib
• How to exploit Kerberos n-tier support in Shib
– http://research.ncl.ac.uk/grand
Benefits expected:
• Greater uptake of access control
• Scalable service
• Useful audit records
• Accounting ability
• Improved Login experience
• Practical n-tier integration
• Systems integration
AIM Projects - Grouper
16/11/2010 | Slide 8
Cal Racey
University of Newcastle
15 months
9. Joint Information Systems Committee
AIM Projects – Usage Statistics
RAPTOR (Retrieval, Analysis, and Presentation Toolkit for usage of
Online Resource)
– Software toolkit that will allow visualisation of e-resource usage to non-
technical people
– Also allow for publishing aggregated usage information to a federation
operator. Aimed at installing at the institutional level, but can
aggregate upwards
– Open source / open standards
– Fully documented and easy to set up/customise
– Collaborating with SWITCH and MIMAS
16/11/2010 | Slide 9
Graham Mason
Cardiff Univ/Kidderminster
15 months
10. Joint Information Systems Committee
AIM Projects – Web Services
WSTIERIA (Web Services Tiered Internet Authorization )
– Make web services work with UK federation
– Investigating two approaches:
• using “façade” to handle authentication
• new Shib features to invoke web service between SPs
– Tested on two application domains:
• Geospatial web service (SEE-GEO)
• WebDAV (widely deployed remote file-access protocol layered on
HTTP)
– Community Benefit
• Web services interoperate with FAM
• Improve end-user experience by application componentization
– Real components need authorization
• Access presently hidden web services
– Discussing with MIMAS, SDSS, Shibboleth
16/11/2010 | Slide 10
Fiona Culloch
EDINA
12 months
11. Joint Information Systems Committee
AIM Projects – NGS
A Proxy Credential Auditing Infrastructure for the UK e-Science National
Grid Service
– Develop proxy certificate auditing infrastructure that supports
monitoring/auditing use of proxy credential
• General usage monitoring
• Patterns of use and prediction of misuse
• Exploit and harden existing software for this
• Globus Incubator project
• Extensions to support
• VO-specific monitoring and usage
• Resource-specific monitoring and usage
– Demonstrate in numerous projects and roll out to NGS
Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
• includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
16/11/2010 | Slide 11
Wie Jie
Thames Valley University
15 months
12. Joint Information Systems Committee
SOFA (Service-Oriented Federated Authorization)
– Two broad goals:
• The facilitation of data aggregation across distributed,
heterogeneous data sources
• The provision of secure, assured data sharing
– sif: middleware framework that facilitates the secure sharing and
aggregation of data from disparate, heterogeneous data stores
– SOFA: an extension of sif that allows data owners to leverage their
access control paradigm of choice (RBAC, XACML support)
– Value:
• Low cost
• Limited impact
• Data ownership remains unchanged
– Applications: student administration; heart modelling; research into
Bipolar disorder
AIM Projects – Data sets
16/11/2010 | Slide 12
Andrew Simpson
University of Oxford
12 months
13. Joint Information Systems Committee
SMART(Student-Managed Access to online Resources)
– There is a need for efficient, secure and usable access management
system that:
• supports data owners with sharing their data
• supports data consumers with accessing this data
– Develop online data management system based on User-Managed
Access (UMA) protocol
– Deploy at Newcastle to allow data to be shared more efficiently and
securely.
– Evaluate UMA at Newcastle
– Contribute to standardisation effort of UMA protocol by actively
participating in the UMA WG
Benefits:
• Participation in the UMA WG ensures that HE requirements
for access management are taken into consideration. It also
ensures that JISC and UK HE remains at the forefront of
developments in Web authorisation solutions
• Scenario for UMA use case shows applicability of the new
technology to HE environments
• Conducted research, experience and developed software for
UMA to be reused by AIM community within and outside UK
AIM Projects – UMA
16/11/2010 | Slide 13
Maciej Machulak
University of Newcastle
15 months
14. Joint Information Systems Committee
AIM Projects – ePortfolios
eCert
– Giving you back control of your data
– To develop and test a suitable protocol for electronic certificates
– Maintain information privacy, ensure owner can have control over the usage of
their eCertificates
– Prevent unauthorized modification, able to be verified in a legal context
– Lifetime validation, independent from issuing body. Allow for verification
nationwide
– Easy to use while maintaining security controls, suit users with low IT skills,
both students and reviewers
– Can be accessed through the issuing organisations’ or any owner-preferred
ePortfolio, or be used as a standalone application
16/11/2010 | Slide 14
Lisha Chen-Wilson
University of Southampton
15 months
15. Joint Information Systems Committee
AIM Projects – Logins4Life
Logins for Life
– Addresses the needs of a University to engage with users throughout
their lives.
– Create use cases, policies and recommendations for dealing with user
accounts throughout their changing roles while catering for existing
digital identities.
– Create a test environment which will demonstrate how these policies
can be delivered using open source tools.
– http://sec.cs.kent.ac.uk/demos
16/11/2010 | Slide 15
Matthew Slowe
Kent University
15 months
16. Joint Information Systems Committee
AIM Projects – Social Net and Shib
Identity and Access Management using Social Networking Technologies
– FOAF is an RDF (Resource Description Framework) vocabulary mainly
aimed at describing links between people and memberships
– produce a functional WebID (formerly FOAF+SSL) based
Authentication system for Shibboleth based IdP and an Authentication
and Authorisation system for Globus based grids
– Bridge to SAML/Shibboleth
• Converting information available in RDF into SAML attributes
– e.g. WebID URI into eduPersonPrincipalName
– Easy to derive membership of a project or (virtual) organisation based
on the FOAF relations
– Easier ad-hoc collaborations (potentially with people outside the
federation too)
16/11/2010 | Slide 16
Mike Jones
University of Manchester
9 months
17. Joint Information Systems Committee 16/11/2010 | Slide 17
AIM – International Links
EUROPE
TERENA (TNC2010, TF-EMC2, REFEDS) - NRENS
Knowledge Exchange (JISC, SURFfoundation, DFG, DEF)
USA
Internet2
Kantara
Australasia
AAF (Australian Access Federation)
CAUDIT (The Council of Australian University Directors of Information
Technology)
eWorks – Technical and Further Education (TAFE) sector
MoRST (Ministry of Research, Science and Technology)
18. Joint Information Systems Committee
Blog: http://aimprog.jiscinvolve.org/
Netvibes (#jiscaim): http://www.netvibes.com/jiscaim
JISC AIM queries: c.brown@jisc.ac.uk
Toolkit queries: jisc-identity-management@jiscmail.ac.uk
Programme tag #jiscaim
AIM – Information
16/11/2010 | Slide 18
19. Joint Information Systems Committee
AIM – The road ahead
Reduced funding
Concentrate on key areas of IdM
Make a business case for money from committees
More direct funding?
Community building
16/11/2010 | Slide 19
20. Joint Information Systems Committee
AIM – Future?
16/11/2010 | Slide 20
What should the AIM programme fund?