This document is addressed to decision-makers and technical support staff in organisations (such as publishers and subscription agents) who supply resources and services to the UK’s higher (HE) and further (FE) education institutions. It describes the new federated access management infrastructure being implemented within the UK, the reason for its introduction and the actions required of organisations to benefit from the new system.

Federated Access Management: JISC Guide for Publishers and Serivce Providers

This is the third version of Federated Access Management: JISC Guide for Publishers and Service Providers, first published in February 2006

This document is addressed to decision-makers and technical support staff in organisations (such as publishers and subscription agents) who supply resources and services to the UK’s higher (HE) and further (FE) education institutions. It describes the new federated access management infrastructure being implemented within the UK, the reason for its introduction and the actions required of organisations to benefit from the new system.

Introduction

In November 2006, JISC launched its UK Access Management Federation, inviting higher (HE) and further (FE) education institutions throughout the UK to join the UK federation and adopt federated access management technology based on open standards. This will provide institutions with a route to single sign-on to resources through devolved authentication.

What is a federation?

A federation is a group of organisations that sign up to an agreed set of policies for exchanging information about users to enable access and use of resources and services. The federation combined with identity management software within organisations is referred to as federated access management.

Why Change?

There are a number of reasons JISC is advocating federated access management:

  • Educational institutions are demanding a single sign-on solution that supports institutional authentication of all resources whether internal to the institution, through the use of collaborative platforms or to licensed third party materials
  • Other countries have been developing their own solutions to the problem of accessing multiple resources with a single identity. A system based on international standards is therefore essential for publishers and other service providers who operate and compete at an international level
  • Federated access management separates authentication from authorisation. Authentication is controlled by the user’s home institution; authorisation is based on user attributes and controlled by the resource provider. This will mean less work in administering usernames and passwords.

Benefits

The use of federated access management and the software available to support its implementation provides significant benefits to service providers:

  • Improved user experience
    Users don’t have to remember a separate identity, they simply use their institutional username and password. This should increase the use of subscribed services and reduce the risk of users compromising their accounts by writing down their username and password and sharing it with others.
    Federated access management enables personalisation through finely controlled access to services or resources, allowing for subscriptions by department and group or courseware targeted at individual classes without releasing the identity or location of the user.
  • International take-up
    It is based on international standards and is achieving wide support in Australia, New Zealand, the USA, Japan and also in many European countries. Service providers can therefore build a skills base on one technology that will support a wide range of customers, reducing costs in time and resources.
  • More choice and flexibility
    There is no tie-in to one provider for software and implementation support, giving identity and service providers more choice about which software to use. It can be implemented using freely available open-source software, resulting in cost savings on subscription charges.

Choices for Service Providers

In developing the UK Access Management Federation, JISC has considered the requirements of both institutions and service providers in making the transition.
JISC would like to encourage all publishers of information resources that provide a service to the UK education and research community to apply for free membership of the UK federation. Information about how to join can be found on the UK federation website.

Costs of implementing a federated access management solution will depend on the model chosen by the service providers. Service providers are free to choose either open source or commercial products. The products chosen must be SAML compliant and meet the requirements of the UK federation. Service providers can either implement using in-house technical staff or outsource technical support to one of several suppliers that are now developing expertise in standards compliant software.
Technical recommendations for participants and other core federation documentation can be found on the UK federation website.

JISC Support

JISC is committed to supporting institutions and service providers in this changing environment. As well as implementing the UK federation, JISC is:

  • Funding the provision of the Athens service and Federation gateways until July 2008
  • Providing support for institutions, publishers and other service providers through the JISC Access Management Outreach Team
  • Providing additional support and training for smaller institutions and publishers that lack the technical skills and resources to implement a solution in-house
  • Providing case studies, reports, toolkits and advice from the work carried out in its ‘early adopter’ programmes
  • Ensuring the services hosted by MIMAS, EDINA and other JISC services are compliant with federated access management technologies

Timescales

Key milestones are:

  • July 2006: renewal of Athens contract and launch of the Federation gateways
  • August 2006: first early adopters joined the UK federation
  • November 2006: launch of the UK federation
  • New NESLi2 and other JISC contracts specify UK Access Management Federation compliant technologies
  • July 2008: end of JISC contract for Athens and JISC funding for the Federation gateways

Further Information and Resources

UK federation information and support

The UK federation website

For further information please contact Jane Charlton, Access Management Outreach Co-ordinator
email: j.charlton@jisc.ac.uk, tel: +44(0)776 017 3223.

JISCmail lists (join at www.jiscmail.ac.uk)

Announcements:
UKFederation-announce@jiscmail.ac.uk
JISC-shibboleth-announce@jiscmail.ac.uk

Practical and technical information:
UKFederation-discuss@jiscmail.ac.uk
JISC-shibboleth@jiscmail.ac.uk 

You can download a copy of this briefing paper below.

Bookmark and Share