Connecting People to Resources Federated Access Management: A roadmap
This article first appeared in JISC inform 13, Spring 2006. Revised March 2008
Connecting students and staff to resources subscribed to by educational institutions is essential to the sector. Nicole Harris looks at how the evolving needs of e-learning and e-research communities require some far-reaching changes to the ways in which institutions manage access to resources.
Technical developments and the growing need for collaborative approaches in e-learning and e-research have led JISC to devote significant funds to the implementation of the next generation access management system based on Shibboleth technology. Benefits of the new system include easier access to online resources, enhanced opportunities for collaboration and greater control by institutions of access management procedures.
Central to these developments was the creation of the UK Access Management Federation, launched in November 2006.
Educational institutions throughout the UK have been invited to join the UK federation and adopt new technologies such as Shibboleth. This will provide institutions with a route to single sign-on to resources for users through the implementation of federated, devolved authentication.
The Athens service in its current form will not be funded by JISC after July 2008 and JISC has established a transition programme with clear choices to minimise disruption to end-users.
See below for an outline of the steps institutions will need to take. The table below gives the options available to institutions in adopting federated access management.
Communications have been sent to all further and higher education institutions outlining the options in greater detail, as well as the various means of support available, including case studies, training courses and advice.
Nicole Harris
JISC
Joining the UK Access Management Federation
Institutional join-up
The introduction of federated access management can shift the balance of responsibility for access management from library to IT services staff. Staff in libraries may need to work more closely with their IT colleagues to achieve this goal.
Options
Institutions will have choices and these choices should be supported by informed decisions. The potential models for adoption by institutions are given overleaf and institutions should consider how well each of their models fits with their IT strategies
Support
JISC is providing support for all institutions who wish to join the federation in a variety of forms, such as case studies, events, training courses and advice
1. Institutional Audit
Review Institutions should carry out an audit to review readiness to adopt federated access management. This would include making a choice between the three strategic JISC options, and alignment with institutional strategy.
2. Directory Development
Develop Directories need to be correctly populated with attributes about students and staff that meet the federation standard – known as the EduPerson schema.
3. Authentification Development
Choose and implement An institutional authentification, or single sign-on, system should be selected. Institutions can choose from commercial or open source products.
4. Implement IdP
Choose and implement The fourth stage is to implement identity provider software.
5. Join Federation
Action All institutions who wish to participate will need to join the UK federation by registering and agreeing to observe federation policy.
6. Institutional roll-out
Action On becoming a member of the federation, an institution will need to roll out the new system. This may include staff training and development of new user guides and support mechanisms.
Choice for Institutions
It is important to emphasise that institutions will have choices, and that these choices should be supported by informed decisions. The potential models for adoption by institutions are described in the table below and institutions should consider how well each of these models fits with their IT strategy. Case studies, reports and advice are all available from the JISC federated access management website.
| 1. Become a full member of the UK Access Management Federation, using open source software with in-house technical support |
Costs
Institutional effort to implement software, join federation and enhance institutional directories |
Benefits
Full institutional control, skilled staff and access management solution for internal, external and collaborative resources |
| 2. Become a full member of the UK Access Management Federation, using open source software with paid-for technical support |
Costs
Cost of support from supplier and institutional effort in liaison with supplier and federation |
Benefits
Full support in implementation and access management solution for internal, external and collaborative resources |
| 3. Subscribe to an ‘outsourced Identity Provider’ to work through the UK federation on your behalf. Institutions will however be required to join the UK federation if they wish to access JISC-funded resources |
Costs
Subscription costs to external supplier (from July 2008) and internal administration role |
Benefits
Minimum institutional effort to achieve access to external resources only |
Further Information
Federation advice and support
Joining the UK Federation
For further information please contact the JISC Access Management Team:
JISC-access-management@jiscmail.ac.uk
JISCmail lists (join at www.jiscmail.ac.uk)
Announcements:
UKFederation-announce@jiscmail.ac.uk
JISC-shibboleth-announce@jiscmail.ac.uk
Practical and technical information:
UKFederation-discuss@jiscmail.ac.uk
JISC-shibboleth@jiscmail.ac.uk
JISC-shibboleth-libraries@jiscmail.ac.uk