State of the art in authentication for non-SOAP web services is often still IP-address checking; federated access management is problematic due to its dependence on a user at a web browser. (Web service client software may have no direct access to the end user). This project aims to enable web services to interoperate with the UK federation by applying two recent developments: an extension of Shibboleth by Internet2 to handle an n-tier/portal use case, and the development by EDNIA of non-browser access to some federated web services.

Web Services Tiered Internet Authorisation

Download final report

State of the art in authentication for non-SOAP web services is often still IP-address checking; federated access management is problematic due to its dependence on a user at a web browser. (Web service client software may have no direct access to the end user). This project aims to enable web services to interoperate with the UK federation by applying two recent developments: an extension of Shibboleth by Internet2 to handle an n-tier/portal use case, and the development by EDINA of non-browser access to some federated web services.

Aims and objectives

The aim of the project is to produce software and documentation that will allow developers of web services to make use of the UK Access Management Federation for Education and Research to authenticate end users and obtain attributes about them for authorisation purposes. This software should not require modification of the web service being protected but may require some modifications to client software.

Project methodology

Initially the team will investigate the previous work by Internet2 and EDINA (supported by consultancy from Chad La Joie of Internet2 and key people from the JISC-funded EDINA SEE-GEO project) and develop the middleware outputs. The project team will then liaise with EDINA application development teams to develop the example use case and in parallel identify possible future external partners.

Anticipated outputs and outcomes

Outputs will be: façade software that developers can deploy in front of their own web services to handle federated access; a demonstration web service using this software, accessible via standard UK federation mechanisms; experimental (pre-demonstrator) modifications to chosen EDINA web services as test use cases for Shibboleth n-tier features; and a report documenting the other deliverables and the experience built up during the project.

The main outcomes sought are wider access to web services presently kept private due to the difficulty of access management and increased leverage from, and compatibility with, the federated access used by academic web sites.

Technology / Standards used
  • HTTP
  • SAML
  • Shibboleth
  • OGC OWS

 

Project Staff

Project Manager
  • Fiona Culloch, Senior Security Officer, EDINA, Causewayside House, 160 Causewayside, Edinburgh, EH9 1PR, +44 (0)131 651 7721 fiona.culloch@btinternet.com
Project Team
  • Sandy Shaw, EDINA, Room 2032, Computing Services, University of Edinburgh, James Clerk Maxwell Building, The King's Buildings, Mayfield Road, Edinburgh EH9 3JZ, (0131) 650 4988 s.shaw@ed.ac.uk 
  • Chris Higgins, EDINA, Causewayside House, 160 Causewayside, Edinburgh EH9 1PR, (0131) 651 1440 erpl70@holyrood.ed.ac.uk 
  • Application Developer TBC

 

Documents & Multimedia

Bookmark and Share
Summary
Start date
1 January 2010
End date
31 March 2011
Funding programme
Access and Identity Management Programme
Project website
Lead institutions
EDINA National Data Centre
Committees
  • JISC Infrastructure and Resources Committee
Topic