SAFARI: Shibboleth Authentication For Access to Resource Infrastructures for UKDA
This project will investigate, develop and test a system which will apply Shibboleth middleware to three resources hosted at Essex. Using these Essex-based resources, SAFARI will then embed the resulting system seamlessly within the one-stop registration service. The three resources to be 'shibbolised' are: ESDS, the Census Registration Service and the CHCC Collection of Historical Censuses. In order to place the resource targets within the registration service, a system of target-to-target communication will be developed. This will create a transfer mechanism to identify registered users, and thus prevent users from having to register more than once. A complementary communication method is also required to identify those special conditions to which users have agreed. The final system will be evaluated via user and stakeholder consultation. The technology which is developed in the course of this project could be utilised by many other federated services, which may wish to apply Shibboleth to a model of dispersed services around a central hub.
Aims and Objectives
The overall aim of the project is to apply Shibboleth middleware to the three UKDA-hosted ESDS and Census-related resources which make use of the one-stop registration system.
The specific objectives are:
- the establishment of Shibboleth resource targets for ESDS, the Census Registration Service and the CHCC Collection of Historical Censuses;
- the embedding of these resource targets within the one-stop registration service;
- the investigation and establishment, within the target system, of a transfer mechanism to identify registered users and thus prevent users from having to register more than once;
- the investigation and establishment of a method of target-to-target communication of the details of special conditions to which users have agreed;
- the evaluation of the system via user and stakeholder consultation.
The focus of the project and activities involved:
SAFARI will, in consultation with its stakeholders, research the ways in which Shibboleth may be embedded in a dispersed data distribution system. It will then develop the system which is agreed to be the best, apply it to the three UKDA-hosted targets and beta test it.
Implications / Deliverables / Stakeholders:
The work will be written up as a case study and will include a number of reports (6-monthly progress report, exit strategy and final case study report, which will also contain user feedback). As a research project, the SAFARI team will attempt to find the best solution to the issue of implementing Shibboleth within the one-stop registration system; however, should the solution be found, at the end, not to be suitable, lessons about why not, and recommendations about an alternative way forward, will be made within the case study. For SAFARI to be successful, the system developed must be transparent for users and take them seamlessly and quickly from registration to the data resources. It must also inter-operate with the systems presently used within MIMAS and EDINA. Lastly, it must include scope for expansion and flexibility to apply more fine-grained access control, if necessary, in the future. Should the final system be deemed to be workable, this can then be embedded within the UKDA's services. This would take place outwith SAFARI UKDA, however, and would be dependent on resources. Similarly, although compatibility with services and targets within MIMAS and EDINA will form a vital part of SAFARI's work, it is not within its remit to apply the shibbolised registration system to their services.