JISC

Summary

There are a number of identity management systems both in place and in development in the UK academic environment and beyond. Research communities, institutional registrars, resource providers, infrastructure security teams and users all have differing ideas about these technologies and about which identity related data should be released and consumed. These separate views lead to technology divergence within academic establishments and inevitably there is a great deal of frustration and duplication of effort.

Previously we have identified(1,2) this in the domain crossover between grids and HE/FE. From this, and as part of our commitment to the UK NGS's user communities, we have developed a credential translation service linking the UK Access Management Federation to the UK eScience Certificate Authority: SARoNGS, a uni-directional link from the Shibboleth based framework asserting the identity of individuals at their organisation to the grid paradigm which consumes identity information in the form of user held, nationally issued, X.509 certificates.

We aim to expand the existing SARoNGS service to meet the needs and peculiarities of the numerous established and emergent large-scale research communities, starting with NSCCS as an exemplar and providing facilities for further communities and domains.

The project will produce a tailored community oriented Identity Portal component to the SARoNGS service exploring the AIM requirements of the user communities to aid their access to resources in the familiar Single Sign On / Federated ID environment their users are familiar with.

Acknowledging the diversity of identity management systems available, the legal regulations defined through various data handling directives across Europe and the number of requirements placed upon these systems by the differing communities and the resources they need to access, we propose to provide a Labs area to explore data release and conversion to and from various protocols and attributes under the control of the user providing clear advice where needed.

1 Shibboleth Enabled Bridge to Access the National Grid Service (SHEBANGS)
http://www.rcs.manchester.ac.uk/research/shebangs
2 ShibGrid http://www.jisc.ac.uk/whatwedo/programmes/middleware/shibgrid.aspx

Objectives

Through enhancements to the NGS SARoNGS service we aim to broaden its scope to facilitate other services and infrastructures which have chosen not to base their trust models on the Grid Security Infrastructure and the International Grid Trust Federation. This will be explored and implemented where suitable open-source or open-standard solutions allow.

Anticipated Outputs and Outcomes

The project will produce an Identity Portal interface to the SARoNGS service which will include:

• Communities Area: a location to describe community needs, attribute requirements and to present a coherent environment for the user.
• Labs Area: a location to present new technologies as they become available as part of the evolution of SARoNGS. This will contain at a minimum, interfaces and APIs used and developed and presented via the Communities Area, as well as any additional incidental or externally funded technologies.
• A case study be published within the Communities Area. This will include details of how the community was engaged and perceived impact.