For the next couple of days I’m at FAM09 – a JISC event about Federated Access Management.
First up Peter Tison (UCISA), and Sarah Marsh (SCONUL) on “Identity and Access as UK Priority”. Peter summarising the move towards federated access management in the UKHE sector over the last few years. JISC outlined a road map, acknowledged the need for institutional effort/resource.
There is still very little implementation of federated access (says Peter) – why?
- Lack of external resources
- Lack of internal resources
- Athens is still there …
JISC review April 2009 – about half institutions using Shibboleth and half OpenAthens (small numbers other).
Within the library Federated Access opens possibility of:
- Shared services
- Saving money by targetting subscriptions on specific user groups
- Integration with OpenID?
Across the institution Federated Access could:
- Give access to internal systems and external resources
- Access to 3rd party s/w
- Access to internal resources from off site
- Seamless access to external resources
So – Peter says what we need now is:
- Clear strategic message
- A benefits/impact analysis
- A longer road map:
- solid identity management platform
- first step as an Athens replacement – but it is more than this
- identify the internal benefits of single sign-on
- linking to external resources
Some questions around granularity of access to resources – not necessarily good thing for library resources – however is essential for other types of resources – e.g. finance systems
Second up, International developments by Josh Howlett (Janet).
Now many different federations internationally. However, can have different policies for different data elements – e.g. fallow period for reuse of EduPerson principal name. There are now quite a few projects/intitiatives looking at how you can work across these different federations – e.g. Kantara Initiative – cross-sector identity initiatives
Geant – a consortium of all the European national networks. 37 participating countries. £200million euros over 4 years – big initiatives. Geant is concerned about connecting national networks – not at an institution level generally. eduGAIN is one part of Geant.
- enable interoperability between national federations by undertaking the necessary technical and policy coordination
- To build on this interoperability
eduGAIN pilot service use cases:
What will it provide me with?
- Identity providers: obtain access to services regiestered in other federations
- Service provider: provide access to identities issued by providers registered in other federations
- Eurpoe-scale reach at a zero to modest expenditure of effort
What should I do?
- ensure national federation is aware of your interestedt
- prepare for SAML 2.0
- Be ready for October 2010
Finally before coffee Mark Cross about commercial developments
Mark is from OpenID UK.
The institution you are a member of today is only one part of your identity
Roadmap for OpenID:
- OpenID v1
- SSO & Delegation
- OpenID v2
- attribute exchange
- PAPE – Provider Authentification Policy Extension
- OpenID v3
- Contract Exchange Extension Working Group
- Increased Security
OpenID going forward. Recent meeting agreed to work on:
- Integration of OAuth Hybrid into core specifications
- Looking at supporting email as well as web address (Mark Cross felt this was a divergence from original vision of OpenID)
Big likely implementers of OpenID in the UK – the Telegraph and the BBC
Identity Management is important in its support of a Knowledge Society.