Upload
eduserv
View
1.096
Download
2
Tags:
Embed Size (px)
DESCRIPTION
David Orrell, Senior Architect, sets out the roadmap for development of the OpenAthens framework in 2010 and 2011.
Citation preview
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
New services:– Statistics– Project 'Monteverde'
Federated identity...
Identity providers
“Describe” people via attributes
PersonalName, age, email...
ImpersonalAffiliation, group...
http://www.flickr.com/photos/fin5bjh/4308269739/
Common vocabulary...
Service providers
Rely on trusted attributes received from Identity Providers
May use them to restrict access or personalise their application
The OpenAthensplatform
Identity Provider Service Provider
OpenAthens Core Platform
SAML 1OpenID OAuth SAML 2
Protocols
OpenAthens today
...
SSO Identity Management AccessManagement
Identity Provider Service Provider
High availability
Protocols
OpenAthens today
SSO Identity Management AccessManagementHigh availability
Protocols
Identity Provider Service Provider
OpenAthens today
Self-registration Bulk-upload Statistics and Reporting
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Account life-cycle tools
Protocols
OpenAthens today
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration
Protocols
Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens today
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens today
“Athens vs Shibboleth”“Shibboleth is the new Athens”
“OpenAthens is Shibboleth”
“Athens vs Shibboleth”“Shibboleth is the new Athens”
“OpenAthens is Shibboleth”
Support
Accountactivation
Accountexpiry Account monitoring Consultancy
SSO Identity Management AccessManagementHigh availability
Bulk-uploadSelf-registration Statistics and Reporting
Identity Provider Service Provider
Protocols
OpenAthens
AccessManagement
Identity Provider Service Provider
Protocols
Shibboleth
AccessManagement
Identity Provider Service Provider
Protocols
Shibboleth• Not a protocol or standard• An implementation of the SAML standards• Not an identity management system
SSO
Bulk-upload
Accountactivation
Identity Management
Self-registration
AccessManagement
Statistics and Reporting
Identity Provider Service Provider
Accountexpiry
High availability
Account monitoring Consultancy
Protocols
Support
Roadmap themes
Statistics Local authentication
http://www.flickr.com/photos/tomdegay/4005363371/
1) Getting started2) Statistics3) Diagnostics
Getting started
Tools to improve 'supportability'...
Getting started
New administration interface for OpenAthens SP
Getting started
Ease of upgrade:Seamless migration between versions
Statistics
'Live reporting' integrated into OpenAthens LA 2.1
Statistics
Breakdown of usage:• Per user category• Across services
Statistics
Current usage and long-term trends
Statistics
Visual and report formats
Diagnostics
Day-to-day support of problems• Can't log in
• Can't access resource
'Live' filtering
Diagnostics
When it breaks...• Is it my problem or theirs?
• What the heck does this error code mean?
OpenAthens SP 2.0• Objectives for this release:
– Brand new Eduserv-hosted administration interface– Health-check monitoring tools– Deep integration with ASP.NET platform– rpm, deb packages and repository
• Available summer 2010• No additional cost for OpenAthens subscribers
OpenAthens LA 2.1• Objectives for this release:
– New tools for reporting and supportability• Live usage statistics• User activity auditing and problem diagnostics
– Setup wizards– Improve delegation of administration
• Available summer 2010• No additional cost for OpenAthens subscribers
http://www.flickr.com/photos/fjny/528865728/
OpenAthens todayUpdated products:– OpenAthens LA 2.1– OpenAthens SP 2.0
New services:– Statistics– Project 'Monteverde'
More on statistics• OpenAthens LA 2.1 starting to introduce reporting
features• In the UK Federation, the current picture is bleak!• JISC funding some work in this area:
– RAPTOR project (Cardiff)– PIRIUS project
• Article-level statistics
Athens Statistics
Attributes
Statistics
Athens
Identity Provider
Service Providers
Federated Statistics
Attributes
Identity Providers
Service Providers
SAML
Federated Statistics
Attributes
Statistics
Identity Providers
Service Providers
SAML
Statistics• IdP/SP logs provide inferred statistics
– Not accurate– Remains interim solution
OpenAthens Statistics
Attributes
Identity ProvidersSAML
Statistics
Service Providers
Statistics
OpenAthens
Key features• Statistics service
– For organisations and service providers– Integrated into management tools (LA and SP)– Fully anonymised by contributors
• Open APIs– For data input and reporting (RESTful)– Can be used with any product (Shibboleth, ezProxy etc)
http://www.flickr.com/photos/heilemann/8412697/
Project “Monteverde”
http://www.flickr.com/photos/heilemann/8412697/
“Local Authenticationin The Cloud”
Project “Monteverde”
http://www.flickr.com/photos/heilemann/8412697/
“Local Authenticationin The Cloud”
Next generationManaged Directory
Project “Monteverde”
Why?
OpenAthens LA
Fully outsourced Fully in-house
OpenAthens MD
Why?
OpenAthens LA
Fully outsourced Fully in-house
OpenAthens MD
[unintentionally left blank]
Project 'Monteverde'• Goals
– Long-term replacement for current managed directory– Based on OpenAthens LA technology– Runs on cloud infrastructure– Enable us to provide highly tailored service for individual
customers
Federation support• OpenAthens LA
– UK Federation– Virtually any SAML
federation– Ad-hoc local
federations
• OpenAthens MD– UK Federation– Any OpenAthens
Service Provider
Federation support✔ Robust support for UK Federation✔ Support for other international federations✔ Support for ad-hoc local federations
✔ No need to register in UK Federation
Identity Management• OpenAthens LA
– Requires local IdM infrastructure
– Supports any attribute sets
– Supports any namespace
• OpenAthens MD– Easy web-based IdM– Bulk upload– Fixed attribute set– Shared namespace
Identity Management✔ Completely new web UI✔ Subscribing organisations will get own namespace
✔ No more account prefixes!✔ Can use email address
✔ Extensible attribute sets, compatible with multiple federations
User experience• OpenAthens LA
– Customisable login• OpenAthens MD
– Standard OpenAthens branded login
– Shared login domain (auth.athensams.net)
User experience✔ Fully cutomisable login pages✔ Organisation-specific login domain
✔ eg. idp.uni.ac.uk✔ No more 'alternative login'✔ Control over usernames
✔ User ID or email✔ OpenID, Facebook etc
Project “Monteverde”• “Local Authentication in the cloud”• Available spring 2011
– Comprehensive beta programme• Programme of rollout to current OpenAthens MD
customers