Matt Durant:

  • Bio

    Information Manager (Digital Resources) at Bath Spa University. The cynics among you may prefer to call me a Librarian!

    I have recently become obsessed with all things HTML/CSS. This site runs on Wordpress, now re-launched with my very own theme.

    I love symmetry in web design, as well as the use of pastel colours as a compliment to black and grey headings. Shoot me now.

    My blog discusses things of personal interest, as well some (potentially very dull) work-related ramblings.

    Enjoy.

  • Images

    • Access Management Federation Event

    Posted on March 12, 2009 by Matt

    Posted on the Bath Spa Shibboleth project WIKI:

    Yesterday I attended an Access Management Federation event in Bristol. The Federation promotes the use of the Shibboleth framework after the JISC withdrew its funding for Athens in July 2008.

    One of the most useful documents provided on the day was the Uk Federation Quick Reference Guide, which presents an overview of useful documents available to Librarians and IT staff, from making a business case to installing and setting up your institution as an identity provider. Below is a URL to all of these resources:

    http://www.ukfederation.org.uk/content/Documents

    A lot of this information is highly useful; there are case studies of institutions that have implemented Shibboleth as well as technical documents detailing the installation method of Shibboleth.

    Another superb resource is Janet’s EdLab, a portal containing a variety of media on a range of topics to support their events, as well as a discussion forum for users. The Federation now has its own dedicated space on the site, with a wide range of discussion and document download opportunities surrounding Shibboleth implementation.

    One important point that came out of the event was how Shibboleth can benefit institutions as a whole. It has been easy thus far for me to consider single sign-on only as a direct benefit to Library services. However at Bath Spa there are many different systems that may benefit from the security that Shib provides. For example the University has been looking at a repository for some time. Once implememented, Shibboleth could be used to provide access for other institutions that may need to get involved. I understand also that our VLE is hosted elsewhere; Shib could control the amount of information on students that is transferred off campus for authentication.

    By joining the Federation and opting with Shibboleth we are agreeing with the rules of membership. As a result we are required to consider how well we deal with personal data at the University:

    all and any Data, when provided to the Federation Operator or
    another Member (as the case may be), are accurate and up-todate
    and any changes to Metadata are promptly provided to the
    Federation Operator;

    We should have the system in place to make sure that the information we hold is accurate an up to date; does the SITS system at the University update active directory? Many IT professionals at the event talked about the ease in which a simple script can update active directory via an export from an enrolment system.

    A major theme was to consider how students/staff will be authenticated to use external resources. From the Library’s point of view we would need a service provider to be able to dicipher between user groups, as some resources are only available to staff at the University. If you the University continues to expand we may also need to assertain the school that as student belongs to. Service providers would also like to assertain whether a student is viable to access a resource, i.e enrolment may have taken place but the student is yet to pay tuition!

    There may also need to be some change in our own authentication culture. The set-up of a single sign-on means that students and staff use only one username/password to access a very wide range of systems. As a result we may have to review how often passwords are changed at the University, as authentication relies so heavily on this one log-in.

    From a technical point of view there were some interesting discussions, some of which I didn’t understand! However there exists a simple Windows (wizard-like) installer to set-up Shibboleth in a Windows environment, through which installation was presented as easy. This installs Shib 1.3 and therefore may only be useful for testing, as the federation has now moved on to support Shib 2.0. Apparently an installer for Shib 2 is being developed in the open source community. It was unclear whether Shib can run on Windows server 2008, so we may need to discuss whether this will become an issue.

    Overall the Federation provided a clear message: if you choose to install Shibboleth they will hold our hand and support us through every step of implementation. If we opt for a third party solution (i.e OpenAthens LA 2.0), we are on our own!

    The next step for me is to work out how many of our Electronic subscriptions are ‘Shibbolised’, as this will give us a very clear indication of how essential this project is overall.

    Share

    Tags: , ,

    Leave a Reply