Access & Identity ManagementMoving Forward with OpenAthens
Keith Dixon – OpenAthens Workshops Feb/March 2009
Agenda
Where have we got to with OpenAthens?
Where do we want to go?
What are we doing to get there?
What’s the next step (in 2009)?
What will it cost?
Where have we got to with OpenAthens?
OpenAthens is a framework of software and services for Access and Identity Management
AND
Uniquely for UK HE/FE institutions there is a subscription to OpenAthens that provides unlimited access to ALL of the software and services that make up the OpenAthens framework
Where have we got to with OpenAthens?
• What are the key benefits of the OpenAthens offer to UK HE/FE
– Simple to budget, annual fees plus technology flexibility
– Quick & easy implementation– Low operating costs– Fit with available library/IT expertise– Easy to change– Low risk
• Plus– Maintenance, support and development
included
Where have we got to with OpenAthens?
• What are the components of OpenAthens?– OpenAthens MD
• MD = Managed Directory– OpenAthens LA
• LA = Local Authentication– OpenAthens SP
• SP = Service Provider
• Plus– MyAthens
• A learner/research resource discovery/management tool
AthensIdentityBroker
ManagedDirectory
OpenAthens opens up the Athens Architecture…
ServiceProviders
using Athens
ServiceProviders
using Athens
ServiceProviders
using Athens
ServiceProviders
using Athens
InstitutionUsing
AthensDA
Local AuthenticationAthensDA + Identity Broker
AthensManaged Directory + Identity Broker
… to Federated Access Management (eg. the UK federation)….
ServiceProviders
using Shibboleth
InstitutionUsing
Shibboleth
UK FederationWAYF
UK FederationWAYF
InstitutionUsing
Shibboleth
… and provides both software and service solutions
ServiceProviders
using Athens
ServiceProviders
using Athens
ServiceProviders
using Athens
ServiceProviders
using Athens
ServiceProvider
using Shibboleth
OpenAthens SubscriptionShibboleth + OpenAthens Identity Broker
Op
en
Ath
en
s SP
1.1
AthensModule
ShibModule
AthensIdentityBroker
ManagedDirectory
InstitutionUsing
AthensDA
InstitutionUsing
OpenAthens LA
Op
en
Ath
en
s LA
2.0
AthensModule
ShibModule
OpenAthens
IdentityBroker
ManagedDirectory
Where have we got to with OpenAthens?
• Open and Standards Compliance
– OpenAthens LA, MD and SP - flexibility
– Low, predictable costs – local authentication and hosted options in one package
• Administrator Usability & Tools
– Easy non-IT user and entitlement management
– Familiar and easy to use
• Learner/Researcher Usability & Tools
– Basic Resource Discovery and Management
– Easy integration with library systems
How are people using OpenAthens?
• OpenAthens LA
– Easy local authentication to both Athens and Shibboleth resources, fully-supported and easy to budget
• OpenAthens MD
– Some institutions host ALL users • Limited scale, limited use, limited IT resource• Easy/quick set-up• Retain library control
– Others host SOME users (using OpenAthens LA or Shib with a local LDAP directory for the majority)
• Walk-in users, affiliated institution users • Back up to local authentication
• MyAthens
– As Library A-Z/integrated with Library portal– Low, predictable costs as part of OpenAthens subscription
Where do we want to get to?
• For institutions – Continue to increase value and reduce risk
– Greater choice– Keep costs predictable and low– Future-proofing
• For IT and Library Administrators – Increase capability and reduce workload
– Increase usability• Configuration and management in IT• Resource entitlement and ad-hoc users in
Library– More functionality
Where do we want to get to?
• Close engagement with HE/FE IT and Library needs
– External – collaboration and resource access
– Internal – identity, entitlement management and provisioning
• Close engagement with Access and Identity Management developments
– Federation standards and technologies
– User-centric standards and technologies
• Close engagement with Learner/Researchers needs
– Usability
– Integration with Resource Discovery
What are the next step? (in 2009)
• Openness and Standards Compliance
– OpenAthens LA and SP
– Ease of Install and Management
• Administrator Usability & Tools
– Processes & Interface
– Diagnostics and Statistics
• Learner/Researcher Usability & Tools
– Usability
– Resource Discovery and Management
What are we doing to get there?
• More Resources– Development
– Services
• More Events– Workshops
• Product Development Advisory Groups– OpenAthens MD
– OpenAthens LA 2.0
• Alpha Test programmes
• Beta Test programmes
What are we doing to get there?
• Major functionality releases
– OpenAthens LA 2.0
• Minor functionality releases
– Admin Tools
– MyAthens
– OpenAthens SP 1.3
• Compliance, servicing and bug fixes
– UK Fed Compliance
OpenAthens LA
• OpenAthens LA 1.0 = AthensDA PLUS access to Shibboleth (UK fed) resources via OpenAthens gateway functionality
• OpenAthens LA 2.0 – Based on the same platform as OpenAthens SP– Multi-platform/language support– Athens, SAML 1.1,2.0 (Shibboleth 1.3, 2.0) module
• OpenAthens LA 2.0 SysAdmin/Admin Tools
– Easy install, configuration, management for IT
– Easy user-entitlement admin/management for Librarians
OpenAthens MD
• OpenAthens MD 1.0 = Athens PLUS access to Shibboleth (UK fed) resources via OpenAthens gateway functionality
• OpenAthens MD 1.1
– Maintaining UK Fed compliance (Feb)
• OpenAthens MD 2.0
– Refine self-registration
– Refining fine-grained authorisation support
– Multi-federation support?
• Requirements?
Administrator Usability and Tools
Focus on Administrator Interface and Toolbars
• April 2009– Interface Update – more intuitive
• Paging tables for lists of users
• Quick multiple account creation
– Graphical statistics
– Shibboleth statistics and basic diagnostics
• Oct 2009– More configurable?
• Commonly used functions?
• Service status, maintenance notices, diagnostics
– Admin Toolbar?
– April 2009• Improve accessibility (eg style chooser for visually
impaired)
• Increase Admin/User configurablility including
– Generic search panels and HTML editing for custom content
– Ability to add non-Athens resources to the resources list (eg. Shibboleth)
– October 2009• Manage configuration of toolbar?
• Toolbar Single-Sign-On to ALL resources (IdP discovery)?
• “Add to MyAthens” button for library and service provider web sites?
Learner & Researcher Usability and Tools
OpenAthens SP
Used by Service Providers - Available as part of UK HE/FE OpenAthens subscription
• April 2009 - Multi-protocol support
– OpenAthens SP 1.3 - Athens, SAML 1.1/2.0 (Shibboleth 1.3/2.0) OpenID, Cardspace
• Dec 2009 - OpenAthens SP 2.0 – SysAdmin/Admin Tools?
– Multi-federation support?
• OpenAthens SP 2.0 – SURFNet, InCommon, CRU (French Federation)..?
Services and Support
• Service Desk Web Interface – Feedback?
• Dec 2009 - v2.0 – integration, usability and configurability
– Service Information?• Service availability, overall statistics• Institution specific statistics
– Administrator Forum/Knowledgebase?• sharing service knowledge• answers to current/common issues• monitoring and input from Tech Support
What will it cost?
• Includes new product developments
• Fixed for those who signed in 2008/09 for 3 years
• 3% increase for 2009/10 renewals
• Still JISC-Banded (until 2011)
JISC Band 2009/10 Fee
A £8,320
B £7,440
C £6,570
D £5,690
E £4,820
F £3,940
G £3,060
H £2,190
I £1,310
J £700
How do I continue to subscribe?
• March – commitment/data retention permission
– Commitment will trigger invoicing
– Retention permission allows non-subscriber’s data to be retained after the end of the subscription as a safety-net.
• May 31st – commitment reminder
• June 30th – invoices sent (as appropriate)
• July 31st – Non-subscriber data deleted unless permission given to retain until Oct 31st
Does this all make sense to you?
Q&A
Summary
Where have we got to with OpenAthens?
- Unique package for UK HE/FE
Where do we want to go?
- Increase value, reduce IT/Lib workload
What are we doing to get there?
- Development investment & engagement
What’s the next step (in 2009)?
- OpenAthens LA 2.0, Admin & MyAthens
What will it cost?
- JISC-banded, 3% increase over 2008