JISC Grant Funding 08/09 A. Cover Sheet for Proposals

JISC Grant Funding 08/09
A. Cover Sheet for Proposals
(All sections must be completed)
Name of JISC Programme:
Name of Call Area Bidding
For (tick ONE only):
X Strand A: Innovation
Access and Identity Management
Please tick the areas being dealt with by your project under Strand A:
User Centricity
Granularity
n-tier
Delegation
Accounting/Audit
Tech & Tools
Interop
Use Cases
Policy
Licensing
X
X
X
X
X
X
X
X
X
X
Strand B: Level of Assurance
Please indicate the type of Level of Assurance being dealt with by the project under Strand B (both can be
selected):
Registration LoA
Authentication LoA
Name of Lead Institution:
Name of Proposed Project:
Name(s) of
Project Partners(s)
University of Kent
Logins for Life
Full Contact Details for Primary Contact:
Name:
John Sotillo
Position: Director of Information Services
Address: Templeman Library
University of Kent
Canterbury, Kent CT2 7NU
Length of Project:
15 months
Project Start Date:
1 January 2010
Any private sector
involvement in the Project
NO (delete as appropriate)
Email: [email protected]
Tel:
01227 823635
Fax: 01227 823984
Project End Date:
31 March 2011
Total Funding Requested from JISC:
£149,451
Funding requested from JISC broken down across Financial Years (April - March)
January – March 2010
April 2010 – Mar 2011
£21,197
£128,254
Total Institutional Contributions:
Outline Project Description: The Logins for Life project addresses the needs of a University to
engage with users throughout their lives. It will create use cases, policies and recommendations
for dealing with user accounts throughout their changing roles while catering for existing digital
identities. It will also create a test environment which will demonstrate how these policies can be
delivered using open source tools.
I have looked at the example FOI form at
YES
NO
Appendix A and included an FOI form (Tick
X
Box)
I have read the Funding Call and associated
YES
NO
Terms and Conditions of Grant at Appendix
X
B (Tick Box)
Page 1 of 11
B. Appropriateness and Fit to Programme Objectives and Overall Value to
the JISC Community
1. The Logins for Life project has a number of innovatory features, and fits several of the
programme objectives. It will address three primary themes: user centricity, levels of
assurance (LoA), and fine grained access control. Within these themes it will address
all five of the cross themes, by:
a. using existing open source technologies and tools and adding minor
enhancements to these as necessary
b. demonstrating interoperability between different existing protocols and
authentication mechanisms (OpenID, Information Cards and SAMLv2), and
showing how the LoA can be effectively used by these different systems,
c. providing a powerful set of use cases extracted from the overall vision of Logins
for Life
d. developing policies and procedures for enrolling new (unknown) users,
migrating them to fully enrolled students or members of staff, and finally
supporting them as they progress to alumni, (re)employment or retirement.
e. a comparison of the total cost of ownership for a greatly increased number of
login accounts, using different licensing models.
2. The concept of Logins for Life places the user at the centre of the university’s
information systems. New (unknown) users who are interested in the university will be
able to browse the university’s web site, and register themselves as new users. This will
cause a new entry to be made in the university’s LDAP service. These new users may
choose their own login identity at the university, or they may choose an existing OpenID
provider or self issued Information Card, but either way they will be given the lowest
LoA since none of their identity information will have been validated. If they were to
choose a trusted OpenID provider or a managed Information Card from a known and
trusted Identity Provider, then a higher LoA could be assigned during registration. New
users will be able to access documentation from the university, such as course
material, be placed on various mailing lists, and receive notification of events of interest
to them, but would not normally be granted access to more privileged resources.
3. When a new user becomes formally attached to the university, for example, by
accepting an offer of employment, or registering as a student, this person will come into
face to face contact with university officials. At this point the university can validate the
identity assertions previously made by this person, and can increase the LoA that is
assigned to this person’s entry in the university’s LDAP directory. Procedures will be
written for this. At this point the user will be given a university assigned login ID, if they
were not given one at enrolment time, and access to more privileged information can be
granted.
4. Some users will now have the choice between two different login names/authentication
mechanisms, with different LoAs and corresponding privileges associated with them.
5. Interworking between OpenID logins and Shibboleth logins will be provided by the
OpenID-SAML gateway built by the University of Kent under the previously JISC
funded OpenID project.
6. Interworking between Information Cards and Shibboleth logins will be provided by the
user choosing either the Information Card icon or Shibboleth icon on the Service
Providers web page.
7. Fine grained access to a selection of resources will be provided by using the PERMIS
authorisation system, which has full support for utilising the LoA and status attributes
when making its access control decisions. PERMIS will be enhanced to fetch raw LDAP
Page 2 of 11
text attributes from the university’s LDAP system, without requiring them to be either
digitally signed or wrapped as SAML attribute assertions. Instead an SSL link will be
used to protect them whilst in transit. This is expected to yield performance
improvements, which will be documented and published.
8. When a user formally leaves the university, by terminating their appointment or
finishing their studies, their account will not be de-provisioned. This is a significant
innovatory step and a break with current practice. The account will be kept; but the
status of the person will be changed in their LDAP directory entry. The person will
continue to be able to login to the university’s systems with any of the login ids they
have previously used (albeit with different authentication LoAs), and the person will
continue to enjoy access to some of the university’s resources, but now it will be with an
intermediate level of access commensurate with their new lower status (between that of
an unknown new user and a formally attached person).
9. If a person re-establishes formal links with the university, for example, returns to take a
postgraduate degree or returns to a different employee role, then they will not need to
be re-provisioned from scratch again, as happens today. Instead their existing account
can simply be upgraded to reflect their new status, and new access rights will be
granted accordingly.
10. It is recognised that as people go through life they obtain different accounts at different
service providers, and cease to use some of their existing accounts. Furthermore,
remembering all the passwords of the different accounts is onerous on the user, and
costly to the service provider who has to provide a password recovery service. To cater
for this, we will allow any user to register a new login account at any time, regardless of
their status. They may also de-register any of their existing login accounts when they no
longer wish to use them for login/ authentication. This is a very novel feature, and it will
ensures that users can continue to login to university services using the account that is
most convenient to them at any stage in their life. Furthermore, users will be able to
continue to use their university login account for logging into other services which
support Shibboleth SSO. This should dramatically decrease the problem of forgotten
passwords, since users will be able to use the login account that suits them best for a
wide variety of services. We believe that we can provide this novel service relatively
easily by incorporating the Account Linking Service, which was developed by the
University of Kent under the recent Shintau project (see
http://sec.cs.kent.ac.uk/shintau), into the Logins for Life service. We will document the
procedures and processes that are necessary to achieve this account migration
service.
11. The University of Brighton runs the Brighton and Sussex Medical School in conjunction
with the University of Sussex. Students of the medical school are members of both
institutions, and should be able to access resources with either set of credentials, but at
present they can't do so because service providers don't let them. If Brighton and
Sussex could automatically create links between their user accounts using the Shintau
Account Linking Service, these students would never have to set up the links
themselves and could then log in to the service provider sites from either of their
accounts. As collaborative courses and other joint ventures become more common, it is
likely that automated account linking will have a fairly wide range of applications. We
therefore propose to provide a new appropriately secured web services management
interface to the Account Linking Service which will let a management client, prompted
as part of the student enrolment process, to create the account links automatically as
soon as the student exists in multiple systems. This will save the student the effort of
having to do this him/her self.
12. The project’s outcomes (see below in Deliverables) will be of great value to the JISC
community, since we will demonstrate how existing open source software and tools can
Page 3 of 11
be utilised to provide user centric fine grained access to university and other resources,
throughout a person’s entire lifetime, using different accounts that are linked together.
Documenting the policies and procedures that are needed for this, and providing them
to the community, will enable other institutions to follow our ground breaking approach.
C. Quality of Proposal and Robustness of Work plan
A description of the intended project plan
13. This project will have five major strands, each with an associated work package:
 WP1. Project management. Managing the project through its entire lifetime to
ensure successful delivery of results to time and budget.
 WP2. Requirements gathering. Liaising with university departments, staff and
students to capture their requirements
 WP3. Investigating technologies. Investigating what other market players are
doing and the current state of open source products and defining any glue
components that are currently missing.
 WP4. Building and testing a demonstration system. Use existing open
source products along with any glue components that are missing to build a
demo system. Trial with users and technical staff and modify as necessary.
 WP5. Dissemination. Publicising the project to the JISC community, building a
project web site, and making recommendations to Kent and the wider
community through a documented set of procedures
14. WP1 (6 person weeks) will be led Peter Riley. It comprises the following tasks:
T1.1 Recruit and train project staff (2 pw)
T1.2 Monthly Project Meetings (2 pw)
T1.3 Produce PM reports: Project Plan (D1.1), Midway Progress Report (D1.2), Final
Report (D1.3) and Completion Report (D1.4) (2 pw)
15. WP2 (11 person weeks) will be led by Bonnie Ferguson. It comprises the following
tasks
T2.1 Meet with stakeholders to gather requirements for account management. Feed
into D2.1 (3 pw)
T2.2 Create use cases for different user scenarios and feed into D2.1 (2 pw)
T2.3 Investigate best practices for Logins for life at other Universities and commercial
sites and produce D2.2 (4 pw)
T2.4 Propose LOAs for different user groups and stages of life and feed into D2.1 (1
pw)
T2.5 Understand current workflows for provisioning users at Kent and feed into D2.1
(1pw)
T2.6 Review of use cases and related findings by Information Services (IS) staff (1pw)
16. WP3 (14 person weeks) will be led by Bonnie Ferguson. It comprises the following
tasks
T3.1 Investigate how OpenID and Information cards can be integrated with existing
systems (3 pw)
T3.2 Research on presenting clear login pages with multiple sign-in options, including
providers such as RPX (https://rpxnow.com/) (2 pw)
T3.3 Investigate how to handle multiple identities for users (4 pw)
T3.4 Define overall architecture and any glue software necessary for components to
work together and produce D3.1 (4 pw)
T3.5 Present findings to central teams and refine (1 pw).
Page 4 of 11
17. WP4 (32 person weeks) will be led by David Chadwick and will comprise the following
tasks
T4.1 Specify, order, set up test server (1 pw)
T4.2 Plan the installation of component software (OpenSSO, Permis, Account Linking
service) (1 pw)
T4.3 Work with Kent's web designer to develop a good user experience for each user
group (login pages, logout options, etc.) (3 pw)
T4.4 Build the 'glue' software to backend systems (8 pw)
T4.5 Install software and 'glue' together all components (3 pw)
T4.6 Performance and load testing of proposed system (4 pw)
T4.7 Trial with user groups and gather feedback (4 pw)
T4.8 Modify system as a result of trials and testing (8 pw)
18. WP5 (8 person weeks) will be led by John Sotillo and will comprise the following tasks
(and effort)
T5.1 Create and update Project Website (2 pw)
T5.2 Produce deliverables D5.2 and D5.2 for Kent and the JISC community (4 pw)
T5.3 External QA reviews by LSE
T5.4 Create D5.4 roadmap for adoption at Kent (2 pw)
Deliverables
19. The deliverable for the Logins for Life project are:
 D1.1 Project Plan, D1.2 Progress Report, D1.3 Final Report and D1.4 Completion
Report.
 D2.1 Requirements and Use cases for the University of Kent
 D2.2 Survey of best practises for lifetime identity provision amongst Universities
and leading online companies such as Amazon and Google.
 D3.1 Design of overall architecture and any missing glue components
 D4.1 Demonstration system for trialling with users.
 D4.2 Demonstration results. Results obtained from performance and stress testing
and usability results from trialling with users.
 D5.1 Project Web Site
 D5.2 Recommendations to JISC and Kent for Logins for Life policies and
procedures
 D5.3 Recommendations to JISC and Kent for software architectures
 D5.4 Roadmap for deployment at Kent
Page 5 of 11
GANTT Chart for WORK
PACKAGES and TASKS
WP 1 Project Management
T1.1 Recruit and train project staff
T1.2 Montly Project Meetings
T1.3 Write PM reports
WP 2: Requirements Gathering
T2.1 Meet with stakeholders
T2.2 Create use cases
T2.3 Investigate best practices
T2.4 Propose LOAs
T2.5 Understand current workflows
T2.6 Review of use cases
WP 3: Investigating technologies
T3.1 Investigate OpenID + InfoCard
T3.2 Research multiple logins
T3.3 Handle multiple identities
T3.4 Define overall architecture
T3.5 Present findings and refine
WP 4: Building and testing
demonstration system
T4.1 Set up test server
T4.2 Plan the installation
T4.3 Web design
T4.4 Build the 'glue' software
T4.5 Install software and 'glue'
T4.6 Performance and load testing
T4.7 Trial with user groups
T4.8 Modify system as necessary
WP 5: Dissemination
T5.1 Project Website
T5.2 Produce D5.2, D5.3
T5.3 QA review by LSE
5.3 Roadmaps for adoption at Kent
Page 6 of 11
Jan
2010
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
2011
Feb
Mar
Measuring Success
20. We will measure success on the project using the following factors:
Timing
and task
July
2010
(Task 2.6)
Factor to
Evaluate
Use cases
December
2010
(Task 4.7)
Questions to Address
Method(s)
Measure of
Success
Use cases cover
the majority of
user scenarios
Do the use cases cover
all the major scenarios
Review
User
experience
Is the user experience
acceptable, given
multiple login options
User testing
at Kent
Successful
feedback from
user tests
September
2010
(Task 3.5)
New
Technologies
Were any important
technologies missed?
Are there best practises
that can be adopted?
Presentatio
n to central
teams and
refine
December
2010
(Task 4.6)
Demonstratio
n system
Is the software feasible,
scalable, fast enough,
and reliable
February
2011
(Task 5.3)
Community
Recommenda
tions
Are the
recommendations
generic enough to be of
use for the HE
community?
Technical
review.
Load
performanc
e testing
External
review by
expert from
LSE
Team members
are satisfied with
review and
refinements
offered
Repeatable
installation
process
Successful load
testing
Recommendation
s are useful for the
whole community
21. Since this project aims to make recommendations for Logins for Life policies for the
entire JISC community, our final reports will be reviewed by Simon McLeish from The
London School of Economics.
Project management arrangements
22. Agile project management techniques with regular group meetings will help to plan and
run the Logins for Life project in an efficient and light-weight manner.
Risks
23. Risk
Staffing
problems
Technical
problems
(e.g. failure
to find an
appropriate
architecture
)
Page 7 of 11
Probability
(1-5)
2
Severity
(1-5)
5
Score
(P x S)
10
1
4
4
Action to Prevent/Manage
Risk
We are using a team of >6
people so there is no single
critical person. We plan to
advertise for a new member of
staff in Nov 2009 so he/she
should be in post in early 2010
We are already using current
state of the art designs which
have been internationally
reviewed, and open source
software that has been
successfully tested for
interworking
Delays/
missed
deadlines
3
2
6
Organisati
onal: (e.g.
loss of
institutional
support for
project)
Legal:
Copyright,
licensing
and IPR.
1
4
4
1
3
3
External:
e.g. govt
cutbacks in
funding,
supplier
failure etc.
2
2
4
We intend to use an agile
approach and assess the
progress often, so any delays
can be dealt with early. We
have built-in contingencies in
the project plan
Dissemination of clear
information and agreement for
support from appropriate
senior executive managers
University will use standard
open source software and
licences where possible
throughout the project. Use of
standard interfaces means
products can be switched
Develop and maintain good
communication with JISC,
other AIM projects,
stakeholders and suppliers.
Share solutions to common
problems
IPR position
24. All software released during this project will use the Open source BSD type licence and
be released to the JISC community. We have significant experience of this mode of
distribution already (PERMIS has several hundred downloads per month).
Sustainability issues
25. This project will produce a set of recommendations and policies which will be put into
practise at the University of Kent. Throughout the project, staff will gain experience and
knowledge of new technologies for access management (e.g. OpenID, Information
Cards, PERMIS etc.) and should be equipped to bring the recommended systems into
production at the end of the project.
26. Information about the project, and the recommendations for policies, software and
architectures will remain accessible to the community indefinitely. All open source
software released by this project will be available to the community for at least 5 years
after the completion of this project, from the existing PERMIS web site.
D. Engagement with the Community
27. The initial part of this project will include a rigorous requirements gathering stage which
will engage each set of stakeholders shown in the table below. This will help us to
ascertain a set of requirements for user groups and ensure that their needs are met.
We will also look for best practises throughout the HE community and in the
commercial sector which we can use to form policies for Kent.
28. The Logins for Life project will produce a set of policies and a proof-of-concept
architecture that will be demonstrated to stakeholders at the University of Kent through
a number of user trials and demonstration sessions. These will lead to an improved
user experience for all Kent users and increased satisfaction with the IT provision at the
University.
Page 8 of 11
29.
Stakeholder
JISC
community
All users
Prospective
students
Students
Alumni
Relations
Employees
Human
Resources
Conference
delegates
IS department
at Kent
Interest / stake
All Universities face similar issues of provisioning users throughout their
lifetime and will be looking for recommendations and best practises in
this area.
May have existing digital identities (e.g. OpenID account) which they
would like to use throughout their interaction with The University of
Kent.
Need to login to get information or apply for a course.
Need provisioning of services such as logging into University PCs,
access to wireless network, file store, email, specialist software
packages, etc.
Would like to provide an email for life service for all alumni - most likely
in the form of [email protected]. This would facilitate
lifelong communication with alumni and maintain a bond that may lead
to further income opportunities either through postgraduate education
or through fund raising.
Need services during their work life and may want to keep their Kent
account after leaving
Concerned about provisioning employees and removing rights when
contracts finish. Need to avoid staff masquerading as Kent staff once
they leave.
Conference delegates and other visitors also require wireless network
access and other services for short periods of time.
Need to understand the policies and be able to provision users
appropriately at each LOA.
Dissemination Approach
30. The project will provide several dissemination activities such as presentations at JISC
programme meetings and relevant conferences such as the Terena Networking
Conference. Dissemination activities within IS and amongst stakeholders at the
University of Kent will include presentations of findings and demonstrations of
proposed architecture. Feedback will incorporated into final recommendations to the
community.
31. The case studies, policies and recommendations that emerge from the project will be of
interest to other Universities and we will therefore maintain a project blog at
http://blogs.kent.ac.uk as well as a project website indefinitely. We will encourage
ongoing online discussions about the policies proposed and issues raised in this area.
The open source software that is created by the project will also be made publicly
available.
Benefits
32. The quantitative benefits of the Logins for Life project include:





Reduced lost password administration costs
Improved access controls through policy driven attribute based access controls
Well designed and consistent login pages
Foundations for an 'email for life' service for alumni
Easier access for conference delegates and other University visitors
Page 9 of 11
33. The qualitative benefits include:






Putting users at the centre of managing their account logins
Strengthening links with students (prospective, current and alumni)
better student and employee relationships
Improved user experience
Adopting and helping to establish best practises
Knowledge transfer between School of Computer Science and the IS Department
Previous experience of the project team
34. John Sotillo BSc, MBA is Director of Information Services. Previously he worked in a
variety of technical and senior management IT roles including Depute Director of
Computing Services for 5 years and Business System manager for 4 years at Napier
University, Edinburgh. In 2002 he joined Kent and is actively involved in a number of
regional projects including the establishment of the University of Kent at Medway in
collaboration with the University of Greenwich, Canterbury Christ Church University
and Mid Kent college, the Kentish MAN group where he sits on the Kentish MAN Ltd
executive, the Kent New Technology Institute, where he chairs the technical committee
and the JISC funded Regional Support Centre - South East, where he line manages the
RSC manager and sits on the Co-ordination and Steering groups.
35. Professor David Chadwick is the leader of the Information Systems Security
Research Group (ISSRG) at the University of Kent. He has written over 120 books,
chapters, journal and conference papers, mostly about security, and the latest of these
can be downloaded from http://www.cs.kent.ac.uk/people/staff/dwc8/pubs.html. He
has been the principal investigator in over 25 research grants from a variety of sources
including the EPSRC and the EC. He has participated in 11 previous JISC funded
security projects including DyVOSE, DyCOM, FAME-PERMIS and Shintau which have
been the one of the first in the world to demonstrate dynamic delegation of authority,
the use of LOAs to grant access and account linking for attribute aggregation. The
results of these have been widely demonstrated and made available to the global
community as open source software under the BSD licence. Professor Chadwick is still
the BSI lead representative to ISO/ITU-T X.500 standards meetings which includes
X.509 PKIs and PMIs – the basic technologies used in Internet security. He is the
co-author of the OGF Authorisation specifications, and several Internet drafts and
RFCs.
36. Peter Riley BSc, PhD is the Technical Services Manager for the Computing Service
and is currently responsible for the development and operation of the University’s
networks and IT systems having over 20 years experience in network and systems
development and service provision. He has been involved in a number of regional
projects including the establishment of the Kentish MAN, the development of services
for the KNTI, the KPLPP and the development of ICT services at the new Universities at
Medway campus.
37. Bonnie Ferguson BSc, MA, MSc, is a Senior Web Developer at Kent, having joined
the University in May 2005 as a Computing Officer. Previously, she worked as an
Analyst Programmer in both the commercial and public sector for 4 years, working with
technologies such as Java, Struts, Sybase PowerBuilder, ASP and Apache Tomcat.
She was an IT Administrator and Trainer for 5 years and managed an IT Helpdesk for
much of this time. Since joining the University, she has been involved with several JISC
funded projects including the KPLPP, KUSP and BCAD projects, working with
Page 10 of 11
Shibboleth, uPortal, PETAL ePortfolio, MySQL, Apache Tomcat and Apache HTTP
Server. She is also a certified Prince2 Practitioner.
38. Stijn Lievens, BSc, MSc, PhD is currently a senior research associate at the
University of Kent where he is the team leader of the Information Systems Security
Research Group. After receiving his master’s degree in Applied Mathematics in 1998,
Stijn obtained his PhD in Mathematics from Ghent University (Belgium) in 2003. In
2004 he obtained a master’s degree in Computer Science, with the greatest distinction
also from Ghent University. All his mathematics research involved substantial amounts
of computational work. Furthermore, the Java code for his computer science master’s
thesis is part of the open source project WEKA . During his ‘mathematics’ career, Stijn
has published 18 articles in journals included in the Web of Science. Stijn is now
responsible for overseeing the design and implementation of an advanced
authorisation infrastructure that supports multiple policies, obligations, and attribute
aggregation.
39. George Inman, received a BSc (hons) in Computer Science from the University of Kent
in 2006 where he is currently employed as a RA and enrolled for a research PhD in
Identity Management and Attribute Aggregation for Authorisation under the supervision
of Prof Chadwick. As an RA he has been involved with the maintenance and
improvement of various elements of the open source PERMIS RBAC software and in
designing and implementing attribute aggregation and account linking in the Shintau
project. He is currently researching methods for the secure aggregation of authorisation
attributes in Information Cards.
40. Vacancy - to be recruited.
Page 11 of 11