EPICS - North east regional collaboration around e-portfolio progression pathways with illustrative studies Title Shibboleth Component Project Ref JISC 07/04 Distributed eLearning Programme Issue Date 17th August 2005 WP Ref WP 8 & 9 Review Date: Starting January 2006 DOCUMENT COVER SHEET Amendment Record Issue Version Draft Effective Date 1.0 17-Aug-05 Pages Reviewed All All Description Draft issue of work packages 8 (combined and replacing wp 9) Published Work Package Prepared by JW / LT Authorised by JW/LT Lawrence Taylor Distribution List/Media EPICS Partners List via JiscMail EPICS Project Team via Projects in MEDEV Programme Manager Project File Included Documents JISC_eportfolio_template.doc is located in: http://medev.grouphub.com/clients/epicsproject/1/files http://www.jiscmail.ac.uk/files/EPICS/ Acceptance and Completion Work package accepted By:__________________ Completed work package returned By __________ Work Package Acceptance: Completed Work Package: Signature Institution & Title Date To be signed by those who are taking on the responsibility for completing the activities in this work package. To be signed off when all activities have been completed Purpose The purpose of workpackage 8 is to investigate the use of Shibboleth to authorise inter-institutional access to resources (specifically eportfolios) in a regional context. It is sponsored and funded by the JISC Core Middleware Programme as part of the Shibboleth Early Adopters initiative. Background The JISC Core Middleware initiative aims to improve the way in which users access resources throughout the UK educational sector. Specifically, the goal is to allow users to access internal and external resources seamlessly using a single, institutionally controlled identity. This will reduce substantially (if not eliminate altogether) current problems in which users are required to maintain multiple passwords for multiple resources in multiple domains. For the last two years JISC has devoted a significant part of its development funding to access management issues. Many different solutions and scenarios have been investigated and tested, alongside research into supporting factors such as cultural change. The outcome is to base the strategy on Shibboleth, a new standard in this area. While the UK has been using Athens, other countries have been developing their own solutions to the problem of accessing multiple resources with a single identity. Shibboleth, which is a product of the US’s Internet2 initiative, has emerged as the front-runner for the most widely adopted standard. Australia and a number of European countries, including Switzerland, Finland and the Netherlands have already adopted it or are in the process of doing so. A number of commercial service providers are planning to create Shibboleth interfaces to their services or already provide them. The full JISC briefing paper Shibboleth: Connecting People and Resources is available at http://www.jisc.ac.uk/pub_shibboleth.html. About the IAMSECT project IAMSECT - Inter-institutional Authorisation Management to Support eLearning with reference to Clinical Teaching – is local to the region and is one of 16 Core Middleware development projects set up in 2004. Its focus is to develop, test and disseminate a practical approach for implementing inter-institutional authentication and authorisation management services for e-learning which can be replicated elsewhere in the education sector. As such its outputs are of direct relevance to the partners in EPICS. Aims This work package outlines the activities required to install and use Shibboleth at partner institutions. Support for these activities is available from IAMSECT (http://iamsect.ncl.ac.uk/) and the Middleware Assisted Take-up Service (http://www.matu.ac.uk/). It is recognised that these installations may not be feasible at all partners in the timescale available; in this case there may be a possibility of hosting the infrastructure on behalf of these sites at Newcastle University under the auspices of IAMSECT. However, it is expected that all partners will participate in scoping the management and data issues within their institution with respect to identification, exchange and management of authorisation attributes. The work package defines, in measurable terms, what must be done, by who and by when for the final delivery of the work package to the project manager, the Advisory Board and to meet the quality requirements of the project. The overall aims of this work package are to: • Scope the feasibility of installation at each institution. The initial requirement for this is the establishment of a technical contact (probably within IT services) at each partner site. The initial stage of the assessment is via a questionnaire covering facilities and expertise available. • Install Shibboleth infrastructure at partner sites This consists of a Web initial signon (WebISO) and a Shibboleth Identity Provider (IdP, also known as an origin). An overview of the way in which Shibboleth works and local requirements is given in sections 1 and 2 of Practical access to electronic journals via Shibboleth available at http://iamsect.ncl.ac.uk/deliverables/. The technical skills required for the installation can, in the main, be provided from within the IAMSECT project although close collaboration with partners is obviously required. Funding for hardware, consultation and staff time is included within the Shibboleth component of the EPICS budget • Partners join a UK Federation as an identity provider This will either be the SDSS development federation (www.sdss.ac.uk) or the incipient UK academic federation (http://www.jisc.ac.uk/uploaded_documents/JISC_Fed_doc_full.doc). A Shibboleth federation is an independent body which manages the trust relationship between identity and service providers – an introduction and further information is available in An Introduction to Shibboleth Federations (http://iamsect.ncl.ac.uk/deliverables/). It should be noted that reaching this stage will be of considerable advantage to the partners. As noted in Practical access to electronic journals via Shibboleth it will then be possible for them to access electronic journals and similar resources without the administrative overhead of access via ATHENS. • Identify a source of authorisation attributes at each partner site More complex authorisation scenarios require the use of multiple authorisation attributes. A typical source of these may be the Windows Active Directory or institutional data feeds from the Management Information System or equivalent. This topic is covered in Attribute identification and storage for Shibboleth at http://iamsect.ncl.ac.uk/deliverables/ It would be helpful if each partner could provide a suitable contact with respect to these issues. • Pilot the use of existing ePortfolio products as Shibboleth resource providers (targets). Partners hosting eportfolio products will need to join the federation as service providers. Adaptation of the products as Shibboleth resource providers is an output of IAMSECT. • Identify and agree set of attributes to be used to authorise access to ePortfolios. The project will need to agree on a common set of suitable attributes for authorisation purposes, the choice of which will primarily depend on which attributes can be collected in a timely and scalable manner from each, and on institutional privacy policies. • Scope the establishment of a regional managerial and legal framework for inter-institutional access. This will essentially be a synthesis of requirements of the partners in this respect, lessons learned and potential issues envisaged. IAMSECT has some funding for legal consultancy and will be able to make input to this activity. Outputs This workpackage will produce two major outputs: • Use of Shibboleth for authorisation at partners where it is feasible to install it, or a report detailing the problems encountered at institutions where this has proved not to be the case. • A managerial and legal framework which could potentially be extended to other services and collaborations within the region. Scope The Work Package activities will vary in content, and indeed in degree of formality, depending on circumstances. It is a working document and will change throughout its lifecycle as we learn by investigating and completing the activities. Where the work is being conducted by a team or an individual, they will define the activities at a sufficient level of detail so that the project team have no doubt on what has to be done, by who and by when and they will provide regular reports back to the project manager who will keep the documentation up to date. This scope of this work package is to encompass the following: • All partners in the EPICS project. • To create a framework for the delivery of the work package activities listed under Aims above. Responsibilities All partners will be individually responsible for the production and delivery of this work package at their institution. Participation in the work package is a requirement, even if the partner is not able to install the hardware. See Outputs Section. This work will be coordinated by the IAMSECT project management. It is the responsibility of the EPICS Project Manager to ensure that staff affected by this process are informed of its content and that they will agree to adhere to the processes identified. All published documentation will be disseminated via the Project Management Web Site EPICS - North east regional collaboration around e-portfolio progression pathways with illustrative studies Title Shibboleth Infrastructure Project Ref JISC 07/04 Distributed eLearning Programme Issue Date 17-Aug-05 WP Ref WP 8 Review Date: Starting January 2006 Work Package Schedule It is expected that this work package will take an elapse time of approximately 12 months. WORKPACKAGES Mth 1 2 3 4 8 Shibboleth Component The work package has an official start date of: 25-04-2005 and will be completed no later than 31-03-2006 5 6 7 8 9 10 11 12 13 14 15 Work Package Outputs and Deliverables These are the defined outputs and deliverables as identified in the project plan. Duration: Outputs (clearly indicate deliverables & reports in bold) Earliest start date Latest completion date April 05 May 05 Project sub group established April 05 Sep 05 Brief report. Determination of hardware to be purchased Aug 05 Oct 05 4. Produce reports for sites where implementation is not feasible. 5. Purchase and install WebISO and IdP for partner sites Sep 05 Jan 06 Raise awareness within project; disseminate technical information Report to JISC Sep 05 Dec 05 6. Partners join Federation as Identity Providers Nov 05 Jan 06 7. Identify authorisation attribute source at each partner institution 8. Adapt existing ePortfolio products as Shibboleth service providers (targets) 9. Partners hosting ePortfolio products join Federation as service providers 10. Identify and agree set of attributes to be used to authorise access to ePortfolio products 11. Develop and publish work package report and lessons learnt 12. Work Package Review May 05 Jan 06 April 05 Dec 05 Nov 05 Jan 06 June 05 Jan 05 Nov 05 Feb 06 Jan 06 Mar 06 Work package and activity 1. Establish a technical contact within each partner institution 2. Assess feasibility of infrastructure installation at each site via questionnaire covering facilities, expertise, any existing WebISO, password store; open ports. 3. Dissemination activities Shibboleth infrastructure established at partner institutions Access to Shibboleth-enabled resources Authorisation sources established Local access to ePortfolio products via Shibboleth Access to ePortfolio products via WAYF Defined authorisation data agreed between all partners Report on the project work package Review document Milestone Responsibility IAMSECT
© Copyright 2024