Access & Identity Management

• “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online resources for their users”

RSA Security

• No magic bullet

• Not about technology itself

Organisational Single sign-on – the future

Local web resources

External web resources

VLE

Portal

OPAC

Database

Journals

Local authentication System

usernames & passwords

User attributesNames, email, role

Directory

SSO

Authentication transfer protocol e.g SAML, Shibboleth, AthensDA

• Single copy of data managed centrally• accurate & reliable & secure• Users become accountable & auditable

Beyond IP authentication:

Federation

Service

Providers

Identity Providers

Athens Resources

Registry

Athens agents

AthensDAShib

SAML

Institutional Directory

InstitutionalData source

Bulk Upload

Self registration

IP ResourcesProxies

• Individual recognition from day one• Patron attribution•Comprehensive statistics• 300 premium content vendors• user management tools designed for librarians

AthensAgent

Resource

First Access

Athens Authentication Point

Athens Authority Server

Create SSOsession

Long Term Token

Session Token

User signs on with Athens orlocalauthentication

Check session token. Get attributes.

Session token

HTTP refer for authentication

Session token

Athens

Cookie

CookieLong Term Token

12

4

3

56

7

8

9

Athens Single Sign-on

Millions of usersWorldwide

2000+ institutions

Single Sign-on(SSO)

IdentityManagement

User Provisioning

ManagementInformation

- usage statistics- audit

Integrates with- Shibboleth- EZproxy- Active Directory- etc

StandardsPolicies

AttributesEduPerson

Case Study 1

Individual Patron id’s – usable anywhere

• using the student no as patron id

• Uploaded automatically from student registry

• No personal data to allay privacy concerns

• Staff registered manually

• Next step– Integration with Campus Directory

Tamera Hanken says

• I chose this service because I needed something that would be reliable, easy and quick to implement, and cost effective in terms of equipment and my time.

• With this method we had to do nothing to enable our network system to use Athens. 

• Based on how easy it was to begin using, how reliable it is, students didn’t find it cumbersome or confusing—we decided to purchase

• Customer service has been friendly and prompt

Case Study 2

Tailored self registration

• Library promotes URL of self registration form

• Organisational defined info– Campus, role, faculty – whatever

• Request validated by librarian or IP address

• Statistics by any defined category

• Account usable anywhere