Upload
allie-denney
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Access & Identity Management
• “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online resources for their users”
RSA Security
• No magic bullet
• Not about technology itself
Organisational Single sign-on – the future
Local web resources
External web resources
VLE
Portal
OPAC
Database
Journals
Local authentication System
usernames & passwords
User attributesNames, email, role
Directory
SSO
Authentication transfer protocol e.g SAML, Shibboleth, AthensDA
• Single copy of data managed centrally• accurate & reliable & secure• Users become accountable & auditable
Beyond IP authentication:
Federation
Service
Providers
Identity Providers
Athens Resources
Registry
Athens agents
AthensDAShib
SAML
Institutional Directory
InstitutionalData source
Bulk Upload
Self registration
IP ResourcesProxies
• Individual recognition from day one• Patron attribution•Comprehensive statistics• 300 premium content vendors• user management tools designed for librarians
AthensAgent
Resource
First Access
Athens Authentication Point
Athens Authority Server
Create SSOsession
Long Term Token
Session Token
User signs on with Athens orlocalauthentication
Check session token. Get attributes.
Session token
HTTP refer for authentication
Session token
Athens
Cookie
CookieLong Term Token
12
4
3
56
7
8
9
Athens Single Sign-on
Millions of usersWorldwide
2000+ institutions
Single Sign-on(SSO)
IdentityManagement
User Provisioning
ManagementInformation
- usage statistics- audit
Integrates with- Shibboleth- EZproxy- Active Directory- etc
StandardsPolicies
AttributesEduPerson
Case Study 1
Individual Patron id’s – usable anywhere
• using the student no as patron id
• Uploaded automatically from student registry
• No personal data to allay privacy concerns
• Staff registered manually
• Next step– Integration with Campus Directory
Tamera Hanken says
• I chose this service because I needed something that would be reliable, easy and quick to implement, and cost effective in terms of equipment and my time.
• With this method we had to do nothing to enable our network system to use Athens.
• Based on how easy it was to begin using, how reliable it is, students didn’t find it cumbersome or confusing—we decided to purchase
• Customer service has been friendly and prompt
Case Study 2
Tailored self registration
• Library promotes URL of self registration form
• Organisational defined info– Campus, role, faculty – whatever
• Request validated by librarian or IP address
• Statistics by any defined category
• Account usable anywhere