All entries for July 2006
July 24, 2006
Writing about web page http://www.questionmark.com/uk/perception/index.htm
I spent a fair bit of Thursday and Friday integrating (our newly upgraded to version 4) installation of Question Mark Perception with our Single Sign On system.
Perception does not support Shibboleth out of the box, but it does have a web integration layer called QMWise that allows external systems to push users and other data into the system bypassing Perception's internal authentication.
A project done at Leeds and funded by JISC has created a Java layer (QMShibb) that sits on top of QMWise and allows you to easily then protect that Java layer with Shibboleth or in fact any Single Sign On system you like.
With the help of a Perception consultant we got this working with our own Shibboleth based Single Sign On system sitting on top of the QMShibb java layer. So, hopefully we'll very soon be able to do a lot more with Perception as the old user management overhead has now more or less gone away.
To truely minimise the admin overhead, more work should be done with QMWise so that user groupings get pushing into Perception, but the removal of username/password issues will be a great time saver.
July 19, 2006
Writing about web page http://www.jisc.ac.uk/index.cfm?name=event_showcase_0706
I went down to London yesterday to attend the JISC Access Management Showcase conference at the very posh One Great George Street in Westminster.
Overall I got some good little bits and pieces out of the day, but it was a bit disappointing.
- Shibboleth 2.0. Shibboleth is moving towards being a proper Single Sign On system rather than the basic federated authentication system it is now. This means proxying credentials and single logout are on the way. However, this is still some way off. Our system does this already, but it would be nice to move to the standard if it is good enough
- Levels of Assurance. LoA is a way of telling a service provider just how sure the identity provider is of a users identity. This means that if you login with a weak username and password you get LoA 1. If you login with biometrics you get LoA 4. This means that perhaps medical research data is available to you from your biometrics enabled computer at work, but only non–personal data when you login with a username/password from home
- UK Federation. A few more details on the JISC/UKERNA/BETCA sponsored UK–wide federation. This is the next step on from SDSS and will be live for early adopters in August 2006 and for everyone in November 2006. Hopefully we can get in early on this as this is the next step away from Athens. We will hopefully be going live with Athens Shibboleth for next term, but in the long term, Athens will be going away and service providers will have relationships with the UK Federation rather than Athens. The government plans is that there will be a joined up federation that not only allows sharing of resources and identities across insitutions, but right across sectors right from schools, colleges, universities, research institutes and commercial enterprises.
- I couldn't help but feel that there was not a lot of enthusiasm at the conference. Generally the sessions finished early as there were barely ever any questions. The final panel session didn't have a single question from an audience of over 100 people! It was actually a little embarrassing. I don't know if this was an indication of it being the end of long, hot day, people just not being interested or that everyone had been so well informed that they didn't need to know any more.
On the plus side, the news coming out of this conference was definately that Shibboleth is the way of the future, so we got on the right boat nice and early here at Warwick thankfully :)