David Orrell, Eduservdavid.orrell@eduserv.org.uk

www.eduserv.org.uk

OpenAthensLA 2.0:An introduction

OpenAthens workshops, February/March 2009

2

Product goals and rationale

Architecture

Demo of administration tools

What is OpenAthens LA?

Software to enable federated access to internal and external Web resources

Identity Provider Service Providers

(resources)

Federated identity

ControlPolicy

Subscriptions

Management

Identity Provider Service Providers

(resources)

Federated identity

ControlPolicy

Subscriptions

Management

OpenAthens LA 1.0

• You know it as Athens DA

• 'Semi' federated– depends on central service

• Not fully standards compliant– only via central service

Since 1.0, a lot has changed...

1) Formation of The UK Access Management Federation, and other federations

2) Changing user behaviour• Web 2.0

• User-centric identity

• Social networks

3) Multiple identity standards• SAML

• OpenID

• Information Cards

That's all very well... but...

But...

• We've lost control and flexibility!

• We can't meet students expectations

• Athens also...– hid much of the complexity

– provided web-based administration→ distributed control

– provided statistics

Shibboleth administration

Shibboleth server

User-repository

System administrator

LibrarianConfiguration

IT Services

Our top 3 priorities for OpenAthens LA 2.0...

Priorities

1) Ease of installation, configuration & maintenance

• Web-based administration

• Built-in diagnostics and statistics

Priorities

2) Support for multiple, Open Standards

Priorities

3) Extendable• Modular architecture

• Open APIs – write your own extensions

OpenAthens LA 2.0

• Greater control...

OpenAthens LA 2.0: administration

ModelRuntime

Runtime server(s)Administration server

User-repository

System administrator

Librarian

Staff / students

Admin application(s) Model

Administration interface

Administration server

Admin application(s) Model

Administration interface

Administration server

Model history

OpenAthens LA 2.0

• More flexibility...

OpenAthens 'Atacama' platform

Protocol modules

Platform

OpenAthens LA 2.0: modules

Webserver

OpenAthens LA runtime

Platform

OpenAthens LA 2.0: modules

Webserver

• Authentication

OpenAthens LA runtime

Platform

OpenAthens LA 2.0: modules

Webserver

• Authentication

• Data-store connectors

OpenAthens LA runtime

Platform

OpenAthens LA 2.0: modules

Webserver

• Authentication

• Data-store connectors

• Identity protocols (SAML, OpenID etc)

OpenAthens LA runtime

Platform

OpenAthens LA 2.0: modules

Webserver

• Authentication

• Data-store connectors

• Identity protocols (SAML, OpenID etc)

• Attribute release policies

OpenAthens LA runtime

Platform

OpenAthens LA 2.0: modules

Webserver

• Authentication

• Data-store connectors

• Identity protocols (SAML, OpenID etc)

• Attribute release policies

• Custom attributes

• …

OpenAthens LA runtime

Open APIs: write your own modules

• OpenAthens platform is multi-language– C/C++, C#/.NET, Java, PHP, Ruby

• Can write in-line 'scriptlets'– JavaScript, Ruby

OpenAthens LA runtime

Admin console →

Service provider →

Demos

OpenAthens LA 2.0: release schedule

March 2009:Initial Alpha

April 2009:Beta release

July 2009:OpenAthens LA 2.0General Availability

2009

June 2009:End of Betaprogramme

Thank you!

david.orrell@eduserv.org.uk