eduservOpenAthens Workshop - May 2009

Keith Dixon - AIM Managerkeith.dixon@eduserv.org.uk

Eduserv

Not-for-profit IT services on behalf of universities & colleges in the UK

Charitable mission to realise the benefits of IT for learning &

research

Shared services include:– Licence Negotiation Services

• Chest Agreements– Access & Identity Management

• OpenAthens– Web Solutions

• Web Hosting• Web Content Management• Web Development

Purpose of the day

• Learn about & see the latest developments for OpenAthens

• Hear about OpenAthens LA 2.0

• See the improvements to simplify & ease the use of OpenAthens Managed Directory for Administrators

• Learn about the usability developments & new tools for helping you to help your staff & students in the MyAthens interface

• Reminder about annual subscriptions from August 2009 & your next steps

The team

Keith Dixon – AIM Manager

Tom Demeranville – Senior Software Engineer

Sarah Quintin – Software Engineer

Aaron Wolf – Service Desk Analyst

Agenda for the day

11.00 Intro & Welcome – Keith

11.20 Moving forward with OpenAthens – Keith

11.45 Administration Tools – Tom

12.30 Lunch & Networking – ALL!

13.15 MyAthens: New Features & Future Directions - Sarah

14.00 Getting support for OpenAthens – Aaron

14:15 Wrap & Questions - Keith

Access & Identity ManagementMoving Forward with OpenAthens

Keith Dixon – AIM Manager

OpenAthens Workshops, May 2009

Agenda

Where have we got to with OpenAthens?

Where do we want to go?

What are we doing to get there?

What’s the next step (in 2009)?

How can you subscribe in 2009/10?

Where have we got to with OpenAthens?

OpenAthens is a framework of software & services for Access & Identity Management

AND

Uniquely for UK HE/FE institutions there is a subscription to OpenAthens that provides unlimited access to ALL of the software & services that make up the OpenAthens

framework

Where have we got to with OpenAthens?

• What are the components of OpenAthens?– OpenAthens MD

• MD = Managed Directory– OpenAthens LA

• LA = Local Authentication– OpenAthens SP

• SP = Service Provider

• Plus– MyAthens

• A learner/research resource discovery/management tool

AthensIdentityBroker

ManagedDirectory

OpenAthens opens up the Athens Architecture…

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

InstitutionUsing

AthensDA

Local AuthenticationAthensDA + Identity Broker

AthensManaged Directory + Identity Broker

LocalDirectory

… to Federated Access Management (eg. the UK Federation)….

ServiceProviders

using Shibboleth

InstitutionUsing

Shibboleth

UK FederationWAYF

LocalDirectory

UK FederationWAYF

InstitutionUsing

Shibboleth

… & provides both software & service solutions

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProvider

using Shibboleth

OpenAthens SubscriptionShibboleth + OpenAthens Identity Broker

AthensIdentityBroker

ManagedDirectory

InstitutionUsing

AthensDA

InstitutionUsing

OpenAthens LA

OpenAthens

IdentityBroker

ManagedDirectory

LocalDirectory

LocalDirectory

How are people using OpenAthens?

OpenAthens LA

– Easy local authentication to both Athens & Shibboleth resources, fully-supported & easy to budget

OpenAthens MD

– Some institutions host ALL users • Limited scale, limited use, limited IT resource• Easy/quick set-up• Retain library control

– Others host SOME users (using OpenAthens LA or Shib with a local LDAP directory for the majority)

• Walk-in users, affiliated institution users • Back up to local authentication

MyAthens

– As Library A-Z/integrated with Library portal– Low, predictable costs as part of OpenAthens subscription

Where have we got to with OpenAthens?

What are the key benefits of the OpenAthens offer to UK HE/FE?

– Simple to budget, annual fees

– Technology flexibility

– Quick & easy implementation

– Low operating costs

– Fit with available Library/IT expertise

– Low risk

PLUS

– Maintenance, support & development included

Where have we got to with OpenAthens?

351 institutions subscribed to OpenAthens– 60% FE Colleges

– 40% HEI’s

– 28% subscribed for 3 years

Where have we got to with OpenAthens?

Research conducted Dec 08– 90% satisfied with the service

– 90% were quite likely/very likely to recommend

The detail!

Poor/Very Poor

%

Neither %

Good/Very Good

%

Don’t Know %

Track record 0 7 90 3

Experience in HE/FE 0 0 97 3

Customer focus 3 10 82 3

Innovation 0 21 69 10

Technical leadership 0 24 66 10

Specialised knowledge 0 10 86 3

Explanation of technical issues 3 14 80 3

Ongoing maintenance 7 3 87 3

Value for money 7 17 68 7

Ongoing communications 10 7 80 3

Technical Support 7 17 72 3

Invoicing 3 17 52 28

Non-tech help 0 25 65 10

Intent Survey Jan 2009/10

Customer perceived advantages of OpenAthens

– Familiarity

– Continuity, no additional work for the Library

– Simple & easy to use & administer

– Usage statistics

– Participation in UKAMF

– Access to Shibboleth resources

– Access to non-Shibbolised resources

Intent Survey Jan 2009/10

Customer perceived advantages of OpenAthens

– Do not have to develop in-house IdP

– Minimal impact on internal IT

– Access to online resources off campus

– Good value

– Peace of mind

– Support

– Enables a smooth transition to local authentication

Intent Survey Jan 2009/10

Customer perceived areas for improvement– Service desk response

– Promoting non-Athens resources on MyAthens

– Reliability

– Subscription fees

Intent Survey Jan 2009/10

Customer perceived areas for improvement– Confusion between accessing Athens &

Shibboleth resources

– Issues accessing Shibboleth resources

– Lack of statistics for Shibboleth resources

– A password that matches existing student login/ID

Intent Survey Jan 2009/10

Do you intend to subscribe in 09/10? %Definitely will 42Almost certainly 21Probably will 20Might not 14Definitely not 3

With 3 months to go over 150 institutions have already signed up to OpenAthens for UK HE/FE for

2009/10

Reasons for subscribing/not

Subscribing– Lack of skill/time/budget to implement & support Shibb

– Happy with OpenAthens

– OpenAthens LA 2.0

– Access to Athens resources

Not– Have a functioning Shibboleth Idp

– Proxies/IP authentication

Resources

Ave

How many resources do you subscribe to? 265

Athens 62%

Shibboleth 40%

Other 8%

State of flux, mixed bag for the foreseeable future

Institutions need a solution that is flexible and adaptable

Where have we got to with OpenAthens?

OpenAthens - Open & Standards Compliant

– OpenAthens LA, MD & SP - flexibility

– Athens & Shibboleth resources co-existing

– New technologies = New opportunities

• OpenID

• Information Cards

– Standards are continually evolving

– Solutions must be flexible, adaptable & cost effective

Where do we want to get to?

For institutions – Continue to increase value & reduce risk

– Greater choice– Keep costs predictable & low– Future-proofing

For IT & Library Administrators – Increase capability & reduce workload

– Increase usability• Configuration & management in IT• Resource entitlement & ad-hoc users in

Library– More functionality

Where do we want to get to?

Close engagement with HE/FE IT & Library needs

– External – collaboration & resource access

– Internal – identity, entitlement management & provisioning

Close engagement with Access & Identity Management developments

– Federation standards & technologies

– User-centric standards & technologies

Close engagement with Learner/Researchers needs

– Usability

– Integration with Resource Discovery

What are the next steps? (in 2009)

Openness & Standards Compliance

– OpenAthens LA & SP

– Ease of Install & Management

Administrator Usability & Tools

– Processes & Interface

– Diagnostics & Statistics

Learner/Researcher Usability & Tools

– Usability

– Resource Discovery & Management

What are we doing to get there?

More Resources– Development

– Services

More Events– Workshops

Product Development Advisory Groups– OpenAthens MD

– OpenAthens LA

Alpha Test programmes

Beta Test programmes

What are we doing to get there?

Major functionality releases

– OpenAthens LA 2.0

Minor functionality releases

– Admin Tools

– MyAthens

– OpenAthens SP 1.3

Compliance, servicing & bug fixes

– UK Fed Compliance

Administrator Usability and Tools

Focus on Administrator Interface & Toolbars

April 2009– Interface Update – more intuitive

• Paging tables for lists of users

• Quick multiple account creation

– Graphical statistics

– Shibboleth statistics & basic diagnostics

Oct 2009– More configurable?

• Commonly used functions?

• Service status, maintenance notices, diagnostics?

– Email address as login?

April 2009• Improve accessibility (e.g. style chooser for visually

impaired)

• Increase Admin/User configurability including

– Generic search panels & HTML editing for custom content

– Ability to add non-Athens resources to the resources list (e.g. Shibboleth)

October 2009• Pre-populated panels?

• Manage configuration of toolbar?

• “Add to MyAthens” button for library & service provider web sites?

Learner & Researcher Usability & Tools

UK FederationWAYF

InstitutionUsing

Shibboleth

What are we doing to get there?

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProviders

using Athens

ServiceProvider

using Shibboleth

OpenAthens SubscriptionShibboleth + OpenAthens Identity Broker

Op

en

Ath

en

s SP

1.1

AthensModule

ShibModule

AthensIdentityBroker

ManagedDirectory

InstitutionUsing

AthensDA

InstitutionUsing

OpenAthens LA

Op

en

Ath

en

s LA

2.0

AthensModule

ShibModule

OpenAthens

IdentityBroker

ManagedDirectory

LocalDirectory

LocalDirectory

OpenAthens LA

OpenAthens LA 1.0 = AthensDA PLUS access to Shibboleth (UK fed) resources via OpenAthens gateway functionality

OpenAthens LA 2.0 – Based on the same platform as OpenAthens SP– Multi-platform/language support– Athens, SAML 1.1,2.0 (Shibboleth 1.3, 2.0) module

OpenAthens LA 2.0 SysAdmin/Admin Tools

– Easy install, configuration, management for IT

– Easy user-entitlement admin/management for Librarians

OpenAthens SP

Used by Service Providers - Available as part of UK HE/FE OpenAthens subscription

April 2009 - Multi-platform support

– OpenAthens SP 1.3 - Athens, SAML 1.1/2.0 (Shibboleth 1.3/2.0) OpenID, Cardspace

Dec 2009 - OpenAthens SP 2.0 – SysAdmin/Admin Tools?

– Multi-federation support?

• OpenAthens SP 2.0 – SURFNet, InCommon, CRU (French Federation)..?

Services & Support

Service Desk Web Interface – Feedback?

Dec 2009 - v2.0 – integration, usability and configurability

– Service Information?• Service availability, overall statistics• Institution specific statistics

– Administrator Forum/Knowledgebase?• Sharing service knowledge• Answers to current/common issues• Monitoring & input from Tech Support

How do I continue to subscribe?

June 12th –closing date for all notice of subscription terminations

– Retention permission allows non-subscriber’s data to be retained until 31 October 2009 to provide:

• appropriate message to users

• a safety-net

June 30th – invoices sent (as appropriate)

July 31st – Non-subscriber data deleted unless permission given to retain until Oct 31st

2009/10 Pricing

• JISC-Banded

• Includes new product developments

• Fixed for those who signed in 2008/09 for 3 years

• 3% increase for 2009/10 renewals

JISC Band 2009/10 Fee

A £8,320

B £7,440

C £6,570

D £5,690

E £4,820

F £3,940

G £3,060

H £2,190

I £1,310

J £700

Does this all make sense to you?

Q&A

Summary

Where have we got to with OpenAthens?

- Unique package for UK HE/FE

Where do we want to go?

- Increase value, reduce IT/Lib workload

What are we doing to get there?

- Development investment & engagement

What’s the next step (in 2009)?

- OpenAthens LA 2.0, Admin & MyAthens

How do you subscribe?

- Sign & return confirmation for invoicing