AIM Innovation Projects’ Start-up Meeting

March 15th, 2010 by chriscb

As this was the first start-up meeting I have organised it was with some trepidation that I headed off to Greenwich on Wednesday 3 March. With the improved transport connections, improved since I last went to Greenwich which is more years ago than I care to remember, I thought Greenwich would make a pleasant change from the hurly-burly of central London, a place of calm to encourage a more relaxed and informal atmosphere.

With the early start and the distance that some people had to travel, JISC funded accommodation and a dinner for the night before. Meeting up in the Admirals’ Bar, I saw some familiar faces and was pleased to meet some new ones too. Understandably, I think most people were probably wishing they were someone else, but thankfully Verena (who helps organise these events) had found a good restaurant a short walk from the hotel. Once ensconced at the restaurant, and some wine and food had been consumed, everyone seemed to enjoy themselves talking about a variety of subjects, including some non-work topics as well. As we were there for 4 hours I guess it can’t have been too bad.

The next day we had a 9:30 start. Everything went smoothly apart from an early hiccup with the PA system. This was only needed for the eWorks presentation which was being done through Skype. In the end we hooked the laptop up to a plasma screen to use its speakers and this worked pretty well.

One problem with arranging a start-up meeting is that the audience is a mix of old-hands who have worked on JISC projects and are pretty familiar with its processes, and the new to JISC people. With this is mind I gave a presentation on the Access & Identity Management (AIM) programme and how the projects fitted in within the programme. Some information was repeated from the Briefing Day as not everyone had been to that event. I described the JISC guidelines paying particular attention to the roles of the Programme Manager and the Project Manager, what they should expect from me and what JISC expects from them. Dissemination and publicity of the projects is fundamental for expanding the community and bringing the projects’ outputs to a wider audience. I encouraged their project websites to be more than just a one page summary of the project, resisting the temptation to finger point.

Following my presentation we then linked up to Owen ONeill from eWorks in Australia who presented using Skype. We didn’t use webcams, which was just as well as he said he was sitting in his pyjamas in 30 degree heat. Owen described eWorks and its function within Australia. They had picked up on the 08/09 call and are interested in it because it covers areas that they are dealing with too. They are hoping to work closely with some of the projects, not just looking at their outputs but also learning more about how JISC funded projects are run. It will be interesting to see how this develops.

Each project had been allocated 15 minutes to give an introduction to their project and describe its aims and objectives. The 9 presentations were split by an enjoyable lunch that gave everyone a further opportunity to network. One of the purposes behind this event was for the projects to network and so tea/coffee breaks and lunch are just as important as watching the presentations. This part of the day also proved successful judging by the number of interesting conversations going on between projects.

Projects presented in alphabetical order and there follows a brief summary of each one. There was some mention during the day of JISC’s “obsession” with Twitter. With that in mind the following summaries have not exceeded 140 characters! All the slides are available at the end of this post.

eCert
Create a demonstrator that proves the protocol for Electronic Award Certificates. The certificates can be trusted more than paper versions

Granularity, Audit, N-tier and Delegation (GRAND)
Look at improving Grouper’s structure, process Shib and Grouper logs and integrate an auto login for Shib and exploit n-tier support in Shib

Identity & Access Management using Social Networking Technologies
Using Friend-Of-A-Friend vocabulary for Id management and apply it to the UK Fed via Shib (implementing an IdP) and the NGS via GSI.

Logins for Life
Look at how existing digital ids can be used throughout the changing relationship a person has with a university – before, during and after.

A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service
Develop proxy cert auditing infrastructure supporting monitoring/auditing use of proxy credentials, demo it in projects and roll out to NGS.

Retrieval, Analysis and Presentation Toolkit for usage of Online Resources (RAPTOR)
Creating software that collects usage stats from Shib/EZproxy logs and shows the visualisation of e-resource usage to non-technical people.

Student-Managed Access to online Resources (SMART)
Develop an online data access mgmt system based on the User-Managed Access (UMA) Web protocol, deploy and evaluate within Newcastle Univ.

Service-Oriented Federated Authorization (SOFA)
Extend sif to deliver a service-oriented framework that facilitates the secure aggregation of heterogeneous data sources.

Web Services Tiered Internet Authorisation (WSTIERIA)
Make web services work within the UK federation. Look at authorising proxy (“façade”) from SEE-GEO and native Shib n-tier delegation.

After the project presentations Andy McGregor, Information Environment Programme Manager, introduced the new project management forum, JISCPM. He encouraged projects to use the forum when they have any questions on project management, as there are many experienced people available who will answer their questions. By tagging related content with the tag #jiscpm the information can be retrieved by anyone with an interest in this area.

We had a final open forum and there was some discussion between projects and a sharing of ideas. One such discussion was between the WSTIERIA and SMART projects where they compared User Managed Access (UMA) with OAuth WRAP and the web service access control façade idea from a previous JISC/EDINA SEE-GEO project on which WSTIERIA is based. The two projects plan to meet up at some point to discuss this further.

The discussions could have continued but as many people had long journeys to get home, and we were all tired out from a long day, the meeting was adjourned. As I only took 20 minutes to get from Greenwich to Waterloo I thought maybe Greenwich isn’t that far away from central London. The feedback from the event has been positive so I like to think the day was a success.

Slides and eWorks handout

AIM Start-up Meeting – Introduction

AIM Start-up Meeting – Programme Manager presentation

Access and Authentication – eWorks presentation

eWorks Information Sheet

eCert Presentation

GRAND Presentation

Identity & Access Management using Social Networking Technologies Presentation

Logins for Life Presentation

A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service

RAPTOR Presentation

SMART Presentation

SOFA Presentation

WSTIERIA Presentation

JISCPM Presentation

Posted in AIM, Events, Projects, start-up meeting | No Comments »

AIM 08/09 Funded Projects

February 5th, 2010 by chriscb

The following projects were funded from the recent 08/09 call. They all started on 1 January 2010 and some run till the end date of the programme, which is 31 March 2011. Details of all projects funded by the Access and Identity Management Programme can be found at http://www.jisc.ac.uk/whatwedo/programmes/aim.aspx. See individual project’s links for more information on the project including contact details.

eCert

Project Manager Lisha Chen Wilson
Institution University of Southampton
Duration 12 months
Project Summary This project seeks to address the issue of design for a suitable user-centric “eCertificate” system by working with representatives of the community to establish use case scenarios, and to then verify this design by building a demonstrator, and then testing the demonstrator within the group. The demonstrator will be based on a code library, so that others will be able to build eCertificate applications based on this code library, which will be placed in the public domain.

GRAND (GRanularity, Audit, N-tier, and Delegation)

Project Manager Caleb Racey
Institution Newcastle University
Duration 15 months
Project Summary The GRAND project will investigate approaches to address the areas of “Granularity and delegation”, “Audit and Accounting” and “N-tier authentication”. It will exploit the existing mature access management systems deployed in Newcastle University to investigate use cases, policy and procedure implications and the technical tools necessary to address these concerns. The project aims to make advanced cutting edge approaches to these areas a practical widely deployed reality.

Identity & Access Management using Social Networking Technologies

Project Manager Mike Jones
Institution University of Manchester
Duration 9 months
Project Summary This project applies social networking technologies implemented via the Semantic Web to support identity management. Developing software that benefits from using social trust models for authorisation and authentication. The technology will be based on Friend-of-a-Friend (FOAF), which is a vocabulary used to provide information about people and organisations and to describe relationships between them.The resultant technology will support more flexible, transient, ad hoc relationships between people, such as those formed for the purpose of a specific project (i.e. virtual organisations) and can include individuals who would otherwise fit with difficulty in the hierarchy of institutions such as foreign guest researchers or external consultants. The technology will be applied to core middleware utilised by two important JISC initiatives which rely heavily on the Access and Identity Management programme: the UK NGS and the UK Access Management Federation.

Logins for Life

Project Manager John Sotillo
Institution University of Kent
Duration 15 months
Project Summary The Logins for Life project addresses the needs of a University to engage with users throughout their lives. It will create use cases, policies and recommendations for dealing with user accounts throughout their changing roles while catering for existing digital identities. It will also create a test environment which will demonstrate how these policies can be delivered using open source tools.

A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service

Project Manager Wei Jie
Institution Thames Valley University
Duration 15 months
Project Summary Proxy certificates, used for authentication-oriented access and usage of resources, can potentially be obtained and abused by a malicious third party without the knowledge of the holder. This project will build upon initial prototypes and demonstrate a solution that enables a thorough auditing of proxy credential usage in widely distributed and heterogeneous research environments exemplified by the NGS. In undertaking this, a secure service will be developed through which auditing information can be tracked and used for user-level monitoring, virtual organization (VO)-level usage and monitoring, and resource provider-level usage and monitoring. In close collaboration with the NGS this auditing service will be made available to the NGS for longer term auditing and monitoring purposes of its customer and research base. The auditing service will be demonstrated in an international setting including use of the NGS, ScotGrid (www.scotgrid.ac.uk), TeraGrid in the US (www.teragrid.org) and the D-Grid in Germany (www.d-grid.de/).

Retrieval, Analysis, and Presentation Toolkit for usage of Online Resources (RAPTOR)

Project Manager Graham Mason
Institution Cardiff University
Duration 15 months
Project Summary This project will build a software toolkit for reporting e-resource usage statistics in a user-friendly manner suitable for non-technical staff.  This will allow an institution to understand which resources they need to keep subscribing to, and those which they may wish to unsubscribe from – potentially resulting in real-world cost savings. It will achieve this through a requirements gathering exercise, talking to staff within the project institutions, a group of pilot institutions, interested parties, and via an open call for ideas. At the very least the software toolkit will consume Shibboleth Identity Provider log files, and may also be extended to consume log files from other e-resource access methods such as EZProxy.

Student-Managed Access to Online Resources (SMART)

Project Manager Maciej Machulak
Institution Newcastle University
Duration 15 months
Project Summary The SMART (Student-Managed Access to Online Resources) project will develop an online data access management system based on the ProtectServe protocol (this is in the process of being standardised by the User-Managed Access work group (charter of the Kantara Initiative)), a newly proposed technology that expands OAuth. The project will define a HE case study that exemplifies access management requirements for HE applications, implement a ProtectServe based access management solution and evaluate this through a user study. The project builds on existing research by the investigators and is carried out in collaboration with the university’s ISS IT organisation. Through this work, they ensure that HE requirements for access management are taken into consideration early in the standardisation process, and, at the same time, ensure that UK HE continues to be at the forefront of developments in this area.

SOFA (Service-Oriented Federated Authorization)

Project Manager Andrew Simpson
Institution University of Oxford
Duration 12 months
Project Summary This project will focus on meeting the interoperability challenges associated with authorization at an organisational level. Even in contexts where standardisation is achieved, there will still be outliers or legacy systems dependent upon locally determined approaches to security. We will leverage experience in developing tools and technologies to link heterogeneous data sources to develop a system that allows institutions not only to link such data sources securely, but also to link such sources without a need for reliance on a single authorization mechanism. While acknowledging that standardisation has much to offer, this system offers a pragmatic approach that is capable of facilitating a secure ‘bridge’ between new and legacy, and central and outlying, systems.

Web Services Tiered Internet Authorisation (WSTIERIA)

Project Manager Fiona Culloch
Institution EDINA National Data Centre
Duration 12 months
Project Summary State of the art in authentication for REST-style web services is still IP-address checking; federated access is problematic due to its dependence on a user at a web browser. This project will enable interoperation of web services with the UK federation by taking two current developments; by Internet2 in extending Shibboleth to handle an n-tier/portal use case, and by EDINA in developing non-browser access to federated web services, and applying them to one or more real use cases.

Posted in AIM, Projects | No Comments »

AIM 08/09 follow-on call postponed

January 6th, 2010 by chriscb

As you are probably already aware, JISC has frozen its current and future funding calls for capital funded projects. Obviously this does not affect the projects that successfully bid for the recent 08/09 AIM call as they have already received funding. However, at the time of launching the 08/09 call we made it aware to the community that there would be a follow-on AIM call in the New Year. This call was to have been similar to the original call but would be updated to include feedback from the community. As this call comes from capital funding it has now been postponed.

The situation will not become clearer until the HEFCE board meeting on 28 January 2010. We will not know until then whether the AIM call will be launched or not.

Further details regarding the funding postponement are available on the JISC website, which includes some questions and answers.

If you have further queries, please address them to funding@jisc.ac.uk.

Posted in Uncategorized | No Comments »

AIM Briefing Event 17/09/2009

September 21st, 2009 by chriscb

A big thank you to everyone who attended the Access and Identity Management Briefing Event on 17th September, 2009 at the ICC in Birmingham. I hope you found it informative and enjoyed the opportunity to meet people and talk to them about possible collaborations.

The presentations will be available on the JISC website event page. In the meantime the slides are available here:

Introduction: The place of the Access & Identity Management Programme in the JISC strategy and Programmes

Programme overview and key objectives

Policy briefing, application procedures, IPR and common pitfalls

Please contact me if you require further information regarding the call.

Posted in Uncategorized | No Comments »

Access & Identity Management Programme Call

August 7th, 2009 by chriscb

This 08/09 call from the Access & Identity Management Programme has just been issued. Within the call there are the following two strands: Innovation and Level of Assurance. This blog posting is intended to provide a brief summary of the contents of this call.

Innovation

The aim this Grant Funding Call is to take a broad look at a set of themes and cross themes within the area of Access and Identity Management. This Call is not intended to be too prescriptive.

The themes within this strand are user centricity, granularity, delegation, n-tier, accounting / auditing. Within each theme the following cross themes can be applied: technology and tools, interoperability, use cases, policy and licensing. Bids may choose any of these cross themes within any theme.

It should be noted that this is not just a technology problem and that “softer” projects will also be considered.

Level of Assurance

The aim of this strand is to widen the understanding of Levels of Assurance (LoA) and to show how the concepts might work in practice. Under this strand the JISC is prepared to fund 2 to 3 small scale demonstrators that are looking to demonstrate solutions to Levels of Assurance (LoA) from the perspective of the service provider, e.g. publishers, as well as a service consumer, e.g. universities and university departments. The JISC is particularly interested in a partnership between provider and consumer.

Funding

Access & Identity Management: Innovation
Total Funding of £1M
Max Funding per project of between £50,000 and £150,000
Project Duration – 6 to 15 months

Access & Identity Management: Level of Assurance
Total Funding of £0.6M
Max Funding per project of between £200,000 and £300,000
Project Duration – 12 to 15 months

Background

Access and Identity Management is a key component of many initiatives across JISC and as such the Innovation Group works closely with the Services and Collections Teams. This work involves both the support and expansion of the UK Access Management Federation as well as looking at how new developments can both improve on this service and how innovation might help increase the uptake of access to resources and information within the community.

Further Information

The deadline for receipt of proposals in response to this call is 12 noon GMT on Monday 19th October 2009.

The JISC is holding a community briefing event where potential bidders will be given information about the background to the call, its objectives and the bidding process. Attendees will also have an opportunity to ask questions of JISC Executive staff .This meeting will take place Thursday 17th September 2009 in Birmingham. Members of the community are invited to register for the meeting online from 7th August 2009. More information is available from http://www.jisc.ac.uk/events/2009/09/aimcallbriefing.aspx.

The call document is available from http://www.jisc.ac.uk/media/documents/funding/2009/08/0809aim.doc.

Please follow this blog for updates and ongoing announcements relating to this Call and the Access & Identity Management Programme in general.

In advance of the Briefing Day, you may post queries relating to the Call on Twitter (#AIMCall09).  This will help us assemble a useful set of FAQs in advance of that event.

For further information please contact the Programme Manager (c.brown@jisc.ac.uk) or tweet (#AIMCall09).

Posted in Uncategorized | No Comments »

Welcome

July 9th, 2009 by chriscb

Welcome to the Access and Identity Management blog. This programme is managed by the e-Research team (part of the Innovation Group) .  Further information about the programme is available at http://www.jisc.ac.uk/whatwedo/programmes/aim.aspx

This blog will provide information on the programme, for example calls for projects, plans, events, etc. It also serves as a forum where questions, particularly related to calls, can be asked of the e-Research team, and also for discussion.

Posted in Uncategorized | No Comments »