Title: ShibboLEAP: achieving Shibboleth early adoption goals wholesale
1ShibboLEAP achieving Shibboleth early adoption
goals wholesale
- John PaschoudLSE LibraryShibboLEAP Project
Manager
2JISC Core MiddlewareTimescale
Timescales of Athens contract, development and
Core Middleware Development Infrastructure
3Infrastructure-building
- Establishing a UK Shibboleth infrastructure
- April 2004 to March 2006
- Main work areas
- Making national data services Shib compliant
- Creating a service to assist early adopters
- Establishing a national UK federation
- Liaising with suppliers
- publishers, subscription agents, library systems
vendors etc - Funding for organisations willing to be early
Shibboleth adopters - 10 institutional projects underway, plus
ShibboLEAP consortium of 7 institutions in London
4Early adopters (1)
- Leeds (GILEAD)
- Will make Shibboleth their strategic solution to
access management across the university - Nottingham (Local origin implementation)
- Using Eduserv implementation of Shibboleth IdP to
access local/remote resources using local
e-directory - Nottingham Trent (East Midlands deployment)
- Investigate, prototype and deploy centrally
hosted service for East Midlands institutions - UK Data Archive (SAFARI)
- Make three UK DA resources Shibboleth SPs
- Embed in the Data Archive one-stop registration
service - Newcastle (SAPIR)
- Develop Shibboleth as AM solution for
library-mediated resources services
5Early adopters (2)
- Bristol (Metalib Shibboleth integration)
- Integrate Metalib and SFX link server as Shib SPs
- Project output offered to 26 Metalib institutions
29 SFX institutions - Liverpool (LSIP)
- Implement Shibboleth IdP on existing Novell
e-directory - Cardiff (multiple resources including NHS)
- Test applicability of Shibboleth to a range of
resources including e-Science Applications
Secure NHS Resources - Exeter (Project SWISh)
- Shibboleth pilot service covering Exeter
University, Peninsula Medical School, Peninsula
Allied Health Collaboration Combined
Universities in Cornwall - St Georges Hospital Med Sch (ADAMS)
- Implement Shibboleth for JISC project teaching
resources used nationally by HE and FE
6A Shibboleth Early Adopter?
- LSE?
- a Shibboleth Early Adopter project?
- Hang on a mo! - dont they claim to be the
earliest Shibboleth adopter (outside of the
States)??? - Havent they already had rather a lot of JISC
money to play with Shibboleth??? - Cheeky buggers!
7But Whos this with them?
- The SHERPA-LEAP consortium
- Birkbeck
- Imperial
- Kings
- LSE
- Royal Holloway
- SOAS
- UCL
- a diverse collection of University of London
colleges - All in bed together (for this particular menage a
sept) because they wanted to participate in the
(national) SHERPA pilot of Eprints archives - (LEAP London Eprints Archive Project)
- ShibboLEAP well
- Quite a useful lot to get the Shibboleth ball
rolling, eh?
8But Open archives???
- (Open as in OAI - based on Eprints or another
harvestable repository server like DSpace, etc) - Why does it need Access Management?
- Because you dont care who gets the stuff out of
it - but you do want to control who can put stuff in!
- deposit papers (your own academics)
- add metadata (library staff who know what
metadata is) - authorise publication (1 or 2 administrators)
- Could be a rather good exercise in role-based
access management
9Project objectives
- Enable full Shib IdP for all users at each of the
7 partners - Using their existing directory other
infrastructure services where possible - whatever they are (THE TRICKY BIT!)
- Producing a documented production process for
Shib implementation by others - Enable Eprints software as a Shib SP
- As fully as possible (see later) within the
project budget timescale - Contributed back to OSS development of Eprints
10Project management
- Regular Library and IT service staff involved at
each site - High-level buy-in (service director(s))
- all have lunch together regularly
- Focussed Project Management Board governance
- Defined tasks for each planned meeting throughout
project (Apr-05 to Apr-06)
11Minimising risks
- Not many immediate end users to involve
- So delays due to problems with instl
infrastructure need not hold up testing of
Shibbed access to Eprints - Only one physical Eprints server (disguised as
seven hosted by UCL) - So only one development environment to setup
- Nicely vague commitment to how far its good to
Shibbolise the Eprints software
12Shibbing Eprints
- AuthN (easy!)
- to eliminate yet-another-password for users
- AuthZ
- How deeply embedded in code is the permissions
structure? - How much of this can we (do we want to) represent
as generic attributes in an institutional ED?
(probably LibStaff, AcStaff) - so some will (probably) remain internal
- Anyway, we must do this as install-time options
13Shibbing Eprints ( many other applications?)
In shibboleth.xml (SP config) ltSessions
..handlerURLeprints.soas.ac.ukgt
ltSessionInitiator .. wayfURLhttps//shibIdP.soa
s.ac.uk/Shibboleth/HSgt (repeated for each
institution-specific server, to eliminate WAYF
step for end-users)
14Who will benefit?
- Institutions which use Eprints as OAI
- 161? www.eprints.org
- The 6 partner colleges
- which, like LSE, can avoid Athens user
administration sooner (Sep-06, maybe?) - Other institutions
- which can use this as a model for production-line
implementation of Shib IdPs - The Middleware Assisted Take-Up service
- with which weve promised to share
work-in-progress
15Questions?
- www.angel.ac.uk/ShibboLEAP
- j.paschoud_at_LSE.ac.uk