« Cardiff University information literacy podcasts | Main | Options for joining the UK Access Management Federation »

March 06, 2008

JISC briefing paper on third party suppliers of federated access management solutions - some clarification about OpenAthens

The JISC have released a briefing paper about third party suppliers of federated access management solutions:

aimed at UK higher (HE) and further (FE) education institutions that wish to adopt federated access management and join the UK Access Management Federation, either by using paid-for support or by subscribing to an 'outsourced Identity Provider'.

For the record, the briefing paper contains some presentational errors about our OpenAthens product suite (though I should acknowledge that I fully understand why, since our own messaging in this area has not been as clear as it might have been).  In particular, the phrase:

[OpenAthens] Interoperates with the UK federation via Gateways that are integral part of OpenAthens.

is somewhat misleading.

It is true that the current Athens service interoperates with the UK Federation via two gateways, one going from Athens to Shibboleth, the other going from Shibboleth to Athens.  However, the new OpenAthens identity provider (in both its Managed Directory (fully outsourced) and Local Authentication (partially outsourced) forms) offers a fully functional, federation-compliant, Shibboleth identity provider.  There is therefore no requirement for the Athens to Shibboleth gateway component as a separate entity on the network - it simply will not exist in the future.

The other gateway, going from Shibboleth to Athens, will remain for as long as it is necessary for institutions to gain access to Athens-only service providers - this gateway is needed by any Shibbolised institution wishing to gain access to such services via Athens, irrespective of how they have chosen to implement Shibboleth.  (Note that by offering OpenAthens SP we feel we are doing as much as reasonably possible to encourage service providers to move from Athens to Shibboleth - but, clearly, this gateway is likely to be required for some time).

So, to sum up... OpenAthens comprises three main components:

  • An identity provider (which comes in two forms, Managed Directory (i.e. fully outsourced) and Local Authentication (i.e. partially outsourced))
  • OpenAthens SP
  • the Shibboleth to Athens gateway.

Note that at this stage I'm not 100% sure that these are the formal product names that we will use for these components - apologies in advance if this blog entry confuses anyone because of this.  However, the point is not to worry too much about the names - the important thing is that these are the components we offer and that, as far as I know, all of them are compliant with the UK Federation and all come with a commitment from Eduserv to maintain that compliance and to adopt whatever mainstream access and identity standards come along in the future.

I should also add that the purpose of this blog entry is not to promote OpenAthens as the best way of joining the UK Access Management Federation - institutions will have to make up their own minds about which route is most appropriate for them.  I'm just trying to clarify the picture around OpenAthens a little so that institutions can make an informed choice.

8 March 2008: I've slightly revised this entry because colleagues at Eduserv felt that my use of 'OpenAthens IdP' gave the impression that this was an agreed product name, which it is not (at the time of writing).  Apologies for any confusion caused.  It is perhaps also worth noting that my characterisation of the Shibboleth to Athens gateway as a separate entity on the network is not a view shared by everyone at Eduserv.  Speaking only for myself, I think that continuing to refer to this particular gateway is helpful for understanding what OpenAthens comprises in the short term, though I completely accept that this may not be a useful way of describing our product suite in the longer term.


TrackBack URL for this entry:

Listed below are links to weblogs that reference JISC briefing paper on third party suppliers of federated access management solutions - some clarification about OpenAthens:


The comments to this entry are closed.



eFoundations is powered by TypePad