Informaticopia

Monday, February 27, 2006

Access-management: Athens -> Shibboleth

JISC announces the development of a new access-management system for the UK

JISC (the Joint Information Systems Committee of the Higher Education Funding Council for England) have today announced that they will be moving from the Athens authentication system to an access-management system based on Shibboleth technology.

This will affect the processes used by millions of users and a three year plan is being put in place to manage the transition. Most of the work will need to be undertaken by institutions rather than end users, but it could potentially provide them whith a much easier process to access full text journal articles & bibliographic databases, video and audio files, research data sets and a host of research materials. As a user with multiple logins and passwords for different portals and databases (often with sveral sets of rights to the same resource through insitutional and personal subscriptions) I have been advocating this sort of development for years. The cry of "single sign on" is I believe one of the factors which wil increase the uptake of resources by those resistant to the use of some digital technologies.

Shibboleth does not carry out authentication itself. Instead, Shibboleth defines a set of protocols for the secure passing of identity information between institutions and service providers. It relies on the institution to establish identity, and on the service provider to confirm access rights, given information about institutional affiliation. It is written in SAML (Security Assertion Markup Language), an international standard developed by the OASIS Security Services Technical Committee and the Internet2 middleware group.

The word "Shibboleth" comes from the Old Testament (Judges 12:1-6). The Ephraimites who lived to the west of the river Jordan invaded Gilead on the other side of the river and were defeated. Retreating, their way was blocked by the Gileadites who controlled the fords. They had different accents and the
Ephraimites pronounced the ‘sh’ sound as ‘si’. To separate friend from foe, those crossing the river were asked to pronounce the word ‘shibboleth’ (it means an ear of corn). According to the bible, the 42,000 who pronounced it ‘sibboleth’ were killed.

The "ease of use" clearly indicates that this is the direction of travel, however financial and privacy arguments are still unresolved. Even with the growth of open access publication models, many publishers of materials which require subscription or one off payment, have been looking at micro charging for each article or page which is viewed, and improved ways of counting access and usage. Shibboleth developments may have a role in achieving this, particularly if the same processes are to be used by Amazon, eBay and other online vendors, which would save having to enter personal details at various points in the online transaction process. However these potential user and financial benefits may lead to worries about the potential for identity theft, and the powers of the new "Federations" (InCommon in the UK), which will manage the process.

It will be interesting to see if other organisations, especially the NHS, follow this path when JISC funding for the Athens service ceases.

Technorati Tags: , ,

0 Comments:

Post a Comment

<< Home