JISC Grant Funding 08/09 A. Cover Sheet for Proposals (All sections must be completed) Name of JISC Programme: Name of Call Area Bidding For (tick ONE only): X Strand A: Innovation Access and Identity Management Please tick the areas being dealt with by your project under Strand A: User Centricity Granularity n-tier Delegation Accounting/Audit Tech & Tools Interop Use Cases Policy Licensing X X X X X X X X X X Strand B: Level of Assurance Please indicate the type of Level of Assurance being dealt with by the project under Strand B (both can be selected): Registration LoA Authentication LoA Name of Lead Institution: Name of Proposed Project: Name(s) of Project Partners(s) University of Kent Logins for Life Full Contact Details for Primary Contact: Name: John Sotillo Position: Director of Information Services Address: Templeman Library University of Kent Canterbury, Kent CT2 7NU Length of Project: 15 months Project Start Date: 1 January 2010 Any private sector involvement in the Project NO (delete as appropriate) Email: J.Sotillo@kent.ac.uk Tel: 01227 823635 Fax: 01227 823984 Project End Date: 31 March 2011 Total Funding Requested from JISC: £149,451 Funding requested from JISC broken down across Financial Years (April - March) January – March 2010 April 2010 – Mar 2011 £21,197 £128,254 Total Institutional Contributions: Outline Project Description: The Logins for Life project addresses the needs of a University to engage with users throughout their lives. It will create use cases, policies and recommendations for dealing with user accounts throughout their changing roles while catering for existing digital identities. It will also create a test environment which will demonstrate how these policies can be delivered using open source tools. I have looked at the example FOI form at YES NO Appendix A and included an FOI form (Tick X Box) I have read the Funding Call and associated YES NO Terms and Conditions of Grant at Appendix X B (Tick Box) Page 1 of 11 B. Appropriateness and Fit to Programme Objectives and Overall Value to the JISC Community 1. The Logins for Life project has a number of innovatory features, and fits several of the programme objectives. It will address three primary themes: user centricity, levels of assurance (LoA), and fine grained access control. Within these themes it will address all five of the cross themes, by: a. using existing open source technologies and tools and adding minor enhancements to these as necessary b. demonstrating interoperability between different existing protocols and authentication mechanisms (OpenID, Information Cards and SAMLv2), and showing how the LoA can be effectively used by these different systems, c. providing a powerful set of use cases extracted from the overall vision of Logins for Life d. developing policies and procedures for enrolling new (unknown) users, migrating them to fully enrolled students or members of staff, and finally supporting them as they progress to alumni, (re)employment or retirement. e. a comparison of the total cost of ownership for a greatly increased number of login accounts, using different licensing models. 2. The concept of Logins for Life places the user at the centre of the university’s information systems. New (unknown) users who are interested in the university will be able to browse the university’s web site, and register themselves as new users. This will cause a new entry to be made in the university’s LDAP service. These new users may choose their own login identity at the university, or they may choose an existing OpenID provider or self issued Information Card, but either way they will be given the lowest LoA since none of their identity information will have been validated. If they were to choose a trusted OpenID provider or a managed Information Card from a known and trusted Identity Provider, then a higher LoA could be assigned during registration. New users will be able to access documentation from the university, such as course material, be placed on various mailing lists, and receive notification of events of interest to them, but would not normally be granted access to more privileged resources. 3. When a new user becomes formally attached to the university, for example, by accepting an offer of employment, or registering as a student, this person will come into face to face contact with university officials. At this point the university can validate the identity assertions previously made by this person, and can increase the LoA that is assigned to this person’s entry in the university’s LDAP directory. Procedures will be written for this. At this point the user will be given a university assigned login ID, if they were not given one at enrolment time, and access to more privileged information can be granted. 4. Some users will now have the choice between two different login names/authentication mechanisms, with different LoAs and corresponding privileges associated with them. 5. Interworking between OpenID logins and Shibboleth logins will be provided by the OpenID-SAML gateway built by the University of Kent under the previously JISC funded OpenID project. 6. Interworking between Information Cards and Shibboleth logins will be provided by the user choosing either the Information Card icon or Shibboleth icon on the Service Providers web page. 7. Fine grained access to a selection of resources will be provided by using the PERMIS authorisation system, which has full support for utilising the LoA and status attributes when making its access control decisions. PERMIS will be enhanced to fetch raw LDAP Page 2 of 11 text attributes from the university’s LDAP system, without requiring them to be either digitally signed or wrapped as SAML attribute assertions. Instead an SSL link will be used to protect them whilst in transit. This is expected to yield performance improvements, which will be documented and published. 8. When a user formally leaves the university, by terminating their appointment or finishing their studies, their account will not be de-provisioned. This is a significant innovatory step and a break with current practice. The account will be kept; but the status of the person will be changed in their LDAP directory entry. The person will continue to be able to login to the university’s systems with any of the login ids they have previously used (albeit with different authentication LoAs), and the person will continue to enjoy access to some of the university’s resources, but now it will be with an intermediate level of access commensurate with their new lower status (between that of an unknown new user and a formally attached person). 9. If a person re-establishes formal links with the university, for example, returns to take a postgraduate degree or returns to a different employee role, then they will not need to be re-provisioned from scratch again, as happens today. Instead their existing account can simply be upgraded to reflect their new status, and new access rights will be granted accordingly. 10. It is recognised that as people go through life they obtain different accounts at different service providers, and cease to use some of their existing accounts. Furthermore, remembering all the passwords of the different accounts is onerous on the user, and costly to the service provider who has to provide a password recovery service. To cater for this, we will allow any user to register a new login account at any time, regardless of their status. They may also de-register any of their existing login accounts when they no longer wish to use them for login/ authentication. This is a very novel feature, and it will ensures that users can continue to login to university services using the account that is most convenient to them at any stage in their life. Furthermore, users will be able to continue to use their university login account for logging into other services which support Shibboleth SSO. This should dramatically decrease the problem of forgotten passwords, since users will be able to use the login account that suits them best for a wide variety of services. We believe that we can provide this novel service relatively easily by incorporating the Account Linking Service, which was developed by the University of Kent under the recent Shintau project (see http://sec.cs.kent.ac.uk/shintau), into the Logins for Life service. We will document the procedures and processes that are necessary to achieve this account migration service. 11. The University of Brighton runs the Brighton and Sussex Medical School in conjunction with the University of Sussex. Students of the medical school are members of both institutions, and should be able to access resources with either set of credentials, but at present they can't do so because service providers don't let them. If Brighton and Sussex could automatically create links between their user accounts using the Shintau Account Linking Service, these students would never have to set up the links themselves and could then log in to the service provider sites from either of their accounts. As collaborative courses and other joint ventures become more common, it is likely that automated account linking will have a fairly wide range of applications. We therefore propose to provide a new appropriately secured web services management interface to the Account Linking Service which will let a management client, prompted as part of the student enrolment process, to create the account links automatically as soon as the student exists in multiple systems. This will save the student the effort of having to do this him/her self. 12. The project’s outcomes (see below in Deliverables) will be of great value to the JISC community, since we will demonstrate how existing open source software and tools can Page 3 of 11 be utilised to provide user centric fine grained access to university and other resources, throughout a person’s entire lifetime, using different accounts that are linked together. Documenting the policies and procedures that are needed for this, and providing them to the community, will enable other institutions to follow our ground breaking approach. C. Quality of Proposal and Robustness of Work plan A description of the intended project plan 13. This project will have five major strands, each with an associated work package: WP1. Project management. Managing the project through its entire lifetime to ensure successful delivery of results to time and budget. WP2. Requirements gathering. Liaising with university departments, staff and students to capture their requirements WP3. Investigating technologies. Investigating what other market players are doing and the current state of open source products and defining any glue components that are currently missing. WP4. Building and testing a demonstration system. Use existing open source products along with any glue components that are missing to build a demo system. Trial with users and technical staff and modify as necessary. WP5. Dissemination. Publicising the project to the JISC community, building a project web site, and making recommendations to Kent and the wider community through a documented set of procedures 14. WP1 (6 person weeks) will be led Peter Riley. It comprises the following tasks: T1.1 Recruit and train project staff (2 pw) T1.2 Monthly Project Meetings (2 pw) T1.3 Produce PM reports: Project Plan (D1.1), Midway Progress Report (D1.2), Final Report (D1.3) and Completion Report (D1.4) (2 pw) 15. WP2 (11 person weeks) will be led by Bonnie Ferguson. It comprises the following tasks T2.1 Meet with stakeholders to gather requirements for account management. Feed into D2.1 (3 pw) T2.2 Create use cases for different user scenarios and feed into D2.1 (2 pw) T2.3 Investigate best practices for Logins for life at other Universities and commercial sites and produce D2.2 (4 pw) T2.4 Propose LOAs for different user groups and stages of life and feed into D2.1 (1 pw) T2.5 Understand current workflows for provisioning users at Kent and feed into D2.1 (1pw) T2.6 Review of use cases and related findings by Information Services (IS) staff (1pw) 16. WP3 (14 person weeks) will be led by Bonnie Ferguson. It comprises the following tasks T3.1 Investigate how OpenID and Information cards can be integrated with existing systems (3 pw) T3.2 Research on presenting clear login pages with multiple sign-in options, including providers such as RPX (https://rpxnow.com/) (2 pw) T3.3 Investigate how to handle multiple identities for users (4 pw) T3.4 Define overall architecture and any glue software necessary for components to work together and produce D3.1 (4 pw) T3.5 Present findings to central teams and refine (1 pw). Page 4 of 11 17. WP4 (32 person weeks) will be led by David Chadwick and will comprise the following tasks T4.1 Specify, order, set up test server (1 pw) T4.2 Plan the installation of component software (OpenSSO, Permis, Account Linking service) (1 pw) T4.3 Work with Kent's web designer to develop a good user experience for each user group (login pages, logout options, etc.) (3 pw) T4.4 Build the 'glue' software to backend systems (8 pw) T4.5 Install software and 'glue' together all components (3 pw) T4.6 Performance and load testing of proposed system (4 pw) T4.7 Trial with user groups and gather feedback (4 pw) T4.8 Modify system as a result of trials and testing (8 pw) 18. WP5 (8 person weeks) will be led by John Sotillo and will comprise the following tasks (and effort) T5.1 Create and update Project Website (2 pw) T5.2 Produce deliverables D5.2 and D5.2 for Kent and the JISC community (4 pw) T5.3 External QA reviews by LSE T5.4 Create D5.4 roadmap for adoption at Kent (2 pw) Deliverables 19. The deliverable for the Logins for Life project are: D1.1 Project Plan, D1.2 Progress Report, D1.3 Final Report and D1.4 Completion Report. D2.1 Requirements and Use cases for the University of Kent D2.2 Survey of best practises for lifetime identity provision amongst Universities and leading online companies such as Amazon and Google. D3.1 Design of overall architecture and any missing glue components D4.1 Demonstration system for trialling with users. D4.2 Demonstration results. Results obtained from performance and stress testing and usability results from trialling with users. D5.1 Project Web Site D5.2 Recommendations to JISC and Kent for Logins for Life policies and procedures D5.3 Recommendations to JISC and Kent for software architectures D5.4 Roadmap for deployment at Kent Page 5 of 11 GANTT Chart for WORK PACKAGES and TASKS WP 1 Project Management T1.1 Recruit and train project staff T1.2 Montly Project Meetings T1.3 Write PM reports WP 2: Requirements Gathering T2.1 Meet with stakeholders T2.2 Create use cases T2.3 Investigate best practices T2.4 Propose LOAs T2.5 Understand current workflows T2.6 Review of use cases WP 3: Investigating technologies T3.1 Investigate OpenID + InfoCard T3.2 Research multiple logins T3.3 Handle multiple identities T3.4 Define overall architecture T3.5 Present findings and refine WP 4: Building and testing demonstration system T4.1 Set up test server T4.2 Plan the installation T4.3 Web design T4.4 Build the 'glue' software T4.5 Install software and 'glue' T4.6 Performance and load testing T4.7 Trial with user groups T4.8 Modify system as necessary WP 5: Dissemination T5.1 Project Website T5.2 Produce D5.2, D5.3 T5.3 QA review by LSE 5.3 Roadmaps for adoption at Kent Page 6 of 11 Jan 2010 Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan 2011 Feb Mar Measuring Success 20. We will measure success on the project using the following factors: Timing and task July 2010 (Task 2.6) Factor to Evaluate Use cases December 2010 (Task 4.7) Questions to Address Method(s) Measure of Success Use cases cover the majority of user scenarios Do the use cases cover all the major scenarios Review User experience Is the user experience acceptable, given multiple login options User testing at Kent Successful feedback from user tests September 2010 (Task 3.5) New Technologies Were any important technologies missed? Are there best practises that can be adopted? Presentatio n to central teams and refine December 2010 (Task 4.6) Demonstratio n system Is the software feasible, scalable, fast enough, and reliable February 2011 (Task 5.3) Community Recommenda tions Are the recommendations generic enough to be of use for the HE community? Technical review. Load performanc e testing External review by expert from LSE Team members are satisfied with review and refinements offered Repeatable installation process Successful load testing Recommendation s are useful for the whole community 21. Since this project aims to make recommendations for Logins for Life policies for the entire JISC community, our final reports will be reviewed by Simon McLeish from The London School of Economics. Project management arrangements 22. Agile project management techniques with regular group meetings will help to plan and run the Logins for Life project in an efficient and light-weight manner. Risks 23. Risk Staffing problems Technical problems (e.g. failure to find an appropriate architecture ) Page 7 of 11 Probability (1-5) 2 Severity (1-5) 5 Score (P x S) 10 1 4 4 Action to Prevent/Manage Risk We are using a team of >6 people so there is no single critical person. We plan to advertise for a new member of staff in Nov 2009 so he/she should be in post in early 2010 We are already using current state of the art designs which have been internationally reviewed, and open source software that has been successfully tested for interworking Delays/ missed deadlines 3 2 6 Organisati onal: (e.g. loss of institutional support for project) Legal: Copyright, licensing and IPR. 1 4 4 1 3 3 External: e.g. govt cutbacks in funding, supplier failure etc. 2 2 4 We intend to use an agile approach and assess the progress often, so any delays can be dealt with early. We have built-in contingencies in the project plan Dissemination of clear information and agreement for support from appropriate senior executive managers University will use standard open source software and licences where possible throughout the project. Use of standard interfaces means products can be switched Develop and maintain good communication with JISC, other AIM projects, stakeholders and suppliers. Share solutions to common problems IPR position 24. All software released during this project will use the Open source BSD type licence and be released to the JISC community. We have significant experience of this mode of distribution already (PERMIS has several hundred downloads per month). Sustainability issues 25. This project will produce a set of recommendations and policies which will be put into practise at the University of Kent. Throughout the project, staff will gain experience and knowledge of new technologies for access management (e.g. OpenID, Information Cards, PERMIS etc.) and should be equipped to bring the recommended systems into production at the end of the project. 26. Information about the project, and the recommendations for policies, software and architectures will remain accessible to the community indefinitely. All open source software released by this project will be available to the community for at least 5 years after the completion of this project, from the existing PERMIS web site. D. Engagement with the Community 27. The initial part of this project will include a rigorous requirements gathering stage which will engage each set of stakeholders shown in the table below. This will help us to ascertain a set of requirements for user groups and ensure that their needs are met. We will also look for best practises throughout the HE community and in the commercial sector which we can use to form policies for Kent. 28. The Logins for Life project will produce a set of policies and a proof-of-concept architecture that will be demonstrated to stakeholders at the University of Kent through a number of user trials and demonstration sessions. These will lead to an improved user experience for all Kent users and increased satisfaction with the IT provision at the University. Page 8 of 11 29. Stakeholder JISC community All users Prospective students Students Alumni Relations Employees Human Resources Conference delegates IS department at Kent Interest / stake All Universities face similar issues of provisioning users throughout their lifetime and will be looking for recommendations and best practises in this area. May have existing digital identities (e.g. OpenID account) which they would like to use throughout their interaction with The University of Kent. Need to login to get information or apply for a course. Need provisioning of services such as logging into University PCs, access to wireless network, file store, email, specialist software packages, etc. Would like to provide an email for life service for all alumni - most likely in the form of someone@alumni.kent.ac.uk. This would facilitate lifelong communication with alumni and maintain a bond that may lead to further income opportunities either through postgraduate education or through fund raising. Need services during their work life and may want to keep their Kent account after leaving Concerned about provisioning employees and removing rights when contracts finish. Need to avoid staff masquerading as Kent staff once they leave. Conference delegates and other visitors also require wireless network access and other services for short periods of time. Need to understand the policies and be able to provision users appropriately at each LOA. Dissemination Approach 30. The project will provide several dissemination activities such as presentations at JISC programme meetings and relevant conferences such as the Terena Networking Conference. Dissemination activities within IS and amongst stakeholders at the University of Kent will include presentations of findings and demonstrations of proposed architecture. Feedback will incorporated into final recommendations to the community. 31. The case studies, policies and recommendations that emerge from the project will be of interest to other Universities and we will therefore maintain a project blog at http://blogs.kent.ac.uk as well as a project website indefinitely. We will encourage ongoing online discussions about the policies proposed and issues raised in this area. The open source software that is created by the project will also be made publicly available. Benefits 32. The quantitative benefits of the Logins for Life project include: Reduced lost password administration costs Improved access controls through policy driven attribute based access controls Well designed and consistent login pages Foundations for an 'email for life' service for alumni Easier access for conference delegates and other University visitors Page 9 of 11 33. The qualitative benefits include: Putting users at the centre of managing their account logins Strengthening links with students (prospective, current and alumni) better student and employee relationships Improved user experience Adopting and helping to establish best practises Knowledge transfer between School of Computer Science and the IS Department Previous experience of the project team 34. John Sotillo BSc, MBA is Director of Information Services. Previously he worked in a variety of technical and senior management IT roles including Depute Director of Computing Services for 5 years and Business System manager for 4 years at Napier University, Edinburgh. In 2002 he joined Kent and is actively involved in a number of regional projects including the establishment of the University of Kent at Medway in collaboration with the University of Greenwich, Canterbury Christ Church University and Mid Kent college, the Kentish MAN group where he sits on the Kentish MAN Ltd executive, the Kent New Technology Institute, where he chairs the technical committee and the JISC funded Regional Support Centre - South East, where he line manages the RSC manager and sits on the Co-ordination and Steering groups. 35. Professor David Chadwick is the leader of the Information Systems Security Research Group (ISSRG) at the University of Kent. He has written over 120 books, chapters, journal and conference papers, mostly about security, and the latest of these can be downloaded from http://www.cs.kent.ac.uk/people/staff/dwc8/pubs.html. He has been the principal investigator in over 25 research grants from a variety of sources including the EPSRC and the EC. He has participated in 11 previous JISC funded security projects including DyVOSE, DyCOM, FAME-PERMIS and Shintau which have been the one of the first in the world to demonstrate dynamic delegation of authority, the use of LOAs to grant access and account linking for attribute aggregation. The results of these have been widely demonstrated and made available to the global community as open source software under the BSD licence. Professor Chadwick is still the BSI lead representative to ISO/ITU-T X.500 standards meetings which includes X.509 PKIs and PMIs – the basic technologies used in Internet security. He is the co-author of the OGF Authorisation specifications, and several Internet drafts and RFCs. 36. Peter Riley BSc, PhD is the Technical Services Manager for the Computing Service and is currently responsible for the development and operation of the University’s networks and IT systems having over 20 years experience in network and systems development and service provision. He has been involved in a number of regional projects including the establishment of the Kentish MAN, the development of services for the KNTI, the KPLPP and the development of ICT services at the new Universities at Medway campus. 37. Bonnie Ferguson BSc, MA, MSc, is a Senior Web Developer at Kent, having joined the University in May 2005 as a Computing Officer. Previously, she worked as an Analyst Programmer in both the commercial and public sector for 4 years, working with technologies such as Java, Struts, Sybase PowerBuilder, ASP and Apache Tomcat. She was an IT Administrator and Trainer for 5 years and managed an IT Helpdesk for much of this time. Since joining the University, she has been involved with several JISC funded projects including the KPLPP, KUSP and BCAD projects, working with Page 10 of 11 Shibboleth, uPortal, PETAL ePortfolio, MySQL, Apache Tomcat and Apache HTTP Server. She is also a certified Prince2 Practitioner. 38. Stijn Lievens, BSc, MSc, PhD is currently a senior research associate at the University of Kent where he is the team leader of the Information Systems Security Research Group. After receiving his master’s degree in Applied Mathematics in 1998, Stijn obtained his PhD in Mathematics from Ghent University (Belgium) in 2003. In 2004 he obtained a master’s degree in Computer Science, with the greatest distinction also from Ghent University. All his mathematics research involved substantial amounts of computational work. Furthermore, the Java code for his computer science master’s thesis is part of the open source project WEKA . During his ‘mathematics’ career, Stijn has published 18 articles in journals included in the Web of Science. Stijn is now responsible for overseeing the design and implementation of an advanced authorisation infrastructure that supports multiple policies, obligations, and attribute aggregation. 39. George Inman, received a BSc (hons) in Computer Science from the University of Kent in 2006 where he is currently employed as a RA and enrolled for a research PhD in Identity Management and Attribute Aggregation for Authorisation under the supervision of Prof Chadwick. As an RA he has been involved with the maintenance and improvement of various elements of the open source PERMIS RBAC software and in designing and implementing attribute aggregation and account linking in the Shintau project. He is currently researching methods for the secure aggregation of authorisation attributes in Information Cards. 40. Vacancy - to be recruited. Page 11 of 11
© Copyright 2024