3. We’ll have a look at…
•UK Access Management Federation
•Assent
•Eduroam
•Liberate
•Certificate Service
•Domain Registry
•Student Voter Registration
•In development:
-Managed Federation Service
3
(Next talk!)
4. UK Access Management Federation
•Web Single Sign-On federation,
using SAML
•1,161 member organisations; 2,414
entities
•Research and Education: 100% HE,
~80% FE, and representation from
schools, government, public
libraries, NHS
• Federation to solve problem of N2
interactions*
* some conditions apply
4
7. UK Access Management Federation
•Interfederation through eduGAIN
allows interoperability with thousands
more entities from 60 other
participating federations (+13 more in
process)
•UK federation, including eduGAIN
entities:
-5,988 entities
7
Interfederation
10. UK Access Management Federation
•Roughly
• 71% Shibboleth
• 13% OpenAthens
• 4% simpleSAMLphp
• 12% “other”
• Shibboleth
- Jisc is a principal member, and the operator, of the Shibboleth Consortium
- If you’re not running v3 (IdP & SP) yet, you REALLY need to be
•OpenAthens
- OpenAthens LA is EOL end 2019. Talk to OpenAthens about
moving to their new platform
10
Deployment
11. UK Access Management Federation
•Central Discovery Service
-Around 4m flows/month.
-Planning on removing WAYF support at some point. At this point,
it’s been deprecated for years. Make sure your links are using DS.
-Following RA21 and aiming to help promote its recommendations.
11
Service Updates
12. UK Access Management Federation
•Traditional MD distribution is regular
syncing of the MD aggregate –
currently 45MB
•MDQ is just-in-time fetching of bits of
metadata instead
•FAR lower resource requirements for
software
- Shib IdP uses far less memory
- Shib SP will startup far faster
•Move to it now!
12
Service Updates
13. UK Access Management Federation
13
Self-service management portal – coming later this year!
14. Jisc Certificate Service
• Provide SSL certs at significant discount
• 723 customers
• Including HE, FE, Research, LAs, RBCs, others.
• 110,472 certs issued in total
- 12,963 (12%) – EV (39% in 2018)
- 68,899 – OV
- 2071 – Wildcard
- 247 – S/MIME
- 26,292 – DV (not supported any more)
• Re-procuring in 2020
• Will be polling community, and running
requirements gathering sessions, later this year
1
4
15. Domain Registry Service
•Jisc is the domain registrar for
- .ac.uk
- .gov.uk
- .gov.scot
- .gov.wales llyw.cymru
•Every single Jisc customer has active domains
- 5,429 .ac.uk
- 3,084 .gov.uk
1
5
16. ISO 27001
•The following T&I related
services are included in Jisc’s
ISO 27001 scope:
- UK Access Management
Federation
- eduroam / govroam
- Assent
- DRS
- Certificate Service
• Will be adding SVR to the list
1
6