The document discusses authentication and access to online resources from mobile devices within universities. It notes challenges around securely authenticating users and controlling access across different systems and networks. The document proposes a single sign-on model using OpenAthens as an identity provider to authenticate users through their university credentials. This would provide a consistent user experience while giving institutions more control over security and the ability to determine user roles and access levels based on identity attributes. The model aims to streamline access to institutional resources from any device while maintaining security.

1. Wayfs and Strays
Jonathan Richardson
Assistant CIS Director
University of East Anglia

2. Privacy and Electronic Mobile access
Communications Instant messaging
Data Protection Network mobility
Freedom of
Information
Higher Fees
Value for money iTunes
Commercial value of Amazon
research eBay
Reputation Pay per view

3. Physical Flexible access
Network
Wireless
Distance
Learning
within our
walls!
Public/3G

4. How do I authenticate?
Athens
Shibboleth Proxy
?
Virtual
IP Private
Network

5. Do I Care?

6. Identifying Security Risk
< Physical --- Mobile >
Device Security
Network Security

7. Identifying Security Risk
OpenID on
mobile device
Low cost
Device Security
High cost
Institution ID on
Corporate PC
Network Security

8. What do you produce?
Data
-£ Data
Consumer
Publisher +£

9. Things to consider
If you will Do you want
release data to track users
under FOI why or secure
lock it down? access?
Are your
systems a
barrier to wider
use?

10. How does it play out with us…
UEA Climatic Research Unit, York data
loss, Google email hack, etc have focused
UEA on the security of its systems.
UEA is a target for hackers and phishing
attacks (and FOI requests!)
Authentication and role based access from
mobile devices needs addressing.
Need to provide means to place our
content in the users space
Need to develop a seamless, flexible and
consistent authentication environment.
Need a faster way of delivering value
November 10, 2011

11. IDM Our Model
HR
OpenAthens IdP UEA Active Directory
WEB
Always Authenticated UEA Alumni
VLE
Single Sign On Route UEA CRM
Finance Contacts
UEA Research
Library Partners
OpenId
Digital
Repository OpenAthens SP
UK Fed, etc
External
Journals
Authorisation to resources is based on:
Identity of the user
Level of confidence in the authentication source
Level of confidence in the users device
User role based attributes (staff/student/grade etc)

12. Access publisher resources
User provides identity information
Single Identity
Institution acts to validate id
provider
Pass identity attributes
Check identity trust level
Check device trust level
Map and link external id’s
Access Institutional resources
•The institution has more control over security
•The service provider has more certainty over the credentials of its users
•The user has a seamless experience

14. Rapid Delivery of Mobile Apps

15. Rapid Delivery of Feeds

16. Why does it matter to you?
• What is the value of the data you hold?
• How much reputation have you to lose?
• Who has access to your usernames and passwords?
• Are you compliant with licence agreements?
• Are you and your users getting the most from your
investment? (or are others taking advantage of it!)

17. Any Questions?