ShibboLEAP: How to get lots of Shibboleth users, cheap

1
ShibboLEAP How to get lots of Shibboleth users,
cheap!

• John PaschoudLSE LibraryShibboLEAP Project
  Manager

2
JISC Core MiddlewareTimescale
Timescales of Athens contract, development and
Core Middleware Development Infrastructure
3
Infrastructure-building

• Establishing a UK Shibboleth infrastructure
• April 2004 to March 2007
• Main work areas
• Making national data services Shib compliant
• Creating a service to assist early adopters
  (MATU)
• Establishing a national UK federation (Sparta)
• Now drafting policies
• Liaising with suppliers
• publishers, subscription agents, library systems
  vendors etc
• Funding for organisations willing to be early
  Shibboleth adopters
• 10 institutional projects underway, plus the
  ShibboLEAP consortium of 7 in London
• New Call funding a second round of projects which
  should start by Jan 2006

4
Early adopters (1)

• Leeds (GILEAD)
• Will make Shibboleth their strategic solution to
  access management across the university
• Nottingham (Local origin implementation)
• Using Eduserv implementation of Shibboleth IdP to
  access local/remote resources using local
  e-directory
• Nottingham Trent (East Midlands deployment)
• Investigate, prototype and deploy centrally
  hosted service for East Midlands institutions
• UK Data Archive (SAFARI)
• Make three UK DA resources Shibboleth SPs
• Embed in the Data Archive one-stop registration
  service
• Newcastle (SAPIR)
• Develop Shibboleth as AM solution for
  library-mediated resources services

5
Early adopters (2)

• Bristol (Metalib Shibboleth integration)
• Integrate Metalib and SFX link server as Shib SPs
• Project output offered to 26 Metalib institutions
  29 SFX institutions
• Liverpool (LSIP)
• Implement Shibboleth IdP on existing Novell
  e-directory
• Cardiff (multiple resources including NHS)
• Test applicability of Shibboleth to a range of
  resources including e-Science Applications
  Secure NHS Resources
• Exeter (Project SWISh)
• Shibboleth pilot service covering Exeter
  University, Peninsula Medical School, Peninsula
  Allied Health Collaboration Combined
  Universities in Cornwall
• St Georges Hospital Med Sch (ADAMS)
• Implement Shibboleth for JISC project teaching
  resources used nationally by HE and FE

6
The ShibboLEAP Project

• April 05 April 06 approx 250K (380K) JISC
  funding as Early Adopters of Shibboleth
• (no acronym just a badly-chosen email
  subject-line that stuck)
• 6 other University of London Colleges, assisted
  by LSE with technical expertise project
  management
• Already associated because they wanted to
  participate in the (national) SHERPA pilot of
  Eprints as institutional repository
• (LEAP London Eprints Access Project)

7
ShibboLEAP partners

• The SHERPA-LEAP consortium
• Birkbeck College
• Imperial College
• Kings College London
• London School of Economics Political Science
• Royal Holloway College
• School of Oriental African Studies
• University College London
• a diverse collection of University of London
  colleges, some rather well-known
• but quite a useful lot to get the UK Shibboleth
  ball rolling!
• Total population of LSE 10,000
• Total population of consortium 150,000

8
Role-based access in open archives

• (Open as in OAI - based on Eprints or another
  harvestable repository server like DSpace, etc)
• Who is permitted to do what
• deposit papers (your own academics)
• add edit metadata (library staff who know what
  metadata is)
• authorise publication (1 or 2 administrators)
• Some (at least) of these roles should be
  derivable from existing directory attributes

9
Project objectives

• Enable full Shib IdP for all users at each of the
  7 partners
• Using their existing directory other
  infrastructure services where possible
• whatever they are (THE TRICKY BIT!)
• Producing a documented production process for
  Shib implementation by others
• Enable Eprints software as a Shib SP
• As fully as possible (see later) within the
  project budget timescale
• Contributed back to OSS development of Eprints

10
Minimising risks

• Not many immediate end users to involve
• So delays due to problems with instl
  infrastructure need not hold up testing of
  Shibbed access to Eprints
• Only one physical Eprints server (disguised as
  seven hosted by UCL)
• So only one development environment to setup
• Suitably vague commitment to how far its good to
  Shibbolise the Eprints software

11
Project management

• Like herding cats???
• Regular Library and IT service staff involved at
  each site
• High-level buy-in (service director(s))
• all have lunch together regularly
• Focussed Project Management Board governance
• Defined tasks for each planned meeting
  throughout project

12
Key milestones
13
Shibbing Eprints

• AuthN (easy!)
• to eliminate yet-another-password for users
• AuthZ
• How deeply embedded in code is the permissions
  structure?
• How much of this can we (do we want to) represent
  as generic attributes in an institutional ED?
  (probably LibStaff, AcStaff)
• so some will (probably) remain internal
• Anyway, we must do this as install-time options,
  to feed-back into Eprints open source main stream

14
Shibbing Eprints ( many other applications?)
In shibboleth.xml (SP config) ltSessions
..handlerURLeprints.soas.ac.ukgt
ltSessionInitiator .. wayfURLhttps//shibIdP.soa
s.ac.uk/Shibboleth/HSgt (repeated for each
institution-specific server, to eliminate WAYF
step for end-users)
15
Synergies with other projects

• PERSEUS develops support resources for Shib
• SL partners can beta-test before wider release
• SL partners reveal broader requirements for Shib,
  federation policies, etc
• PERSEUS can adjust development to be less
  specific to LSE or single subject domain
• PERSEUS invests in deep understanding of AM
  issues
• SL structure (high-level involvement) helps
  discussion, understanding, awareness to widen

16
Who will benefit?

• Institutions which use Eprints as OAI
• 161? www.eprints.org
• The 6 partner colleges
• which, like LSE, can avoid Athens user
  administration sooner (Sep-06, maybe?)
• Other institutions
• which can use this as a model for production-line
  implementation of Shib IdPs
• The Middleware Assisted Take-Up service
• with which weve promised to share
  work-in-progress

17
Questions?

• JISC Core Middleware Infrastructure
  programmewww.jisc.ac.uk/index.cfm?nameprogramme
  _cminfrastructure
• ShibboLEAP Projectwww.angel.ac.uk/ShibboLEAP
• j.paschoud_at_LSE.ac.uk