Title: Conception of Educational Resources Organization and Access Management for Virtual University
1Conception of Educational Resources Organization
and Access Management for Virtual University
Ukrainian Institute for Information
Technologies in Education (UIITE) Technical
University of Ukraine Kyiv Polytechnic
Institute (NTUUKPI)
http//udec.ntu-kpi.kiev.ua e-mail
vv_at_udec.ntu-kpi.kiev.ua
Authors Vyacheslav Valuisky Inna
Malyukova Michael Goncharenko
2Report Activities
- Modern University educational resources
organization and an access management - Analysis of worldwide activities, principal
directions - Concept of software model for
- intra-university and inter-universities
education support.
3Report Main Tasks
- To analyze a main set of web-oriented virtual
services which need to be accessible for modern
(virtual) university students and staff. - To analyze and to determine principal points in
line - to design of virtual university software
architecture. - To analyze progressive worldwide solutions for
above items. - To make recommendations.
4Modern University Educational Resources
Organization (typical)
Virtual Laboratories
Virtual Knowledge Centers
Digital Libraries
Research Projects
Educational Projects
Internet
Web Content Management System
Full Screen Video Conferences
Computer Testing System
Distance Course SCORM format
E-Learning Platforms
Authoring Tools
Off-Line Client
Technical University of Delft (Netherlands)
5Principal Points in Line to Design of Virtual
University Software Architecture.
- A Single Sign-On authentication via Web for every
user to all distributed restricted educational
resources. - Web authorization for every user to access all
distributed restricted educational resources.
6Definitions
- Authentication a registration of user for an
access to resource as usually with login and
password or other identifiers smart-cards,
certificates, etc. - Authorization assignment of different rights
for every user to access a resource (i.e.
student, tutor, administrator, etc.)
7Why these Principal Points are Selected
- - Individual authentication and authorization
for an every educational - resource
- requires
- -a lot of different logins and passwords for
every user - -a lot of logins and passwords for all
users - -administrators complicated support
- -a lot of repositories
- creates problems
- -with inter-institutional and
intra-institutional access to educational
resources - -with development of e-learning using
inter-institutional links - -with a virtual university organization
8What well get
- -a single login and password for user to access
all educational resources - -easy inter-institutional and intra-institutional
access to resources - -transparent organization of e-learning using
inter-institutional links
9Internet2IBM ProjectShibboleth WebISO model
Open Source software oriented
Shibboleth is a web-based inter-institutional
Single Sign-On (SSO) authentication and
attribute exchange mechanismfor an access to
educational resources. WebISO is a web-based
intra-institutional SSO authentication for an
access to educational resources
Shibboleth joints 262 Universities in the U.S.A.
A-Select (compatible with Shibboleth) has 150,000
users in higher education of the Netherlands in
2005
currently
http//shibboleth.internet2.edu/
http//middleware.internet2.edu/ http//www.a-sel
ect.org http//www.projectliberty.org/
Liberty joints 150 global organizations
10A-Select
- A-Select uses as a standard authentication
platform in the Netherlands. There is designed
initially as a commercial product. From 2004
A-Select is open source. - Compatible with Shibboleth.
- There are three product lines
- A-Select Basis (a continuation of the
current implementation) - A-Select Components (additional
functionality such as attribute acquisition and
authorisation) - A-Select Next Generation (NG) - research
and development of the new A-Select platform.
11Yesterday without Shibboleth
Yesterday - without Shibboleth
Disadvantages
-individual authentication and authorization
for every educational resource -a lot of
logins and passwords -problems with
inter- institutional access to resources -proble
ms with organization of e-learning
using inter-institutional links
e-Learning
University A
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
12Intra-University Educational Resources
Organization (WebISO model)
Web Login Server
Users Database LDAP
Web Application Server 1
WebISO Agent
Web Application Server 2
WebISO Agent
User
Web Application Server N
WebISO Agent
SSO WebISO authentication
SSO Single Sign-On
13WebISO Model Intra-Institutional Connection
WebISO aware Application
Web-based Application
Web-Application Agent
User
Web-Server (Apache, IIS)
SSO
Database user (LDAP)
Request to Access Web Application
WebISO Credential
0
1
Web Application
Login Service
Web Application Server 1
WebISO Credential
Web Application Server 2
Web Login Server
Single Sign-On
SSO
14 WebISO Related Software
Open Source software oriented
- Pubcookie from the Pubcookie Team
(http//www.pubcookie.org/) - Central Authentication Service (CAS)
- from Yale University (http//www.yale.edu/tp/
auth/) - WebAuth from Duke University (https//webauth.duke
.edu/) - Campus-Wide Login (CWL) from University of
British Columbia (http//www.cwl.ubc.ca/) - Bluestem from University of Illinois
- (https//www-s.uiuc.edu/bluestem/notes/overvi
ew.html) - Brown Web-Authentication from Brown University
(http//www.brown.edu/Facilities/CIS/Network_Servi
ces/web-auth/) - Stanford WebAuth (http//webauthv3.stanford.edu/)
15Shibboleth Getting Attributesand Determining
Access
Shibboleth Protected
Shibboleth Protected
Shibboleth Indexical Reference Establisher
Shibboleth Attribute Requestor
5 Attribute Query Message 6 Attribute
Response Message
16Shibboleth Authorization
Shibboleth Protected Resource Provider
University
User
User (Attempt to Access)
Shared Resource
Attribute Authority
HTTP Server
AQM (Attribute Query Message)
Attribute Release Policy
Manages Users Attributes
Other Shibboleth Components
ARM (Attribute Response Message)
SHAR (Shibboleth Attribute Requestor)
LDAP (LightWeight Directory Access Protocol)
University Users Database
17Yesterday without Shibboleth
Yesterday - without Shibboleth
Disadvantages
-individual authentication and authorization
for every educational resource -a lot of
logins and passwords -problems with
inter- institutional access to resources -proble
ms with organization of e-learning
using inter-institutional links
e-Learning
University A
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
18Currently with Shibboleth
Currently - with Shibboleth
Advantages
e-Learning
University A
-Single Sign-On authentication for every
educational resource -a single login
and password for user -easy inter- institutional
access to resources -transparent
organization of e-learning using inter-instituti
onal links
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Shibboleth Federation
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
19Shibboleth Federation(definition)
- Shibboleth federation - is a group of
organizations (universities, corporations,
content providers, etc.) who agree to exchange
attributes using the Shibboleth protocols. - As a rule, it has links to SSO and AA (Attribute
Authority) of registered organizations.
20 Shibboleth Federations
Currently
2005 status 7 univer, 1 polytech, 58,000
logins 2006 status 12 univer., 15 polytech.
- Haka, Finland (http//en.wikipedia.org/wiki/Finlan
d) - InCommon, U.S.A. (http//www.incommonfederation.or
g/ ) - InQueue, world-wide (http//inqueue.internet2.edu/
) - SDSS, UK (http//sdss.ac.uk/ )
- SWITCHHaai, Switzerland (http//shibboleth.interne
t2.edu/ )
262 universities
For testing Shibboleth
11 universities
21 Shibboleth Federations(examples)
- InCommon, U.S.A. http//www.incommonfederation.org
/ - operates on a cost-recovery basis with fees
reviewed annually. - Fees are a one time Participant Application
Fee of 700. An annual fee of 1000 will be
charged for the basic Sponsored Partner system
package. - InQueue, world-wide (http//inqueue.internet2.edu/
) - for testing Shibboleth installation and for
learning how Shibboleth works (free access)
22 Shibboleth Related Software
JSTOR Moodle (E-Learning Platform) Napster NSDL
OCLC OLAT (E-Learning Platform) Ovid
Technologies Inc. Proquest Information and
Learning Serials Solutions SYMPA Thomson Gale
TWiki Useful Utilities - EZproxy Web Assign
WebCT (E-Learning Platform)
ArtSTOR Blackboard (E-Learning
Platform) Bodington.org (E-Learning Platform) CSA
Darwin Streaming Server Digitalbrain PLC
(E-Learning Platform) eAcademy EBSCO Publishing
Elsevier ScienceDirect ExLibris - SFX Fedora
(Web Content Management System) Higher Markets
Hupnet ILIAS (E-Learning Platform)
OS
OS
OS
OS
OS
OS
OS
OS
OS
OS
-open source
23Shibboleth with commerciale-learning platforms
- WebCT company supports Shibboleth for e-learning
platforms WebCT Vista and WebCT CE using
special shibboleth adapters - BlackBoard company supports Shibboleth for
e-learning platform Blackboard using special
Blackboard Building Block
24Shibboleth with open sourcee-learning platforms
- OLAT (On Line Learning And Training) supports
Shibboleth completely - http//www.olat.unizh.ch (University of
Zurich, Swiss) - Moodle currently supports Shibboleth
authentication. A support of Shibboleth
authorization is planned in the future - (http//moodle.org)
25Shibboleth inside a separate University
Shibboleth Origin (ShibIdP)
User
As usually located in ShibIdP
Where are You From? may be located anywhere
WAYF
1
0
SSO
SSO (WebISO)
Restricted Web Resource Shibboleth Target (ShibSP)
26Shibboleth Federation(local activities)
- URAN (Ukrainian Research and Academic Network)
- is established and operates under NTUUKPI
leadership, - may be selected as local Shibboleth Federation
is established, 1998
Joints Basic Ukrainian Universities
URAN
Funded by NATO Grants-USD.300,000
Provides high speed Internet access
GEANT connected
27URAN Regional Nodes
- TU Kiev Polytechnic Institute
- TU Kharkov Polytechnic Institute
- Dnipropetrovsk Mine University
- TU Lvivska Polytechnika
- Odessa Mechnikov University
- TU Donetsk
- TU Zaporizhzhia
- Institute for Biology of South Seas of NAS,
Sevastopol
URAN Operators
28New structure of NOC URAN in Kiev
Internet channel 3,5
Mbps
Kiev Central Node
Cisco 7206 VXR
Ministry of Education and Science
Ukraine Exchange
point IX-UA
KARnet
To RC and RN
155Mbps
64-2048 Kbps
network
MES local network
Cisco 7206
E1 2048
TDM digital network
1 GB
100MB
ATM digital network
CEF fiber optic line 100/1000 MB
NTUU "KPI" node and control centre
SWR AT8664
1MB
To Kiev
users 64-2048
512??i?/?
Kbps
1000MB
Local network
1 GB
Aviation University
SWR WGSW 2620
NTUU "KPI local network
Kiev cybernetic node
ICITS,
Cisco 2612
40 Glushkova
100/1000 MB
Pedagogical University
100/1000 MB
State Management Academy
Economic University
Medical University
Architecture University
29Shibboleth Support (local activities)
- UIITE (Ukrainian Institute for Information
Technologies in Education) - of NTUUKPI
- may be selected for Shibboleth support
9 International Projects Including
UNESCO Project CEEVU Central and
Eastern European University
UIITE
is established, 2000
uses e-learning platforms -IBM Lotus
LearningSpace Forum, -IBM Lotus LearningSpace
5.01, -Simurg, Experiences with e-learning
platforms -Moodle, -Atutor, Olat
more than -180 distance courses are developed
-2,000 Ukrainian specialists are trained,
retrained and certified in distance learning more
than 40 local organizations -5 Research
laboratories are opened -40 agreements are
signed with Ukrainian Educational
organizations -10 full screen videoconferences
via Internet with local and International
universities are provided including conference
with Kennedy Space Center in the U.S.A.
Full Screen Video Conferencing
30UIITE Local Activities
- Participation in development of Ukrainian
Conception of Distance Learning - Project of National Program of Distance Learning
(2002-2004) - the National Project of distance learning for
secondary schools - Pilot Project Bachelor for NTUUKPI (complete
support of bachelor degree for one faculty of
NTUUKPI using distance learning technologies)
- the National Project Preparation and Development
of Human Potential in IT (IT Association and
Universities) - Project Development of a Strategy of Information
Society - (Ukrainian Federation of Informatics)
- State Program Information and Communication
Technologies in Education and Science - Pilot Project Information and Communication
Technologies in Education in within one district - Project Virtual School
31What we done practically
- Shibboleth software (Identity Provider, Service
Provider, Pub-Cookies) is installed and
completely debugged for testing purposes at
UIITE - Registration in InQueue World-wide Shibboleth
Federation was done for UIITE and experiences
with Shibboleth under InQueue support are started.
32What we plan
- To start experiences with completely shibbolized
e-learning platform OLAT - To use UIITE LDAP repository for experiences with
Shibboleth - To create a local Shibboleth Federation for test
purposes on a base of UIITE - To learn possibilities of Netherlands National
system A-Select at Delft Technical University
during a visit to Delft from Feb.18 through March
05, 2006.
33Conclusion
- Shibboleth (Internet2IBM) project may be
recommended as a basic for development of virtual
university architecture or any other distributed
web-oriented educational organization - Shibboleth allows to use web-based Single Sign-On
(SSO) for Inter-Institutional and
Intra-Institutional access to educational
resources and facilitates all procedures for
modern education support - Shibboleth is supported by modern commercial
e-learning platforms - Shibboleth is oriented for using of open source
software - Shibboleth allows to use different types of
distributed architectures for web-oriented
learning - Shibboleth is most progressive technology in line
to education support in modern university or any
virtual university.
34List of publications
- Shibboleth, Internet2-mace-shibboleth-introduction
-200404.pdf, URL http//sibboleth.internet2.edu. - Shibboleth, Internet2-mace-shibboleth-advantage-20
0309.pdf, URL http//sibboleth.internet2.edu. - Shibboleth Architecture. Technical Overview,
Draft-mace-shibboleth-tech-overview-latest.pdf,
URL http//shibboleth.internet2.edu. - Shibboleth-Architecture DRAFT v05,
draft-internet2-shibboleth-architecture-05.html,
URL http//shibboleth.internet2.edu. - Shibboleth Documentation, http//sibboleth.interne
t2.edu. - Shibboleth Target Deployment Guide, Shibboleth
Version 1.2May 10, 2004 URL http//sibboleth.int
ernet2.edu. - Shibboleth Target Deployment Guide, Shibboleth
Version 1.1December 3, 2003, URL
http//sibboleth.internet2.edu. - Shibboleth Target Deployment Guide, Shibboleth
Version 1.2.1November 15, 2004, URL
http//sibboleth.internet2.edu. - Shibboleth Origin Deployment Guide, Version
1.2.1, November 15, 2004, URL http//sibboleth.in
ternet2.edu. - Shibboleth Origin Deployment Guide, Version 1.2,
July 2, 2004, URL http//sibboleth.internet2.edu.
- Patrik Schnellmann, Valery Tschopp, Lukas
Haemmerle. Install Shibboleth 1.3 Identity
Provider on Debian 3.1 (sarge), Tomcat only with
CAS SSO, URL http//www.switch.ch/aai/docs/shibb
oleth/SWITCH/1.3/idp/install-idp-1.3-debian.html,
pp.18, 2006. - Ken Klingenstein. Internet2 Shibboleth Project.
TERENA Networking Conference 2002, Limerick,
Ireland, pp.43. - Kathryn Huxtable. Identity Management
Infrastructure at The University of Kansas, 11
March 2005, AIMStalk.ppt. - James Burger. Shibboleth for Middle Schools,
NSDL, 20040901-ms_shib_presentation.ppt. - Vyacheslav Valuisky. "Platforms of Distance
Learning Support. The Analysis and the
Compatibility". Journal of Multimedia Aided
Education Research, 2005, vol.2, No.1,
pp.103-111, Japan, Institute of Multimedia
Education, 2-12, Wakaba, Mihama-ku, Chiba-Chi
261-0014, Japan.