Conception of Educational Resources Organization and Access Management for Virtual University

1
Conception of Educational Resources Organization
and Access Management for Virtual University
Ukrainian Institute for Information
Technologies in Education (UIITE) Technical
University of Ukraine Kyiv Polytechnic
Institute (NTUUKPI)
http//udec.ntu-kpi.kiev.ua e-mail
vv_at_udec.ntu-kpi.kiev.ua
Authors Vyacheslav Valuisky Inna
Malyukova Michael Goncharenko
2
Report Activities

• Modern University educational resources
  organization and an access management
• Analysis of worldwide activities, principal
  directions
• Concept of software model for
• intra-university and inter-universities
  education support.

3
Report Main Tasks

• To analyze a main set of web-oriented virtual
  services which need to be accessible for modern
  (virtual) university students and staff.
• To analyze and to determine principal points in
  line
• to design of virtual university software
  architecture.
• To analyze progressive worldwide solutions for
  above items.
• To make recommendations.

4
Modern University Educational Resources
Organization (typical)
Virtual Laboratories
Virtual Knowledge Centers
Digital Libraries
Research Projects
Educational Projects
Internet
Web Content Management System
Full Screen Video Conferences
Computer Testing System
Distance Course SCORM format
E-Learning Platforms
Authoring Tools
Off-Line Client
Technical University of Delft (Netherlands)
5
Principal Points in Line to Design of Virtual
University Software Architecture.

• A Single Sign-On authentication via Web for every
  user to all distributed restricted educational
  resources.
• Web authorization for every user to access all
  distributed restricted educational resources.

6
Definitions

• Authentication a registration of user for an
  access to resource as usually with login and
  password or other identifiers smart-cards,
  certificates, etc.
• Authorization assignment of different rights
  for every user to access a resource (i.e.
  student, tutor, administrator, etc.)

7
Why these Principal Points are Selected

• - Individual authentication and authorization
  for an every educational
• resource
• requires
• -a lot of different logins and passwords for
  every user
• -a lot of logins and passwords for all
  users
• -administrators complicated support
• -a lot of repositories
• creates problems
• -with inter-institutional and
  intra-institutional access to educational
  resources
• -with development of e-learning using
  inter-institutional links
• -with a virtual university organization

8
What well get

• -a single login and password for user to access
  all educational resources
• -easy inter-institutional and intra-institutional
  access to resources
• -transparent organization of e-learning using
  inter-institutional links

9
Internet2IBM ProjectShibboleth WebISO model
Open Source software oriented
Shibboleth is a web-based inter-institutional
Single Sign-On (SSO) authentication and
attribute exchange mechanismfor an access to
educational resources. WebISO is a web-based
intra-institutional SSO authentication for an
access to educational resources
Shibboleth joints 262 Universities in the U.S.A.
A-Select (compatible with Shibboleth) has 150,000
users in higher education of the Netherlands in
2005
currently
http//shibboleth.internet2.edu/
http//middleware.internet2.edu/ http//www.a-sel
ect.org http//www.projectliberty.org/
Liberty joints 150 global organizations
10
A-Select

• A-Select uses as a standard authentication
  platform in the Netherlands. There is designed
  initially as a commercial product. From 2004
  A-Select is open source.
• Compatible with Shibboleth.
• There are three product lines
• A-Select Basis (a continuation of the
  current implementation)
• A-Select Components (additional
  functionality such as attribute acquisition and
  authorisation)
• A-Select Next Generation (NG) - research
  and development of the new A-Select platform.

11
Yesterday without Shibboleth
Yesterday - without Shibboleth
Disadvantages
-individual authentication and authorization
for every educational resource -a lot of
logins and passwords -problems with
inter- institutional access to resources -proble
ms with organization of e-learning
using inter-institutional links
e-Learning
University A
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
12
Intra-University Educational Resources
Organization (WebISO model)
Web Login Server
Users Database LDAP
Web Application Server 1
WebISO Agent
Web Application Server 2
WebISO Agent
User


Web Application Server N
WebISO Agent
SSO WebISO authentication
SSO Single Sign-On
13
WebISO Model Intra-Institutional Connection
WebISO aware Application
Web-based Application
Web-Application Agent
User
Web-Server (Apache, IIS)
SSO
Database user (LDAP)
Request to Access Web Application
WebISO Credential
0
1
Web Application
Login Service
Web Application Server 1
WebISO Credential
Web Application Server 2
Web Login Server
Single Sign-On
SSO
14
WebISO Related Software
Open Source software oriented

• Pubcookie from the Pubcookie Team
  (http//www.pubcookie.org/)
• Central Authentication Service (CAS)
• from Yale University (http//www.yale.edu/tp/
  auth/)
• WebAuth from Duke University (https//webauth.duke
  .edu/)
• Campus-Wide Login (CWL) from University of
  British Columbia (http//www.cwl.ubc.ca/)
• Bluestem from University of Illinois
• (https//www-s.uiuc.edu/bluestem/notes/overvi
  ew.html)
• Brown Web-Authentication from Brown University
  (http//www.brown.edu/Facilities/CIS/Network_Servi
  ces/web-auth/)
• Stanford WebAuth (http//webauthv3.stanford.edu/)

15
Shibboleth Getting Attributesand Determining
Access
Shibboleth Protected
Shibboleth Protected
Shibboleth Indexical Reference Establisher
Shibboleth Attribute Requestor
5 Attribute Query Message 6 Attribute
Response Message
16
Shibboleth Authorization
Shibboleth Protected Resource Provider
University
User
User (Attempt to Access)
Shared Resource
Attribute Authority
HTTP Server
AQM (Attribute Query Message)
Attribute Release Policy
Manages Users Attributes
Other Shibboleth Components
ARM (Attribute Response Message)
SHAR (Shibboleth Attribute Requestor)
LDAP (LightWeight Directory Access Protocol)
University Users Database
17
Yesterday without Shibboleth
Yesterday - without Shibboleth
Disadvantages
-individual authentication and authorization
for every educational resource -a lot of
logins and passwords -problems with
inter- institutional access to resources -proble
ms with organization of e-learning
using inter-institutional links
e-Learning
University A
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
18
Currently with Shibboleth
Currently - with Shibboleth
Advantages
e-Learning
University A
-Single Sign-On authentication for every
educational resource -a single login
and password for user -easy inter- institutional
access to resources -transparent
organization of e-learning using inter-instituti
onal links
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Shibboleth Federation
e-Learning
University B
Virtual Labs
Virtual Knowledge Centers
Digital Libraries
Authentication
Authorization
Educational Resource
19
Shibboleth Federation(definition)

• Shibboleth federation - is a group of
  organizations (universities, corporations,
  content providers, etc.) who agree to exchange
  attributes using the Shibboleth protocols.
• As a rule, it has links to SSO and AA (Attribute
  Authority) of registered organizations.

20
Shibboleth Federations
Currently
2005 status 7 univer, 1 polytech, 58,000
logins 2006 status 12 univer., 15 polytech.

• Haka, Finland (http//en.wikipedia.org/wiki/Finlan
  d)
• InCommon, U.S.A. (http//www.incommonfederation.or
  g/ )
• InQueue, world-wide (http//inqueue.internet2.edu/
  )
• SDSS, UK (http//sdss.ac.uk/ )
• SWITCHHaai, Switzerland (http//shibboleth.interne
  t2.edu/ )

262 universities
For testing Shibboleth
11 universities
21
Shibboleth Federations(examples)

• InCommon, U.S.A. http//www.incommonfederation.org
  /
• operates on a cost-recovery basis with fees
  reviewed annually.
• Fees are a one time Participant Application
  Fee of 700. An annual fee of 1000 will be
  charged for the basic Sponsored Partner system
  package.
• InQueue, world-wide (http//inqueue.internet2.edu/
  )
• for testing Shibboleth installation and for
  learning how Shibboleth works (free access)

22
Shibboleth Related Software
JSTOR Moodle (E-Learning Platform) Napster NSDL
OCLC OLAT (E-Learning Platform) Ovid
Technologies Inc. Proquest Information and
Learning Serials Solutions SYMPA Thomson Gale
TWiki Useful Utilities - EZproxy Web Assign
WebCT (E-Learning Platform)
ArtSTOR Blackboard (E-Learning
Platform) Bodington.org (E-Learning Platform) CSA
Darwin Streaming Server Digitalbrain PLC
(E-Learning Platform) eAcademy EBSCO Publishing
Elsevier ScienceDirect ExLibris - SFX Fedora
(Web Content Management System) Higher Markets
Hupnet ILIAS (E-Learning Platform)
OS
OS
OS
OS
OS
OS
OS
OS
OS
OS
-open source
23
Shibboleth with commerciale-learning platforms

• WebCT company supports Shibboleth for e-learning
  platforms WebCT Vista and WebCT CE using
  special shibboleth adapters
• BlackBoard company supports Shibboleth for
  e-learning platform Blackboard using special
  Blackboard Building Block

24
Shibboleth with open sourcee-learning platforms

• OLAT (On Line Learning And Training) supports
  Shibboleth completely
• http//www.olat.unizh.ch (University of
  Zurich, Swiss)
• Moodle currently supports Shibboleth
  authentication. A support of Shibboleth
  authorization is planned in the future
• (http//moodle.org)

25
Shibboleth inside a separate University
Shibboleth Origin (ShibIdP)
User
As usually located in ShibIdP
Where are You From? may be located anywhere
WAYF
1
0
SSO
SSO (WebISO)
Restricted Web Resource Shibboleth Target (ShibSP)
26
Shibboleth Federation(local activities)

• URAN (Ukrainian Research and Academic Network)
• is established and operates under NTUUKPI
  leadership,
• may be selected as local Shibboleth Federation

is established, 1998
Joints Basic Ukrainian Universities
URAN
Funded by NATO Grants-USD.300,000
Provides high speed Internet access
GEANT connected
27
URAN Regional Nodes

• TU Kiev Polytechnic Institute
• TU Kharkov Polytechnic Institute
• Dnipropetrovsk Mine University
• TU Lvivska Polytechnika
• Odessa Mechnikov University
• TU Donetsk
• TU Zaporizhzhia
• Institute for Biology of South Seas of NAS,
  Sevastopol

URAN Operators
28
New structure of NOC URAN in Kiev
Internet channel 3,5
Mbps
Kiev Central Node
Cisco 7206 VXR
Ministry of Education and Science
Ukraine Exchange
point IX-UA
KARnet
To RC and RN
155Mbps
64-2048 Kbps
network
MES local network
Cisco 7206
E1 2048
TDM digital network
1 GB
100MB
ATM digital network
CEF fiber optic line 100/1000 MB
NTUU "KPI" node and control centre
SWR AT8664
1MB
To Kiev
users 64-2048
512??i?/?
Kbps
1000MB
Local network
1 GB
Aviation University
SWR WGSW 2620
NTUU "KPI local network
Kiev cybernetic node
ICITS,
Cisco 2612
40 Glushkova
100/1000 MB
Pedagogical University
100/1000 MB
State Management Academy
Economic University
Medical University
Architecture University
29
Shibboleth Support (local activities)

• UIITE (Ukrainian Institute for Information
  Technologies in Education)
• of NTUUKPI
• may be selected for Shibboleth support

9 International Projects Including
UNESCO Project CEEVU Central and
Eastern European University
UIITE
is established, 2000
uses e-learning platforms -IBM Lotus
LearningSpace Forum, -IBM Lotus LearningSpace
5.01, -Simurg, Experiences with e-learning
platforms -Moodle, -Atutor, Olat
more than -180 distance courses are developed
-2,000 Ukrainian specialists are trained,
retrained and certified in distance learning more
than 40 local organizations -5 Research
laboratories are opened -40 agreements are
signed with Ukrainian Educational
organizations -10 full screen videoconferences
via Internet with local and International
universities are provided including conference
with Kennedy Space Center in the U.S.A.
Full Screen Video Conferencing
30
UIITE Local Activities

• Participation in development of Ukrainian
  Conception of Distance Learning
• Project of National Program of Distance Learning
  (2002-2004)
• the National Project of distance learning for
  secondary schools
• Pilot Project Bachelor for NTUUKPI (complete
  support of bachelor degree for one faculty of
  NTUUKPI using distance learning technologies)
  
• the National Project Preparation and Development
  of Human Potential in IT (IT Association and
  Universities)
• Project Development of a Strategy of Information
  Society
• (Ukrainian Federation of Informatics)
• State Program Information and Communication
  Technologies in Education and Science
• Pilot Project Information and Communication
  Technologies in Education in within one district
• Project Virtual School

31
What we done practically

• Shibboleth software (Identity Provider, Service
  Provider, Pub-Cookies) is installed and
  completely debugged for testing purposes at
  UIITE
• Registration in InQueue World-wide Shibboleth
  Federation was done for UIITE and experiences
  with Shibboleth under InQueue support are started.

32
What we plan

• To start experiences with completely shibbolized
  e-learning platform OLAT
• To use UIITE LDAP repository for experiences with
  Shibboleth
• To create a local Shibboleth Federation for test
  purposes on a base of UIITE
• To learn possibilities of Netherlands National
  system A-Select at Delft Technical University
  during a visit to Delft from Feb.18 through March
  05, 2006.

33
Conclusion

• Shibboleth (Internet2IBM) project may be
  recommended as a basic for development of virtual
  university architecture or any other distributed
  web-oriented educational organization
• Shibboleth allows to use web-based Single Sign-On
  (SSO) for Inter-Institutional and
  Intra-Institutional access to educational
  resources and facilitates all procedures for
  modern education support
• Shibboleth is supported by modern commercial
  e-learning platforms
• Shibboleth is oriented for using of open source
  software
• Shibboleth allows to use different types of
  distributed architectures for web-oriented
  learning
• Shibboleth is most progressive technology in line
  to education support in modern university or any
  virtual university.

34
List of publications

• Shibboleth, Internet2-mace-shibboleth-introduction
  -200404.pdf, URL http//sibboleth.internet2.edu.
• Shibboleth, Internet2-mace-shibboleth-advantage-20
  0309.pdf, URL http//sibboleth.internet2.edu.
• Shibboleth Architecture. Technical Overview,
  Draft-mace-shibboleth-tech-overview-latest.pdf,
  URL http//shibboleth.internet2.edu.
• Shibboleth-Architecture DRAFT v05,
  draft-internet2-shibboleth-architecture-05.html,
  URL http//shibboleth.internet2.edu.
• Shibboleth Documentation, http//sibboleth.interne
  t2.edu.
• Shibboleth Target Deployment Guide, Shibboleth
  Version 1.2May 10, 2004 URL http//sibboleth.int
  ernet2.edu.
• Shibboleth Target Deployment Guide, Shibboleth
  Version 1.1December 3, 2003, URL
  http//sibboleth.internet2.edu.
• Shibboleth Target Deployment Guide, Shibboleth
  Version 1.2.1November 15, 2004, URL
  http//sibboleth.internet2.edu.
• Shibboleth Origin Deployment Guide, Version
  1.2.1, November 15, 2004, URL http//sibboleth.in
  ternet2.edu.
• Shibboleth Origin Deployment Guide, Version 1.2,
  July 2, 2004, URL http//sibboleth.internet2.edu.
  
• Patrik Schnellmann, Valery Tschopp, Lukas
  Haemmerle. Install Shibboleth 1.3 Identity
  Provider on Debian 3.1 (sarge), Tomcat only with
  CAS SSO, URL http//www.switch.ch/aai/docs/shibb
  oleth/SWITCH/1.3/idp/install-idp-1.3-debian.html,
  pp.18, 2006.
• Ken Klingenstein. Internet2 Shibboleth Project.
  TERENA Networking Conference 2002, Limerick,
  Ireland, pp.43.
• Kathryn Huxtable. Identity Management
  Infrastructure at The University of Kansas, 11
  March 2005, AIMStalk.ppt.
• James Burger. Shibboleth for Middle Schools,
  NSDL, 20040901-ms_shib_presentation.ppt.
• Vyacheslav Valuisky. "Platforms of Distance
  Learning Support. The Analysis and the
  Compatibility". Journal of Multimedia Aided
  Education Research, 2005, vol.2, No.1,
  pp.103-111, Japan, Institute of Multimedia
  Education, 2-12, Wakaba, Mihama-ku, Chiba-Chi
  261-0014, Japan.