Building Identity Trust Federations

March 18, 2009

Featured Speaker: *John Champan,*BECTA (Broadband consortia based in the UK)

Becta is the government agency leading the national drive to ensure the effective and innovative use of technology throughout learning.

About the UK Access Management Federation: Over the past few years, Becta and JISC have independently invested significant resources in the investigation and development of access management technologies. This work has now culminated in both organizations working together with JANET(UK) to develop the UK Access Management Federation for Education and Research, launched in November 2006.

What is the UK Access Management Federation?
The UK federation provides the UK schools, further and higher education and research sectors with a framework for accessing online learning material by using identity management software, such as Shibboleth. This gives institutions a route to single sign-on to resources through the implementation of federated, devolved authentication.

Operated by JANET(UK) on behalf of JISC and Becta, the UK federation is made up of 'identity providers' such as local authorities, regional broadband consortia, universities and colleges, and 'service providers' such as publishers of online resources.

Members of the UK federation agree to a set of policies for exchanging information about users and resources. This enables access to, and use of, resources and services while protecting the security of both the individuals and the resources.

The federation, combined with the use of identity management software within institutions and organizations, is referred to as 'federated access management'.

Case studies
www.ukfederation.org.uk/library/uploads/Documents/embc-study.pdf
www.ukfederation.org.uk/library/uploads/Documents/swgfl-study.pdf

Participants Questions
1.    Does the consortia serve just K-12?
A.    Yes, for now.

2.    Once a student has an ID, does it follow them after school?
A.    No.

3.    Are ARPs established by BECTA, JISC or at the school level?
A.    At the school level.

4.    Does BECTA host any authenticated services, perhaps as a way of getting through the "chicken and egg" start-up program?
A.    Yes.

5.    Does BECTA provide any services/support for shibboleth installation?
A.    Doesn't, but JANET provides some support and training

6.    How do you handle parent access to student profiles for schools?
A.    Mixed bag - Trying to provide by 2012 - some will have the ability, others will have to provide direct access. Parents wont need to be added to use government gateway. schools will maintain the relationship. SP will know there's a parent of a particular child.

7.    Any gap in trust between how higher education and K-12 collaborate?
A.    Hasn't come up, yet.

8.    Does BECTA have a "limited" Attribute Release Policy (ARP) or Federation ARP - what is it?
A.   ARP policies are set by local authority and schools - University/Colleges set their own ARPS. Becat and JISC are trying to produce sample ARPS and what's fair to ask for.

9.    Is there a central IdP for all of BECTA, or multiple IdPs for some number of school districts (individual, regional)?
A.   A chicken and egg start up problem - online collaboration areas - BECTA has joined the federation but haven't gotten the services up yet. Want to shibboleth their own services?

10.    Does BECTA use a "federation-wide" identifier for students so that if they move between schools/regions within the UK their data is not lost? (This is dependent on the answer to Question 3 and whether any student-specific data is recorded).
A.    Unique Learner Number is an Identifier that will follow a learner throughout their life.

11.   Is there any type of "auditing" for K-12 student access to Saps that tracks their access?
A.    4 core attributes - targeted id, name, standard for recommended to be used in the documentation. Additional ones to be used.