Shibboleth at LSE

LSE Library

Brief history of Shibboleth at the LSE Library

Since 2000, the LSE Library's Project Team, especially Project Manager John Paschoud and Chief Technical Officer Simon McLeish, has investigated the management of access to academic resources, and the middleware, such as Shibboleth, that is associated with this.

The latest project, the Identity Management Toolkit, will produce an Identity Management Toolkit that fully meets all the requirements for successful Identity Management identified by The Identity Project . The main intended audience/users of the Toolkit to be produced will be institutional ICT directors, their managers and staff at universities and colleges in the UK.

The previous project, FLAME, installed production-scale services for institutional Devolved Authority Management (DAM) and Attribute Release Policy (ARP) control, and a facility for ad-hoc Virtual Organisation Management (VOM). These services will be supported by an Enterprise Directory (being implemented by LSE independently of this project) and be integrated with a number of key target applications (such as the LSE online recruitment system).

Another recent project, the Identity Project, researched into and established consensus in the current practice and future needs of UK academic institutions in Identity Management. Issues that were addressed included Grid use, Shibboleth installations of varying degrees of maturity, collaborative courses and other long-term inter-institutional collaborations, internal and shared dynamic virtual organisations, classes of users other than the standard staff/student mix, library access schemes, and NHS involvement.

Simulteniously to working on The Identity Project and FLAME (2006-2008), the Library Project Team also also provided direct support for the JISC Access Management Transtion Programme, helping UK institutions and service providers to implement federated access management.

The FAR project applied Federated Access Management (FAM) principles to the repository environment. It produced recommendations on the use of attributes for access control decisions; demonstrator versions of DSpace and EPrints which show these attributes in action; and a report suggesting how similar changes could be made to Fedora.

Another project, PERSEUS, addressed the key challenge of Shibboleth-based access management to information resources via an institutional portal, using the uPortal Open Source portal toolkit. Part of the PERSEUS work was to install Shibboleth at the LSE Library, thus making the LSE an early adopter, and gradually introduce and test Shibbolised resources. The results are reported elsewhere on this site.

The ShibboLEAP project created a Shibboleth Identity-Provider ('Origin') service for all academic and support staff at each partner institution who are involved in controlled access to their respective institutional Eprints servers, and implemented modifications to their respective Eprints servers to enable them all as Shibboleth Resource-Providers ('Targets'). The project was undertaken by a consortium of Birkbeck College, SOAS, Imperial College, King's College, UCL and Royal Holloway Collage, with the LSE Projects Team as the anchor.

An earlier project, SECURe, built on existing JISC investment in tools and infrastructure in the ANGEL project and the pilot installation of Shibboleth software at the LSE. SECURe addressed two key issues within the Access Management arena:

• An institution-wide deployment of PKI and authentication using personal digital certificates;
• The creation and operational use of Web services and directory components to enable cross-domain access management.

There was also, in the UKeduPerson project, a study to establish the scope and requirements for a metadata schema to provide for consistent descriptions and classifications of all students and staff involved in post-16 education. The schema, facilitated by Shibboleth technology, will enable more sophisticated access to password-protected web resources. It will also support a UK national infrastructure for the Common Information Environment to allow UK academic institutions to share learning and teaching resources more freely.