Athens access and identity management


Athens access and identity management

Athens is an Access and Identity Management service that is supplied by Eduserv to provide single sign-on to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the "Classic Athens service", where usernames are held by Eduserv, or Local Authentication where usernames are held locally and security tokens are exchanged via a range of protocols: SAML, Shibboleth or "Athens Devolved Authentication" (AthensDA) [http://www.athensams.net/local_auth/athensda/] . Over 4.5 million users worldwide can gain access to over 300 protected online resources via the Athens service.

Athens replaces the multiple usernames and passwords necessary to access subscription based content with a single username and password that can be entered once per session. It operates independently of a user’s location or IP address.

Infrastructure

There are two main elements to Athens. Firstly, the ability to manage large numbers of users, their credentials, and associated access rights, in a devolved manner where administration can be delegated to organisations, or within an organisation. Secondly, Athens provides a managed infrastructure which facilitates the exchange of security tokens across domains in a secure and trusted way.

Trust

The Athens service is a trust federation where Identity Providers, Service Providers and Athens operate under common rules and licenses. Trust is enforced by the use of public-key cryptography and other security mechanisms.

Trust is enforced at the Identity Provider through an appointed administrator who uses browser-based tools provided as part of the Athens service to manage their user accounts in a truly federated manner. Accounts can be grouped into categories with different attributes, and given access to different sets of resources.

The Athens service is neutral; it is not involved in the selling process between a Service Provider (SP) and an Identity Provider (IdP). The SP informs Athens when access to its resource is to be enabled to an IdP, and Athens then allows the IdP to allocate the resource to appropriate user accounts.

Adoption

Athens is used extensively within UK Higher and Further Education institutions, the UK National Health Service, and in [http://auth.athensams.net/orglist.php?view=byCountry more than 90 countries] worldwide. It has been adopted by over 2,000 organisations, and over 300 online resources since it was first launched in 1996. Over 4.5 million accounts are now registered with Athens. The majority of IdPs use Classic Athens; however more than 60 organisations, representing around one million users have moved to the fully federated Local Authentication model.In 2006 Athens was represented at the Medical Library Association Annual Meeting. Since then hospital libraries in the United States have begun using Athens as method for providing off campus access to library resources.

Standards

Once SAML became a ratified standard, Athens adopted SAML and Shibboleth interfaces to the Athens system to facilitate inter-working with a larger number of systems. The Athens service offers SAML and Shibboleth connectivity for both IdPs and SPs through Gateways where native connectivity is not practical.

Attributes

Athens makes a number of attributes relating to its organisations and its user accounts available to its Service Providers through its agent technology. These are generally organisation-related as in the case of the ‘issuing organisation identity number’ or ‘issuing organisation country’, or pseudonymous like the persistent unique identifier for a user account.

Attribute-based authorisation

Athens user management facilities, whether for Classic or Locally Authenticated users, allow the administrator to allocate a different set of resources to each user account. This provides fine-grained authorisation for resources. However, the ability to deliver attributes through the agent technology will offer a long term ability to authorise based on attributes, when attributes and their meaning are commonly understood by IdPs and SPs.

History

Conceived in 1996 at the University of Bath, the service was originally named "Athena" after the Greek goddess of knowledge and learning. It is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked.

As from 1996, the service has had two periods of significant expansion. The first in 2000 due to a central contract that made the service freely available to almost all UK Higher and Further education, and the second in 2003 when adopted by the UK National Health Service.

External links

* [http://www.athensams.net/ Athens corporate site]
* [https://addons.mozilla.org/firefox/337/ Firefox browser extension]
* [http://everything2.com/index.pl?node_id=1888399 Everything2 article]


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Identity management — In information systems, identity management is the management of the identity life cycle of entities (subjects or objects). An identity management system: # Establishes the identity ## Links a name (or number) with the subject or object; ## Re… …   Wikipedia

  • Athens (disambiguation) — Athens is the capital city of Greece. *Classical Athens, the city in Classical AntiquityAthens may also refer to: * Athens access and identity management, an access and identity management service * the Athens meteorite of 1933, which fell in… …   Wikipedia

  • Federated identity — In information technology, federated identity has two general meanings: * The virtual reunion, or assembled identity , of a person s user information (or ), stored across multiple distinct identity management systems. Data is joined together by… …   Wikipedia

  • Media and Publishing — ▪ 2007 Introduction The Frankfurt Book Fair enjoyed a record number of exhibitors, and the distribution of free newspapers surged. TV broadcasters experimented with ways of engaging their audience via the Internet; mobile TV grew; magazine… …   Universalium

  • Libraries and Museums — ▪ 2007 Introduction Libraries and museums grappled with ways to attract more patrons during the year, introducing innovative software (Library 2.0), technological wizardry (iPods as museum aides), and even “bib dating.” Efforts continued to… …   Universalium

  • Anthropology and Archaeology — ▪ 2009 Introduction Anthropology       Among the key developments in 2008 in the field of physical anthropology was the discovery by a large interdisciplinary team of Spanish and American scientists in northern Spain of a partial mandible (lower… …   Universalium

  • HISTORICAL SURVEY: THE STATE AND ITS ANTECEDENTS (1880–2006) — Introduction It took the new Jewish nation about 70 years to emerge as the State of Israel. The immediate stimulus that initiated the modern return to Zion was the disappointment, in the last quarter of the 19th century, of the expectation that… …   Encyclopedia of Judaism

  • OpenID — The OpenID logo OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital… …   Wikipedia

  • Authentication — (from Greek αυθεντικός; real or genuine, from authentes; author) is the act of establishing or confirming something (or someone) as authentic , that is, that claims made by or about the thing are true. This might involve confirming the identity… …   Wikipedia

  • education — /ej oo kay sheuhn/, n. 1. the act or process of imparting or acquiring general knowledge, developing the powers of reasoning and judgment, and generally of preparing oneself or others intellectually for mature life. 2. the act or process of… …   Universalium