Docstoc

ITT-Federated-Access-Management---Institutional-Access-Management-

Document Sample
ITT-Federated-Access-Management---Institutional-Access-Management- Powered By Docstoc
					Federated Access Management: Service Provider Interface Study

JISC Collections INVITATION TO TENDER

Summary 1. JISC Collections wishes to commission a study to explore the approaches taken by Service Providers 2 to the implementation of federated access management, and its effect on the End User experience. The aim of the study is to make clear recommendations regarding common terminology and practices across service provider platforms to both improve the user experience and to ensure the maximum number of successful authentications. 2. The core deliverable is a report with recommendations based on the terms of reference below. 3. The deadline for proposals is 12 noon on Monday 2nd March 2009. Funding of up to £35,000 (including VAT, travel and subsistence) is available for the project. 4. It is expected that the project will be undertaken over a 4 month period between 30 March–20th July 2009. Background and Context 5. The JISC Content Procurement Company Limited which trades as JISC Collections mission is to ‘To negotiate for, and, where appropriate to license, quality assured electronic materials that will provide the JISC community with a range of resources to support education and research’. 6. In November 2006, the UK Access Management Federation was launched. The UK federation provides Identity Providers, Service Providers, End Users, and Educational Sectors with consistency across the whole of education for federated (distributed) authentication and authorization. The UK 3 federation now has over 657 members . Members use a variety of SAML compliant methods to 4 access resources through the UK federation . JISC Collections mandates the use of SAML compliant technologies and membership of the UK federation in all its license agreements. 7. There has been considerable uptake of federated access management amongst Service Providers, with over 140 live resources within the UK federation alone. The process of implementation across Service Providers, has been dependent on the design and structure of their platforms, the number of other access management systems they support, and the need to support other national federations 5 such as the US InCommon Federation . This has led to variations in the terminology used to describe federated access management and the look and feel of the federated access process, leading to an
th 1

1

Service providers is intended to mean publishers, aggregators and other licensors of online educational resources subscribed to by academic institutions 2 End Users means students, academics, researchers, staff and other members of an academic institution licensing online educational resources.
3

http://www.ukfederation.org.uk/content/Documents/MemberList

4

These include 3rd party outsourcing via OpenAthens, SAML Compliant software such as Shibboleth, and proxy solutions 5 http://www.incommonfederation.org/.

inconsistent experience for End Users. This is particularly evident in the implementation of WAYF (Where Are You From) services – used to determine user affiliation. 8. JISC has provided some general advice for service providers, available on the JISC website . This advice is not currently followed universally by Service Providers and does not address the requirements of other national federations.. 9. This study is expected to review the implementations undertaken across Service Provider platforms and to make recommendations in the following areas:    Terminology for link text for login pages; Use of the UK federation WAYF versus publisher designed WAYFs; Management of multi-tiered WAYFs to support other national federations.
6

10. The study will also be expected to review the wider ‘Discovery Problem’ and to make appropriate recommendations for further work in this area. The Discovery Problem describes the requirement in federated access management to know where a user is ‘from’, i.e. to which organisation they are affiliated. This is currently supported by two different approaches depending on the access route taken by the user – by WAYF solutions on service provider interfaces, and by the use of ‘WAYFless’ links embedded in library portals and webpages. 11. The final aim of the project will be to review current sources of information about Service Provider implementations such as the Live Service pages on the UK federation website, information provided by the JISC Access Management Team and publisher information on the JISC Collections website. Recommendations should be made about the best way to provide the information required by librarians and IT support staff, such as eduPerson attributes used, WAYFless URLs and processes for deep-linking to article or e-book level. . Terms of Reference 12. The Terms of Reference for the project are: a) A report on user experiences of differing processes for accessing content and services using federated access management. This should include identification and investigation of current and likely End User scenarios as well as best practice recommendations on End User focused access management terminology. b) To review the wider ‘Discovery Problem’ and make recommendations for future work in this area. c) To review current processes for providing information about Service Provider implementations to stakeholder organisations and to make recommendations for improving information flow. d) To consider the impact of the use of Open URL resolvers, role and accuracy of federation and service provider WAYFs, multiple forms of identification and deep linking. e) To examine the impact of End User and Service Provider experience of federations across international boundaries including variations in discovery tools. f) To define existing and potential end user scenarios taking account of the variety of access mechanisms used (IP, proxy, remote access, Shibboleth) including learners, staff and walk in users at UK HE / FE institutions 14. Successful implementation of the project will entail cooperation with the wider JISC community that may include but will not exclusively be limited to: 7 i. JISC Services and Outreach ; ii. JANET UK; iii. EDINA SDSS ;

6
7

See http://www.jisc.ac.uk/whatwedo/themes/accessmanagement/federation/publisherlogin
http://www.jisc.ac.uk/aboutus/about_jisc/structure/services_outreach_group

iv. v. vi. vii. viii. ix. x. xi. xii.

Netskills ; 9 JISC Regional Support Centres ; 10 JISC Innovation ; 11 Becta ; 12 Third party support service providers ; 13 UK Access Management Federation members ; Incommon; Terena; Internet2.

8

Respondents should familiarise themselves with the associated UK Access Management 14 Federation policy documents .

Deliverables 15. The deliverables of the project are: a. A detailed project plan; b. Monthly written progress reports to be delivered via a mutually agreed mechanism; c. A final report with recommendations as detailed in the terms of reference. 16. The project will run for 4 months between 30 March–20th July 2009
th

Management of the Study 17. Responsibility for this project will lie with JISC Collections with whom the contractor will be expected to agree a programme of work and timetable. The primary contact for the project will be Mark Williams, Access Management Outreach coordinator (tel: 020 3006 6042; email: m.williams@jisc.ac.uk). Accessibility Issues 18. In line with Government legislation and social exclusion initiatives, JISC is committed to providing resources that are accessible to a diverse range of users. In order to achieve this, all software and IT resources including the project web site should meet good practice standards and guidelines pertaining to the media in which they are produced. Advice and recommendations for ensuring that IT based systems, tools and resources are accessible by all can be found in the resource section of the 15 Technology for Disabilities Service (TechDis). Further advice and consultancy is available from the TechDis Centre itself. Data Protection and the Freedom of Information Act 19. Bidders must take into account the requirements of the Data Protection Act (1998) and the Freedom of Information Act (2000). Bidders should consult with their responsible officer regarding the possible implications of the proposed bid.

8 9

http://www.netskills.ac.uk/content/index.html http://www.jisc.ac.uk/rsc 10 http://www.jisc.ac.uk/aboutus/about_jisc/structure/development_group.aspx 11 http://www.becta.org.uk/ 12 http://www.jisc.ac.uk/whatwedo/themes/access_management/federation/federation_publisher.aspx 13 http://www.ukfederation.org.uk/content/Documents/MemberList 14 http://www.ukfederation.org.uk/content/Documents/FedDocs 15 http://www.techdis.ac.uk/

Funding and Timescale of the Project 20. The funding available for the project is a maximum of £35,000 (including VAT, travel and subsistence). Bidders who are eligible to apply full economic costs (fEC) to their proposals are permitted to do so, but JISC’s total contribution to the study will not exceed £35,000. 21. It is expected that the project will be undertaken over a 4 month period between 30 March–20th July 2009 Format of Proposals 22. Bidders should provide the following in support of their proposal: a. Examples of previous work in relevant areas; b. An outline staff time committed to the project; c. Methodology to be used relating to: i. Sampling user experiences ii. Determining recommendations on website interfaces. e. Methodology for working with the JISC Collections team who will supervise the project; f. A full project plan, including detailed risk assessment of the project; g. The costs of the project, broken down into different phases/key milestones as appropriate and outlining the relevant rates and time commitment for each member of the team to be employed on the project; h. An outline of the areas to be covered in the final report; i. Confirmation of the proposed project timetable and start date and completed cover sheet (see appendix A) including full contact details for the project leader.
th

Evaluation Criteria 23. Tenders will be evaluated on the basis of the following criteria (which are in no specific order): a. b. Compliance with and understanding of the terms of reference; Prior work demonstrating an understanding of user experiences with federated access management c. Relevance of the previous experience of the tendering organisation(s); d. Analysis of risks to successful completion of the service; e. Value for money.

24.

Further Information General enquiries regarding the content of this Invitation To Tender should be addressed to Mark Williams (tel: 020 3006 6042; email: m.williams@jisc.ac.uk).

25.

Proposals should be sent by email to Mark Williams (m.williams@jisc.ac.uk) for receipt by 12 noon on Monday 2nd March 2009. It is the responsibility of the bidder to ensure that the email has arrived by the deadline outlined above. A copy of the proposal should also be posted for receipt by the same deadline to: Mark Williams JISC Collections Brettenham House (SOUTH) 5 Lancaster Place London WC2E 7EN

26.

Faxed or late copies will not be accepted. Please do not rely on first class post for next day delivery. JISC Collections January 2009

APPENDIX A: Cover Sheet Cover Sheet for Proposals (All sections must be completed) Name of Bidding Organisation Federated Access Management: Service Provider Interface Study

Project Partners (if any)

Full Contact Details for Proposal Leader:

Total Cost in AY 2009:

Summary of Proposal:


				
DOCUMENT INFO
Shared By:
Tags: ITT-F, edera
Stats:
views:7
posted:11/28/2009
language:English
pages:6
Description: ITT-Federated-Access-Management---Institutional-Access-Management-