OpenAthens

Last updated

OpenAthens is an identity and access management service, supplied by Jisc, a British not-for-profit information technology services company. Identity provider (IdP) organisations can keep usernames in the cloud, locally or both. Integration with ADFS, LDAP or SAML is supported. [1]

Contents

OpenAthens for Publishers [2] software for service providers supports multiple platforms and federations.

Technically, the service provides deep packet inspection proxying (in a similar manner to EZproxy) and SAML-based federation, [3] as well as various on-boarding services for institutions, consortia and vendors.

History

With its origins in a University of Bath initiative to reduce IT procurement costs for itself and other universities, the Athens project was conceived in 1996. Spun off from Bath University through the vehicle of charitable status, Eduserv was established as a not-for-profit organisation in 1999. [4]

The service was originally named Athena after the Greek goddess of knowledge and learning; it is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked (EU000204735). [5] It launched as 'Athens' in 1997 (UK00002153200). [6] After JISC decided to support Shibboleth rather than Athens in 2008, Eduserv launched a federated version of Athens as 'OpenAthens' [7] (EU013713821). [8]

See also

Related Research Articles

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Security Assertion Markup Language is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions. SAML is also:

A patent office is a governmental or intergovernmental organization which controls the issue of patents. In other words, "patent offices are government bodies that may grant a patent or reject the patent application based on whether the application fulfils the requirements for patentability."

<span class="mw-page-title-main">Intellectual Property Office (United Kingdom)</span> Patent Office of the United Kingdom

The Intellectual Property Office of the United Kingdom is, since 2 April 2007, the operating name of The Patent Office. It is the official government body responsible for intellectual property rights in the UK and is an executive agency of the Department for Science, Innovation and Technology (DSIT).

A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems.

<span class="mw-page-title-main">Shibboleth (software)</span> Internet identity system

Shibboleth is a single sign-on log-in system for computer networks and the Internet. It allows people to sign in using just one identity to various systems run by federations of different organizations or institutions. The federations are often universities or public service organizations.

<span class="mw-page-title-main">Jisc</span> UK non-profit providing expertise in digital technology for higher education institutions

Jisc is a United Kingdom not-for-profit company that provides network and IT services and digital resources in support of further and higher education institutions and research as well as not-for-profits and the public sector.

<span class="mw-page-title-main">Windows CardSpace</span> Discontinued identity selector app by Microsoft

Windows CardSpace is a discontinued identity selector app by Microsoft. It stores references to digital identities of the users, presenting them as visual information cards. CardSpace provides a consistent UI designed to help people to easily and securely use these identities in applications and web sites where they are accepted. Resistance to phishing attacks and adherence to Kim Cameron's "7 Laws of Identity" were goals in its design.

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML standard for exchanging authentication and authorization identities between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal between a SAML authority, named an Identity Provider, and a SAML consumer, named a Service Provider. SAML 2.0 enables web-based, cross-domain single sign-on (SSO), which helps reduce the administrative overhead of distributing multiple authentication tokens to the user. SAML 2.0 was ratified as an OASIS Standard in March 2005, replacing SAML 1.1. The critical aspects of SAML 2.0 are covered in detail in the official documents SAMLCore, SAMLBind, SAMLProf, and SAMLMeta.

Web Single Sign-On Metadata Exchange Protocol is a Web Services and Federated identity specification, published by Microsoft and Sun Microsystems that defines mechanisms for a service to query an identity provider for metadata concerning the protocol suites it supports. The goal of this operation is to increase the ability of a given service to interoperate with a given identity provider.

Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. It uses a claims-based access-control authorization model to maintain application security and to implement federated identity. Claims-based authentication involves authenticating a user based on a set of claims about that user's identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims-based authentication. It is part of the Active Directory Services.

The Wave Federation Protocol is an open protocol, extension of the Extensible Messaging and Presence Protocol (XMPP) that is used in Apache Wave. It is designed for near real-time communication between the computer supported cooperative work wave servers.

Identity assurance in the context of federated identity management is the ability for a party to determine, with some level of certainty, that an electronic credential representing an entity with which it interacts to effect a transaction, can be trusted to actually belong to the entity.

An identity provider is a system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network.

Security Assertion Markup Language (SAML) is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This article has a focus on software and services in the category of identity management infrastructure, which enable building Web-SSO solutions using the SAML protocol in an interoperable fashion. Software and services that are only SAML-enabled do not go here.

The Open Identity Exchange (OIX) is a membership organisation that works to accelerate the adoption of digital identity services based on open standards. It is a non-profit organisation and is technology agnostic. It is collaborative, and works across the private and public sectors.

GOV.UK Verify was an identity assurance system developed by the British Government Digital Service (GDS) which was in operation between May 2016 and April 2023. The system was intended to provide a single trusted login across all British government digital services, verifying the user's identity in 15 minutes. It allowed users to choose one of several companies to verify their identity to a standard level of assurance before accessing 22 central government online services.

The SAML metadata standard belongs to the family of XML-based standards known as the Security Assertion Markup Language (SAML) published by OASIS in 2005. A SAML metadata document describes a SAML deployment such as a SAML identity provider or a SAML service provider. Deployments share metadata to establish a baseline of trust and interoperability.

Authentication and authorization infrastructure (AAI) refers to a service and a procedure that enables members of different institutions to access protected information that is distributed on different web servers.

References

  1. "SAML and interoperability". OpenAthens. 17 March 2016. Retrieved 23 May 2016.
  2. "OpenAthens for publishers". www.eduserv.org.uk. Retrieved 22 January 2016.
  3. "I am using a proxy, why do I need OpenAthens?".
  4. Clawson, Trevor. "The Sweet Spot -- Finding A Route To UK Public Sector Sales". Forbes. Retrieved 11 October 2023.
  5. "EU000204735". ipo.gov.uk. Intellectual Property Office. Retrieved 25 January 2016.
  6. "UK00002153200". ipo.gov.uk. Intellectual Property Office. Retrieved 25 January 2016.
  7. Upshall, Michael (2009). Content Licensing: Buying and Selling Digital Resources. Chandos. p. 102. ISBN   9781843343332 . Retrieved 24 October 2021.
  8. "EU013713821". ipo.gov.uk. Intellectual Property Office. Retrieved 25 January 2016.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.