Access Management

Access Management, or Digital Access Management, refers to an infrastructure that supports the federation of identities across secure institutional boundaries without compromising the security, privacy and intellectual property rights of either end-users and the owners or institutions.

Development of access management services across diverse institutions and systems involves consolidation and integration of related services and issues including: auditing, authentication, authorisation, automated identity management, directory services, network security, personalisation, password synchronisation, role-based access control, single sign-on, security workflow, self-service administration, trust communities and user provisioning technology.

• Audit: tracking of user activity within systems for identification and management of security, access, legislative and licence compliance issues
• Authentication: concerns who a user is, typically involving a username and password based authentication service
• Authorisation: concerns what access a user gets
• Automated Identity Management: automated administration of account information, passwords, security directives and access rights centrally which apply across a range of systems and platforms
• Role-Based Access Control (RBAC): the grouping of users into logical role-based groups in order to specify which groups within a system have access to particular services
• Single Sign-on (SSO): an initial log in which allows a user with a recognised security level to access multiple resources using that single login
• User Provisioning: term used in IT environments to describe the provision of equipment and services required by a user. In the area of Access Management provisioning refers in particular to the automation of the steps required to setup, modify, and delete (deprovision) user or system access quickly, securely, and verifiably.

(Source: http://www.networkworld.com/topics/identity-management.html)

23 items in this category.

1. EduRoam Australia: Network Roaming for Higher Education
   Category: Access Management
   
   EduRoam is an international, location independent wireless network, allowing mobility between participants wireless infrastructure with seamless user authentication and enforcement of local security policy. Through EduRoam Australia staff and students from participating Australian members of AARNet and GrangeNet can gain network access at both their home institution or another participating institution in Australia or Europe without any administrative burden or added complexities. Other participating countries include: the Netherlands, UK, Greece, Czech Republic, Spain, Portugal, Croatia, Slovenia, Denmark, Poland, Latvia, Finland and Norway.
   
   

2. eXtensible rights Markup Language (XrML)
   Category: Access Management
   
   XrML - eXtensible rights Markup Language - provides a universal method for specifying rights and issuing conditions (licenses) associated with the use and protection of content.
   
   

3. IMS Reusable Definition of Competency or Educational Objective Specification
   Category: Access Management
   
   The IMS Reusable Competencies Definition Information Model Public Draft defines an information model for describing, referencing and exchanging definitions of competencies, primarily in the context of online and distributed learning.
   
   

4. Learner Identity Management Framework Project
   Category: Access Management
   
   This final report of the Learner Identity Management Framework (LIMF) Project was submitted to AICTEC in March 2006. It identifies the key objectives of a LIMF as: addressing issues associated with learner mobility and smoothing learner transitions; assisting in the detection learners of risk of disengagement; supporting enhanced longitudinal research; supporting evaluation of targeted programs; and supporting ePortfolios / learner-controlled personal data.
   
   

5. Liberty Alliance
   Category: Access Management
   
   The Liberty Alliance Project was formed in September 2001 to develop open standards for federated network identity management and identity-based services. Its goals are to ensure interoperability, support privacy, and promote adoption of its specifications, guidelines and best practices.
   
   

6. Making accessible software: a guide for schools
   Category: Access Management
   
   This guide is designed to help UK schools understand how legislation applies to their learners with special education needs and what 'reasonable adjustment' may mean in the context of ICT. This is a free publication which can be downloaded from the website in PDF format.
   
   

7. MAMS Testbed Federation Mini-Grant Scheme
   Category: Access Management
   
   In order to promote growth and use of the "MAMS Testbed Federation", MAMS proposed a mini-grant scheme to DEST which provides funding assistance for HE institutions to join the testbed federation as an IdP and SP. As the attractiveness of a Federation is based on the value of available services, the emphasis was on encouraging HE institutions to join as SPs. This page provides information about successful applicants, wioth details of their proposals and projects. The following round-1 proposals were chosen as recipients of mini-grant funding: AARNet; Griffith University; Nanostructural Analysis Network Organisation; University of Queensland; Queensland University of Technology.
   
   

8. nmi-edit: NSF Middleware Initiative
   Category: Access Management
   
   The primary goal of the NMI-EDIT Consortium, part of the NSF Middleware Initiative (NMI), is to improve the productivity of the research and education community through development, testing, and dissemination of architectures, software, and practices in the areas of identity and access management. Development efforts comprise a coordinated set of core middleware tools in the areas of identity and access management architectures, standards for deployments, related directory schemas, and tools. Major projects include the Signet privilege and Grouper group management, and Middleware Diagnostic tools, and the Shibboleth technology. Begun in late 2001, NMI funded the design, development, testing, and deployment of middleware, a key enabling technology upon which customized applications are built. Specialized NMI teams defined open-source, open-architecture standards that are creating important new avenues of online collaboration and resource sharing.
   
   

9. OASIS eXtensible Access Control Markup Language (XACML) TC
   Category: Access Management
   
   The XACML Technical Committee will define a core XML schema for representing authorization and entitlement policies, also called XACML. It will identify bindings to existing protocols (e.g., XPath, LDAP), and define new protocols, if necessary, as means of accessing and communicating the policies. XACML is expected to address fine grained control of authorized activities, the effect of characteristics of the access requestor, the protocol over which the request is made, authorization based on classes of activities, and content introspection (i.e. authorization based on both the requestor and potentially attribute values within the target where the values of the attributes may not be known to the policy writer). XACML is also expected to suggest a policy authorization model to guide implementers of the authorization mechanism.
   
   

10. OAuth
    Category: Access Management
    
    The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.
    
    

11. Open Data Definition
    Category: Access Management
    
    

    The Open Data Definition (ODD) is an XML based data portability format designed to be simple and flexible. It consists of an XML framework plus an extension format defining the keywords, classes and required items of metadata. ODD takes the view that existing data portability standards are, despite being powerful, much too complex for widespread adoption. The format is made up of a handful of core components with minimal nesting, which allows the support for import/export, syndication and live streaming.

    
    
    

12. Open Data Definition
    Category: Access Management
    
    The Open Data Definition (ODD) is an XML based data portability format designed to be simple and flexible. It consists of an XML framework plus an extension format defining the keywords, classes and required items of metadata. ODD takes the view that existing data portability standards are, despite being powerful, much too complex for widespread adoption. The format is made up of a handful of core components with minimal nesting, which allows the support for import/export, syndication and live streaming.
    
    

13. OpenID.net
    Category: Access Management
    
    

    This is a decentralized identity system, not attached to a particular company. An OpenID identity is a URL. You can have multiple identities in the same way you can have multiple URLs. OpenID provides a way to prove that you own a URL (identity). It does this without sharing passwords or email addresses, or any profile exchange component at all. The profile is your identity URL. Recipients of your identity can then learn more about you from any public, semantically interesting documents linked thereunder (FOAF, RSS, Atom, vCARD, etc.).

    
    
    

14. OpenURL Framework for Context-Sensitive Services
    Category: Access Management
    
    The OpenURL standard from the National Information Standards Organization (NISO) (ANSI/NISO Z39.88-2004) is a syntax to create web-transportable packages of metadata and/or identifiers about an information object. Such packages are at the core of context-sensitive or open link technology. The OpenURL is needed because conventional web links do not take into account the identity of the user: they take all users to the same target. This causes some problems. For example, when more than one institution provides access to copies of the same electronic article, the link from citation to full text should resolve to a copy that is accessible to the user. Since different users have access to different digital libraries, the link should resolve in a user-specific fashion. In order to do this, a link must be able to: package metadata and identifiers describing the information object; and send this package to a link-resolution server or resolver. If this resolver is aware of the user's context, it is able to take into account the identity of the user when resolving the metadata into specific targets.
    
    

15. Password Management Best Practices
    Category: Access Management
    
    This document describes and justifies current best practices for password management in an enterprise network. It is intended to offer reasoned guidance to information technology decision makers when they set security policy and design network infrastructure that includes passwords. The document includes: User authentication and passwords, Security threats, Human factors, Composition rules, Changing and reusing passwords, Secrecy, Intruder detection, Encryption, Synchronisation, User support and Windows passwords.
    
    

16. Platform for Privacy Preferences (P3P) Project
    Category: Access Management
    
    The Platform for Privacy Preferences Project (P3P) enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents will allow users to be informed of site practices (in both machine- and human-readable formats) and to automate decision-making based on these practices when appropriate. Thus users need not read the privacy policies at every site they visit.
    
    

17. Security Assertion Markup Language (SAML)
    Category: Access Management
    
    SAML is an XML framework for exchanging authentication and authorization information. This specification defines the syntax and semantics for XML-encoded Security Assertion Markup Language (SAML) assertions, protocol requests, and protocol responses. These constructs are typically embedded in other structures for transport, such as HTTP form POSTs and XML-encoded SOAP messages.
    
    

18. Shibboleth Attribute Release Policy Editor (ShARPE)
    Category: Access Management
    
    

    ShARPE is developed as part of the collaboration between MAMS and Shibboleth. MAMS allows for the integration of multiple solutions to managing authentication, authorisation and identities, together with common services for digital rights, search services and metadata management. The project provides an essential middleware component to increase the efficiency and effectiveness of Australia?s higher education research infrastructure. ShARPE's aim is to manage the creation and maintenance of user's attributes as defined by Attribute Release Policy (ARP) mechanism of Shibboleth. In particular, ShARPE allows admins and users to manage their release attribute policy in a way that conforms to the privacy and satisfaction of users.

    
    
    

19. Shibboleth Attribute Release Policy Editor (ShARPE)
    Category: Access Management
    
    ShARPE is developed as part of the collaboration between MAMS and Shibboleth. MAMS allows for the integration of multiple solutions to managing authentication, authorisation and identities, together with common services for digital rights, search services and metadata management. The project provides an essential middleware component to increase the efficiency and effectiveness of Australia?s higher education research infrastructure. ShARPE's aim is to manage the creation and maintenance of user's attributes as defined by Attribute Release Policy (ARP) mechanism of Shibboleth. In particular, ShARPE allows admins and users to manage their release attribute policy in a way that conforms to the privacy and satisfaction of users.
    
    

20. Shibboleth Project
    Category: Access Management
    
    Shibboleth, a project of Internet2/MACE, is developing architectures, policy structures, practical technologies, and an open source implementation to support inter-institutional sharing of web resources subject to access controls. In addition, Shibboleth will develop a policy framework that will allow inter-operation within the higher education community.
    
    

21. Sxip: Simple eXtensible Identity Protocol
    Category: Access Management
    
    Sxip 2.0 provides single sign-on access to different websites with only one username and password; user-centric verified identity: allows users to acquire and release verified 'assertions' around their identity, enabling them to create richer profiles of their online identity; and user choice supplying added privacy by enabling users to be actively involved in the release of the data they store in their identity profile.
    
    

22. TypeKey Authentication Protocol
    Category: Access Management
    
    TypeKey is a free, open system authentication service that allows distributed applications to handle log-ins in a simple and secure way, so that users only need one login across many TypeKey-enabled sites. TypeKey provides a central identity for posting comments on weblogs and logging into other websites. TypeKey enables users to verify and protect their identity on the web. Enabling TypeKey on your a site increases accountability for the content that appears on a weblog and stops comment spam. TypeKey is a pseudonymous system meaning that no personally identifying information is required to use it.
    
    

23. Windows CardSpace
    Category: Access Management
    
    

    Windows CardSpace (formerly 'InfoCard') is a Microsoft .NET Framework version 3.0 (formerly WinFX) component that provides a standards-based solution for working with and managing diverse digital identities. It is hardened against tampering and spoofing to protect the end user's digital identities and maintain end-user control.