Athens access and identity management

From Wikipedia, the free encyclopedia

Athens is an Access and Identity Management service that is supplied by Eduserv to provide single sign-on to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the Classic Athens service, where usernames are held by Eduserv, or Local Authentication where usernames are held locally and security tokens are exchanged via a range of protocols: SAML, Shibboleth or Athens Devolved Authentication (AthensDA) [1]. Over 4.5 million users worldwide can gain access to over 300 protected online resources via the Athens service.

Athens replaces the multiple usernames and passwords necessary to access subscription based content with a single username and password that can be entered once per session. It operates independently of a user’s location or IP address.

Contents

There are two main elements to Athens. Firstly, the ability to manage large numbers of users, their credentials, and associated access rights, in a devolved manner where administration can be delegated to organisations, or within an organisation. Secondly, Athens provides a managed infrastructure which facilitates the exchange of security tokens across domains in a secure and trusted way.

The Athens service is a trust federation where Identity Providers, Service Providers and Athens operate under common rules and licenses. Trust is enforced by the use of public-key cryptography and other security mechanisms.

Trust is enforced at the Identity Provider through an appointed administrator who uses browser-based tools provided as part of the Athens service to manage their user accounts in a truly federated manner. Accounts can be grouped into categories with different attributes, and given access to different sets of resources.

The Athens service is neutral; it is not involved in the selling process between a Service Provider (SP) and an Identity Provider (IdP). The SP informs Athens when access to its resource is to be enabled to an IdP, and Athens then allows the IdP to allocate the resource to appropriate user accounts.

Athens is used extensively within JISC (UK Higher and Further Education institutions), the UK National Health Service, and in more than 90 countries worldwide. It has been adopted by over 2,000 organisations, and over 300 online resources since it was first launched in 1996. Over 4.5 million accounts are now registered with Athens. The majority of IdPs use Classic Athens; however more than 60 organisations, representing around one million users have now moved to the fully federated Local Authentication model.

Once SAML became a ratified standard, Athens adopted SAML and Shibboleth interfaces to the Athens system to facilitate inter-working with a larger number of systems. The Athens service now offers SAML and Shibboleth connectivity for both IdPs and SPs through Gateways, whilst the native SAML protocols are being implemented.

Athens makes a number of attributes relating to its organisations and its user accounts available to its Service Providers through its agent technology. These are generally organisation-related as in the case of the ‘issuing organisation identity number’ or ‘issuing organisation country’, or pseudonymous like the persistent unique identifier for a user account.

Athens user management facilities, whether for Classic or Locally Authenticated users, allow the administrator to allocate a different set of resources to each user account. This provides fine-grained authorisation for resources. However, the ability to deliver attributes through the agent technology will offer a long term ability to authorise based on attributes, when attributes and their meaning are commonly understood by IdPs and SPs.

The service was originally named Athena after the Greek god of knowledge and learning. It is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked. Consequently, Athens is not an acronym and doesn't need capital letters.

Retrieved from "http://en.wikipedia.org../../../a/t/h/Athens_access_and_identity_management.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.