1. Who needs a Healthcare Federation?
Phil Leahy
Service Relationship Manager
2. Access management in the UK and beyond
• A mixed economy
• IP authentication
• Publisher username/password
• Referral URL
• Form post
• Parameterised login
3. Access management in the UK and beyond
• A mixed economy
• OpenAthens
• SAML/Shibboleth
• …
• Some publishers support ~15 different access
methods
5. Federations – how do they work?
• Similar group with common goal
• Set of rules
6. Federations – how do they work?
• Common goal
• Set of rules
• Provide access
7. Federations – how do they work?
• Common goal
• Set of rules
• Provide access
• Add value
8. What’s the purpose of a federation?
• Participating organisations and/or a service provider
trust the information received from one another
• Seamless access to information
• Secure communication
• Sharing at the organisational and end user levels
9. Why do we need federations?
• Simplify access
• Ease management
• Provide a framework and drive economies of scale
• Power to the ‘Community’ !
11. Who can be a federation?
Courtesy Creative Commons Flickr : Shlomi Fish, Marc_Smith, jjorogen
12. Who can be a federation?
• Sector or market driven
• Bounded by territories.
Courtesy of http://www.internet2.edu/pubs/national_federations.pdf
13. Who can be a federation?
BUT NOT ALWAYS
Courtesy of http://www.internet2.edu/pubs/national_federations.pdf
14. Who can be a federation?
Canadian
Access UK Access
FEIDE
Federation Management
(Norway)
Fédération
OpenAthens
(Canada)
US
(InCommon)
Federation for
Éducation-
IDEM (Italy)
SIR (Spain)
Education and
Recherche
Research
(France)
CARSI GakuNin
(China) (Japan)
Federation CAFe
(Brazil)
AAF
(Australia)
Courtesy of http://www.internet2.edu/pubs/national_federations.pdf
15. Eduserv’s Athens federation
1994 2000 2008 2009 2010 2011 Today…
• Athens • Athens • Athens • 33% of the • US • US Navy • > 2,000
developed & adopted by became Australian Department of Medicine organizations
first web NHS England OpenAthens healthcare Veteran Information use
service in the UK market adopts Affairs USA Systems OpenAthens
launched OpenAthens adopts Support • > 4 million
- SAH OpenAthens Agency users
- DoH Victoria adopts worldwide
OpenAthens • > 60
Healthcare
customers
alone
16. OpenAthens
Federation
Service
Providers Users/
Identity
IP authentication libraries
Providers
OpenAthens
Publisher username/password
SAML
Referral URL
Shibboleth
Form post
OpenID
Parameterised login
OAuth
etc…
17. Why can’t healthcare organisations join UKFed?
• They can, but the NHS is…
• a large, complex organisation
• subject to structural change
• therefore difficult to manage in the ‘classic’ federation
model
18. Publishers in the OpenAthens Federation
• Elsevier (ScienceDirect and Scopus)
• Oxford University Press
• Taylor and Francis
• Informa
• Thomson Reuters (Web of Knowledge)
• ProQuest
19. OpenAthens Healthcare Federation
• Comprised of both Identity Providers and Similar groups
Service Providers Common goal
• Common licence/membership terms Set of rules
• Inter-federation support/operability Provide access
• Multi-federation management interface Add value
• Based on the OpenAthens service. Add value.
20. In summary…
• OpenAthens users can now:
• access more than just OpenAthens-compliant
licensed resources
• access to SAML/Shibboleth-protected resources is
now a reality for non-academic organisations
22. Thank you
Follow us on Twitter: @openathens
Find out more about Healthcare Federations
http://www.flickr.com/photos/crystaljingsr/3914729343
Editor's Notes
Managing access to subscription resources has long involved a mix of technologies. Librarians have had to juggle a rotating list of tools in order to help their users connect to their organisation’s subscription resources, and publishers are also required to support what seems a large number of different technologies.
Some of you may have heard of the terms SAML/Shibboleth, especially if you work closely with colleagues in the higher education sector. Many UK academic institutions have adopted this technology as a means of connecting users to subscription resources, but some librarians could be forgiven for thinking that this is just the latest arrival in what seems like a steady stream of initiatives.However, OpenAthens and SAML/Shibboleth have attempted to help aggregate access to resources by enabling users with a single set of credentials, and these have been successful to a large degree. A major role is played by all participating organisations agreeing to abide by a common set of rules and operating principles, whether they are publishers, universities and colleges, or healthcare organisations. These groups of common interests now tend to be called federations.
Most access management federations tend to have membership profiles that don’t deviate too far from each other, e.g. many federations have memberships dominated by the academic sector, or shared source of funding, or both. They also have a common goal: simplifying access to electronic resources.
Most federations also have a common set of technical rules that all members must adhere to. This means it should “all just work”, and that is because all members are working to the same technical rules. This means that publishers know what format of data attributes to expect when a user logs in…
…so once a publisher has enabled your organisation’s subscription, your users will be able to get in seamlessly
The value for organisations derives from managing access to more of your organisation’s subscription content within a single mechanism without having to:Notify publishers when your network’s IP address range changesDistribute and manage a publisher’s usernames and passwordsOrganisations using OpenAthens are already getting this value.There are also benefits for publishers: the fewer technologies and access methods they are required to support, the lower their costs are.
In practice, federation membershipallows members to trust the information it receives from other members, e.g. a publisher can be assured that the user is a student at the University of Strathclyde, or that the user is a consultant at the Southern General Hospital. This provides seamless access to resources via secure communication channels, because the information about the user is owned and managed by their home organisation, rather than relying on the broad brush lack of accountability that IP authentication or other methods give.Another advantage that is often claimed for federations is that they remove most of the roadblocks to collaboration and sharing at both the institutional and end user levels. It is true that the technology used by most federations makes those activities easier to deploy, but the potential for such activities has not yet been exploited as fully as expected.
By requiring all participants to abide by the same technical rules of implementation, a number of benefits accrue from federations:they simplify access for users by providing a familiar user journey across a range of different resources. For example, Athens login links are available on almost every major publisher websitethe management overhead is often lower because organisations are reusing existing credentials and mechanismsthis framework drives economies of scale, and opens up opportunities for federation members to collectively say “we are all using this now”. This helps drives the adoption of commonly-used technologies, which has worked for OpenAthens, and also for the UK Access Management Federation.
In technical terms, a single organisation can call itself a federation…
…or a federation can be a group of organisations, such as a local consortium or a more widely dispersed group…
…
All the federations illustrated here have national boundaries, and most of them share one other feature: an academic centre of gravity. This is due for the most part to the way the federations are funded, but the net effect is that the healthcare sector has been excluded from participating. That is, until now.
The OpenAthens federation has been in existence since 1994, and is recognised as the first implementation of federated login. So it predates the UK Access Management Federation by more than ten years. 190 publishers now use OpenAthens software to protect access to their content, and some of them are using our software to obtain SAML/Shibboleth compliance.
So this is how the landscape has traditionally been divided. Here are the traditional technologies that are still widely used.The Athens service used to be about just one thing: Athens. But it’s a proprietary technology, and the emergence of SAML/Shibboleth has led Eduserv to acquire expertise in other access management technologies that it has incorporated into its own products and services.This adds value for all users of OpenAthens products and services, because they are not locked into ‘old’, legacy technology – Athens has a lot of traction and isn’t going anywhere, but the service has now been enhanced so that organisations that join the OpenAthens Federation will be able to use their OpenAthens accounts to access SAML/Shibboleth-protected content. OpenAthens is no longer a self-contained ecosystem, and the OpenAthens Federation is not restricted to one technology type – in the OpenAthens Federation, OpenAthens users can gain access to SAML/Shibboleth-protected resources.
It’s a large complex organisation, which is not a problem on its own, but…Most federations have strict rules about how their members are represented in technical terms to other federation membersthese rules assume a degree of stability that the NHS has not had for some time
Most of the major publishers already working with OpenAthens have committed to joining the OpenAthens Federation by the end of 2012. For some of these publishers, the only way OpenAthens users will be able to connect to their services is via the OpenAthens Federation
Comprised of both Identity Providers (medical schools, hospitals, social care organisations, pharmaceutical companies etc.) and Service Providers (publishers)Common licence/membership termsBased on an OpenAthens serviceInter-federation support/operabilityMulti-federation management interface.
This releases (a) OpenAthens identity providers from the restriction of accessing OpenAthens-compliant licensed resources only, and (b) enables access to OpenAthens-compliant resources for SAML/Shibboleth identity providers.
Until now, federated access management has appeared to be the preserve of the academic sector. The OpenAthens Federation has changed that; any organisation can take advantage of the benefits that an access management federation can bring.