Athens access and identity management
Encyclopedia
Athens is an Access and Identity Management service based in the United Kingdom
that is supplied by Eduserv
to provide single sign-on
to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the Classic Athens service, where usernames are held by Eduserv, or Local Authentication where usernames are held locally and security tokens are exchanged via a range of protocols
: SAML
, Shibboleth
or Athens Devolved Authentication (AthensDA) http://www.athensams.net/local_auth/athensda/. Over 4.5 million users worldwide can gain access to over 300 protected online resources via the Athens service.
Athens replaces the multiple usernames and passwords necessary to access subscription based content with a single username and password that can be entered once per session. It operates independently of a user’s location or IP address
.
s across domains in a secure and trusted way.
where Identity Providers, Service Providers and Athens operate under common rules and licenses. Trust is enforced by the use of public-key cryptography
and other security mechanisms.
Trust is enforced at the Identity Provider through an appointed administrator who uses browser-based tools provided as part of the Athens service to manage their user accounts in a truly federated manner. Accounts can be grouped into categories with different attributes
, and given access to different sets of resources.
The Athens service is neutral; it is not involved in the selling process between a Service Provider (SP) and an Identity Provider (IdP). The SP informs Athens when access to its resource is to be enabled to an IdP, and Athens then allows the IdP to allocate the resource to appropriate user accounts.
, and in more than 90 countries worldwide. It has been adopted by over 2,000 organisations, and over 300 online resources since it was first launched in 1996. Over 4.5 million accounts are now registered with Athens. The majority of IdPs use Classic Athens; however more than 60 organisations, representing around one million users have moved to the fully federated Local Authentication model.
In 2006 Athens was represented at the Medical Library Association Annual Meeting. Since then hospital libraries in the United States have begun using Athens as method for providing off campus access to library resources.
became a ratified standard, Athens adopted SAML and Shibboleth
interfaces to the Athens system to facilitate inter-working with a larger number of systems. The Athens service offers SAML and Shibboleth connectivity for both IdPs and SPs through Gateways where native connectivity is not practical.
for resources. However, the ability to deliver attributes through the agent technology will offer a long term ability to authorise based on attributes, when attributes and their meaning are commonly understood by IdPs and SPs.
, the service was originally named Athena
after the Greek goddess of knowledge and learning. It is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked.
As from 1996, the service has had two periods of significant expansion. The first in 2000 due to a central contract that made the service freely available to almost all UK Higher and Further education sites, and the second in 2003 when adopted by the UK National Health Service
.
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
that is supplied by Eduserv
Eduserv Foundation
The Eduserv Foundation was a UK nonprofit educational charity that worked to realise the benefits of Information and Communications Technology for learners, researchers and the institutions that serve them....
to provide single sign-on
Single sign-on
Single sign-on is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them...
to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the Classic Athens service, where usernames are held by Eduserv, or Local Authentication where usernames are held locally and security tokens are exchanged via a range of protocols
Communications protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications...
: SAML
SAML
Security Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider...
, Shibboleth
Shibboleth (Internet2)
Shibboleth is an Internet2 project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language . Federated identity allows for information about users in one security domain...
or Athens Devolved Authentication (AthensDA) http://www.athensams.net/local_auth/athensda/. Over 4.5 million users worldwide can gain access to over 300 protected online resources via the Athens service.
Athens replaces the multiple usernames and passwords necessary to access subscription based content with a single username and password that can be entered once per session. It operates independently of a user’s location or IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
.
Infrastructure
There are two main elements to Athens. Firstly, the ability to manage large numbers of users, their credentials, and associated access rights, in a devolved manner where administration can be delegated to organisations, or within an organisation. Secondly, Athens provides a managed infrastructure which facilitates the exchange of security tokenSecurity token
A security token may be a physical device that an authorized user of computer services is given to ease authentication...
s across domains in a secure and trusted way.
Trust
The Athens service is a trust federationFederated identity
A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems....
where Identity Providers, Service Providers and Athens operate under common rules and licenses. Trust is enforced by the use of public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
and other security mechanisms.
Trust is enforced at the Identity Provider through an appointed administrator who uses browser-based tools provided as part of the Athens service to manage their user accounts in a truly federated manner. Accounts can be grouped into categories with different attributes
Attribute (computing)
In computing, an attribute is a specification that defines a property of an object, element, or file. It may also refer to or set the specific value for a given instance of such....
, and given access to different sets of resources.
The Athens service is neutral; it is not involved in the selling process between a Service Provider (SP) and an Identity Provider (IdP). The SP informs Athens when access to its resource is to be enabled to an IdP, and Athens then allows the IdP to allocate the resource to appropriate user accounts.
Adoption
Athens is used extensively within UK Higher and Further Education institutions, the UK National Health ServiceNational Health Service
The National Health Service is the shared name of three of the four publicly funded healthcare systems in the United Kingdom. They provide a comprehensive range of health services, the vast majority of which are free at the point of use to residents of the United Kingdom...
, and in more than 90 countries worldwide. It has been adopted by over 2,000 organisations, and over 300 online resources since it was first launched in 1996. Over 4.5 million accounts are now registered with Athens. The majority of IdPs use Classic Athens; however more than 60 organisations, representing around one million users have moved to the fully federated Local Authentication model.
In 2006 Athens was represented at the Medical Library Association Annual Meeting. Since then hospital libraries in the United States have begun using Athens as method for providing off campus access to library resources.
Standards
Once SAMLSAML
Security Assertion Markup Language is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider...
became a ratified standard, Athens adopted SAML and Shibboleth
Shibboleth (Internet2)
Shibboleth is an Internet2 project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on Security Assertion Markup Language . Federated identity allows for information about users in one security domain...
interfaces to the Athens system to facilitate inter-working with a larger number of systems. The Athens service offers SAML and Shibboleth connectivity for both IdPs and SPs through Gateways where native connectivity is not practical.
Attributes
Athens makes a number of attributes relating to its organisations and its user accounts available to its Service Providers through its agent technology. These are generally organisation-related as in the case of the ‘issuing organisation identity number’ or ‘issuing organisation country’, or pseudonymous like the persistent unique identifier for a user account.Attribute-based authorisation
Athens user management facilities, whether for Classic or Locally Authenticated users, allow the administrator to allocate a different set of resources to each user account. This provides fine-grained authorisationAuthorization
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
for resources. However, the ability to deliver attributes through the agent technology will offer a long term ability to authorise based on attributes, when attributes and their meaning are commonly understood by IdPs and SPs.
History
Conceived in 1996 at the University of BathUniversity of Bath
The University of Bath is a campus university located in Bath, United Kingdom. It received its Royal Charter in 1966....
, the service was originally named Athena
Athena
In Greek mythology, Athena, Athenê, or Athene , also referred to as Pallas Athena/Athene , is the goddess of wisdom, courage, inspiration, civilization, warfare, strength, strategy, the arts, crafts, justice, and skill. Minerva, Athena's Roman incarnation, embodies similar attributes. Athena is...
after the Greek goddess of knowledge and learning. It is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked.
As from 1996, the service has had two periods of significant expansion. The first in 2000 due to a central contract that made the service freely available to almost all UK Higher and Further education sites, and the second in 2003 when adopted by the UK National Health Service
National Health Service
The National Health Service is the shared name of three of the four publicly funded healthcare systems in the United Kingdom. They provide a comprehensive range of health services, the vast majority of which are free at the point of use to residents of the United Kingdom...
.