1 access control and the student career mark norman, systems development and support team, oucs
TRANSCRIPT
1
Access Control and the student career
Mark Norman,Systems Development and
Support Team, OUCS
2
Sysdev @ OUCS
• What do we do?
• Apart from authentication/authorisation services…• Email (Herald)
• Mailing lists system administration
• Web hosting sysadmin
• Linux shell service
• Version control (support for web sites and coding projects)
• Software mirror downloads
• News services
• Virtual learning environment (VLE – Weblearn) sysadmin
• Wikis sysadmin (for OUCS)
• Alumni e-mail forwarding service sysadmin
• Lots of dull back-end stuff for resilience and backup etc.
3
Students and access control
• How many usernames and passwords do students need?
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
4
Kerberos is the answer
• (Yes, the 3 headed dog!)• Kerberos (and Webauth) has meant that the following all
work from one username/password pair
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
5
Kerberos is the answer
○ Not the complete answer (still need some other accounts)
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
◦ The following are all managed using the SSO system
◦ Password management is done via Webauth
6
Kerberos is the answer
○ Athens is being superseded by Shibboleth (uses Kerberos/Webauth)
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
7
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
Kerberos is the answer
○ A lot more web based services are now using Webauth
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
8
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
Kerberos is the answer
○ Some desktop systems can use kerberos cross-realm trust (e.g. Active Directory)
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….
9
• Student Information Systems – self service
• Webmail
• College services
• Departmental services
• Athens (for external library resources)
• Desktop management systems
Kerberos is the answer
○ And we have high hopes for Oracle too!
• HFS Backup password (graduates)
• Help centre username/password
• Weblearn
• Library resources/OXAM (VPN for)
• Personal web space
• Accounts for downloading software (e.g. Sophos, VPN clients)
• And Facebook, itunes, myspace etc. etc….