Friday, September 21, 2007

Shibboleth is coming, Athens is on the way out

What does this mean for UK academic institutions ?

Shibboleth is the common name for a new method of authentication, which is expected to have significantly replaced the use of Athens by this time next year. To the user, Shibboleth functions exactly the same as AthensDA; the user is only required to login to their local institution, and then they will be able to access electronic resources to which they are entitled without a further login. In order to provide Shibboleth capability, institutions will have to install software known as a Shibboleth Identity Provider, and join the UK Access Management Federation.

Institutions may instead choose not to implement Shibboleth, and stay with Athens. However after July 2008 they will have to pay a fee to Eduserv to use Athens, as JISC will no longer be funding it. In order that their users can access resources protected purely by Shibboleth, such institutions will have to use the Athens-to-Shibboleth gateway, and they will also have to join the UK Access Management Federation.

Mimas is planning to only provide Shibboleth interfaces, and no longer Athens ones, for its authenticated services after July 2008, for the same funding reason. (Note that IP authentication will remain an option where it is currently provided by Mimas.)

Some services may still only provide Athens interfaces after July 2008, but institutions that have switched to Shibboleth will be able to access such services via the Shibboleth-to-Athens gateway (at no extra cost).

Therefore the important message for all UK academic institutions is: if you haven't done so already, join the UK Access Management Federation as soon as possible (it's free), and seriously consider implementing a Shibboleth Identity Provider. Decide what route you are going to take, and test it with as many resources as possible, well before July next year. Whichever route you take will have cost and/or resource implications, and you may need to inform service providers which route you have chosen. If you do nothing, your users may lose access to many electronic resources.

More information is available from the JISC and UK Access Management Federation websites.

1 comment:

Ed Zedlewski, CIO Eduserv said...

To suggest that Athens is on its way out and that institutions need to choose between Athens and Shibboleth is misleading.

The choice that institutions face today is between joining the UK Access Management Federation by developing and managing their own in-house Shibboleth identity provider solution, or to join the federation through a third party who can manage this and support it for them.

Eduserv has developed OpenAthens, to provide fully supported access to Federation and Athens-protected resources at the same time as embracing new access and identity management standards as they are emerging. OpenAthens is available to institutions as a managed service. The cost of the annual subscription compares very favourably with the implementation, ongoing management and support costs associated with going it alone, thanks to the economies of scale derived from the shared service model on which it is based. Institutions will migrate seamlessly from Athens to OpenAthens and many will choose this route as the most cost effective method for participating in the Federation.

Support for the current Athens service will also be maintained for hundreds of thousands of users outside the UK, particularly in the US, and organisations such as the NHS to enable over 257,000 NHS staff and students to gain secure single sign-on to online resources under a new five-year agreement with Eduserv see

Beyond costs, joining the Federation via a third party brings additional benefits centred around guaranteed service level agreements to ensure secure and continued access to vital resources for staff and students on a 24/7 basis.