|
Athens is an Access and Identity Management service that is supplied by Eduserv to provide single sign-on to protected resources combined with full user management capability. Organisations adopting the Athens service can choose between the Classic Athens service, where usernames are held by Eduserv, or Local Authentication where usernames are held locally and security tokens are exchanged via a range of protocols: SAML, Shibboleth or Athens Devolved Authentication (AthensDA) [1]. Over 4.5 million users worldwide can gain access to over 300 protected online resources via the Athens service. Authentication (Greek: αυθεντικός = real or genuine, from authentes = author ) is the act of establishing or confirming something (or someone) as authentic, that is, that claims made by or about the thing are true. ...
Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider. ...
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. ...
Athens replaces the multiple usernames and passwords necessary to access subscription based content with a single username and password that can be entered once per session. It operates independently of a user’s location or IP address.
Infrastructure
There are two main elements to Athens. Firstly, the ability to manage large numbers of users, their credentials, and associated access rights, in a devolved manner where administration can be delegated to organisations, or within an organisation. Secondly, Athens provides a managed infrastructure which facilitates the exchange of security tokens across domains in a secure and trusted way. Several types of security tokens. ...
Trust The Athens service is a trust federation where Identity Providers, Service Providers and Athens operate under common rules and licenses. Trust is enforced by the use of public-key cryptography and other security mechanisms. Federated Identity has two general meanings: The virtual reunion, or assembled identity of a persons user information (or principal), stored across multiple distinct identity management systems. ...
Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key. ...
Trust is enforced at the Identity Provider through an appointed administrator who uses browser-based tools provided as part of the Athens service to manage their user accounts in a truly federated manner. Accounts can be grouped into categories with different attributes, and given access to different sets of resources.
The Athens service is neutral; it is not involved in the selling process between a Service Provider (SP) and an Identity Provider (IdP). The SP informs Athens when access to its resource is to be enabled to an IdP, and Athens then allows the IdP to allocate the resource to appropriate user accounts.
Adoption Athens is used extensively within UK Higher and Further Education institutions, the UK National Health Service, and in more than 90 countries worldwide. It has been adopted by over 2,000 organisations, and over 300 online resources since it was first launched in 1996. Over 4.5 million accounts are now registered with Athens. The majority of IdPs use Classic Athens; however more than 60 organisations, representing around one million users have now moved to the fully federated Local Authentication model.
Standards Once SAML became a ratified standard, Athens adopted SAML and Shibboleth interfaces to the Athens system to facilitate inter-working with a larger number of systems. The Athens service now offers SAML and Shibboleth connectivity for both IdPs and SPs through Gateways, whilst the native SAML protocols are being implemented. Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains, that is, between an identity provider and a service provider. ...
Shibboleth is an Internet2 Middleware Initiative project that has created an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML. Federated identity allows for information about users in one security domain to be provided to other organizations in a common federation. ...
Attributes Athens makes a number of attribute relating to its organisations and its user accounts available to its Service Providers through its agent technology. These are generally organisation-related as in the case of the ‘issuing organisation identity number’ or ‘issuing organisation country’, or pseudonymous like the persistent unique identifier for a user account.
Attribute-based authorisation Athens user management facilities, whether for Classic or Locally Authenticated users, allow the administrator to allocate a different set of resources to each user account. This provides fine-grained authorisation for resources. However, the ability to deliver attributes through the agent technology will offer a long term ability to authorise based on attributes, when attributes and their meaning are commonly understood by IdPs and SPs. In security engineering and computer security, authorization, is a part of the operating system that protects computer resources by only allowing those resources to be used by resource consumers that have been granted authority to use them. ...
Trivia The service was originally named Athena after the Greek god of knowledge and learning. It is rumoured that the name change was partially caused by a common typo, but it was actually due to the name Athena being already trademarked. Consequently, Athens is not an acronym and doesn't need capital letters.
External links - Athens corporate site
- Firefox browser extension
| 
Feeds |
Contact