01-01-2006: LGfL Wins Award
'Computing' Awards for Excellence 2006Public Sector Project of the Year
The London Grid for Learning (LGfL) has implemented a new authentication system, building on a proof of concept carried out for Becta and funded by the DfES. It provides a robust and secure authentication process based on the open source Internet 2 ‘Shibboleth’ solution for authentication.
The project launched on 28th June 2005. It is used to authenticate access to educational content held on regional servers and to access content from commercial providers - a ‘first’ for this age group and number of beneficiaries.
LGfL recieve the award
Without this use of technology, secure anywhere, anytime learning will be more difficult and more time consuming. The solution:
- Improves ease of access for learners and teachers to their resources and to collaborative tools.
- Enables secure access from any location.
- Reduces administrative burdens.
- Allows personalisation of learning.
- Reduces duplication (and hence cost to schools)
- Is scalable to allow user tracking, where agreed and as appropriate.
Through completing the Shibboleth implementation, learners and teachers in London are more able to benefit from the huge recent investment made in educational ICT.
This implementation of the Shibboleth standard on school-serving system is a world first, without parallel. Many countries are investigating or using Shibboleth for HE/FE and the LGfL school based solution has generated significant international interest.
The LGfL Shibboleth implementation allows organisations to authenticate their users securely. The system preserves privacy by using information about the user, without revealing the identity of the user.
The different ways of working that LGfL’s shibboleth implementation has introduced include:
- The use of ‘shared attributes’ rather than disclosing identities.
- Authentication concepts of ‘individual privacy’.
- The ‘where are you from’ or ‘WAYF’ service: The role of the WAYF service is crucial to the operation of a Shibboleth-compliant system and links the end-user, Service Provider and Identity Provider entities.
The LGfL designed and operates a WAYF robust and scaleable enough for London’s users, whilst being accessible to pupils and staff. This service, as a part of the whole shibboleth authentication solution, is unique, innovative and a world first for education.
The Shibboleth project was managed by LGfL from specification to deployment. It was extended to a full implementation with commercial partners and enabling a roll out to 1.2 million pupils. The full implementation was on time and to budget.
The following lessons were learnt for future shibboleth projects:
- There must be a trusted registration process to manage user access.
- Content usage must respect Digital Rights Management (DRM).
- There should be flexibility to allow purchases at the school and potentially on a ‘per individual’ basis.
- Infrastructure should be location-independent to permit access from homes or libraries as well as institutions.
- The user experience needs to be simple.
- There will have to be ‘trust’ between users, providers and infrastructure managers.
- Effective lines of communication are needed at all levels between commercial partners to ensure success for all.
- Adequate timescales for communication to end users detailing the reasons for change and what the changes might mean are essential.
- The challenges of integrating third party open source software into existing legacy systems are not to be underestimated
Return on Investment:
Learners and teachers across the entire London region now access securely a variety of content and services using just one username and password.
This access can happen in school or out, and enables learning and preparation for learning to take place online - anywhere, anytime.
An investment of less than 20 pence per user has opened up fast, easy and secure access for all of London’s school community, to the full benefit of the £40 million investment in regional broadband infrastructure and services.
Specific improvements for the LGfL user base are outlined in section 1.
Increasing numbers of content providers have enabled their content to be accessed through Shibboleth authentication. This increase has extended and is continuing to extend the reach of anywhere, anytime learning for London’s learners.
The project is being extended nationally. Because of the success of this project, LGfL is assisting Becta with the development of:
- Build specifications: creating the Identity Provider, Service Provider and WAYF build specifications and the specifications for end-user connectivity, physical environment and security.
- Security requirements: outlining solutions for all the security issues surrounding the implementation of a national service.
- Data protection and Contractual SLAs for shibboleth partners.
The project is now set to empower anywhere, anytime access for learners across England and the UK.