Skip to content

Access to EDINA Services after 31st July 2008

(1 August 2009)

Notice to Support Staff

If you support the use of EDINA online services, then this document contains important information for you regarding logging in to, and authenticating against, EDINA services. These changes are the result of the lapsed agreement by which JISC contracted Eduserv to provide Athens access management to JISC-funded resources, including EDINA services. This agreement terminated on 31st July 2008. A detailed statement from the Director of EDINA explaining the consequences of this decision for EDINA's services appears in the Spring 2008 edition of Newsline.

Access to EDINA services controlled by IP Address only

If you or your users authenticate to EDINA services solely by IP address, then you need read no further: the changes will not have affected you.

Access to EDINA services using Athens

If you or your users previously logged in to EDINA services using Athens, please note that this mechanism is no longer available. Since 31st July 2008, the buttons to "Login via Athens" have been removed from the following EDINA services:

You and your users will need to use Shibboleth access management instead. Within the UK, Shibboleth access management is provided by the UK Access Management Federation, a JISC-funded initiative.

Using Shibboleth to gain access to EDINA services

Users at institutions using Shibboleth to access EDINA and other protected services will have done so either by having installed their own Identity Provider (IdP) service or by having subscribed to an outsourced IdP service, such as Eduserv's OpenAthens. When the user logs into a protected EDINA service using Shibboleth, their nominated IdP service is automatically contacted to obtain and provide the necessary access credentials. These are then passed to the EDINA service for verification in the normal way.

User Accountability

Some Shibboleth-protected services, including Digimap and Jorum, require the IdP to guarantee that a use of the protected service can be traceable back to the originating user. This requirement, known as "User Accountability", is usually a consequence of licensing conditions.

Whether an IdP asserts User Accountability or not is a property of the IdP and a consequence of the organisation's internal procedures. Users attached to an IdP which does not assert User Accountability will not be able to gain access to any service that requires it.

Here is a current list of IdPs asserting user accountability.

Status of EDINA services

All of EDINA services have been converted to accept Shibboleth logins. The access mechanisms supported by EDINA services are described at http://edina.ac.uk/access. The technical requirements of the EDINA Shibboleth enabled services are described at http://edina.ac.uk/read/shibboleth.html

Access to resources using gateway services

This document is primarily about EDINA resources. Users of non-EDINA resources should contact the appropriate service provider for details of the service's access and authentication requirement after 31st July 2008. However, Eduserv has committed to providing gateway services to allow non-Shibboleth users to log in to Shibboleth-protected resources (Athens-to-Shibboleth gateway) and to allow Shibboleth users to log in to resources that do not use Shibboleth access management (Shibboleth-to-Athens gateway). These gateway services are by subscription.

Service Personalisation

Users in institutions who are moving from Athens or Athens DA to to running their own in-house Identity Provider (IdP) for UK federation access from 1 August 2008 will lose many of the personalisation features. More information.

Previous versions of this document