The UK federation
- Revised Access Grid Login Procedure
- Revised Access Grid Registration Procedure

The UK federation

The UK Access Management Federation for Education and Research enables secure access to external services using the same username and password as for local services at your institution. This facility is not available at every institution so you should only choose to login or register … via the UK federation when it is locally recommended.

The federation uses the standards-based Shibboleth software, a distributed web-based authentication and authorisation solution which has been developed as part of the Internet2 initiative in the academic community. It is already in operation in a number of locations and is being adopted in order to provide improved authentication and authorisation services for the JVCS booking service. Follow the link for more information about how it works.

Both the Login and Registration procedures have been modified to exploit the benefits of Shibboleth but, for those who prefer, the old procedures will continue to exist side by side with the new.

The essential purpose of Shibboleth is to identify you, as a bona fide user recognised as such by you home organisation, and to furnish you with credentials which identify and characterise you. These credentials are carried in a web browser cookie which, while they endure, will be presented automatically to Shibboleth protected services in order to identify you. Access to such services will be permitted (or denied) without the requirement for any further user dialog.

To enable the JVCS Booking Service to exploit Shibboleth, it is required that certain attributes be release by participating Identity providers. The attributes help page describes those attributes currently used by the booking service.

Revised Access Grid Login Procedure

If you are a registered service user, follow the link to login … via the UK federation; this will lead you to “The UK Access Management Federation” page.
Choose your home organisation, either from the list, or from recent selections
Sign-on with the subsequent dialog presented by your home organisation.
You will now be presented with a variation on the standard login dialog with some explanatory notes concerning Shibboleth initial login.
Login to the booking service using your normal booking service credentials. This will lead to your booking service home page.
While your shibboleth credentials remain current, subsequent attempts to login to the booking service via the UK federation will lead you straight to your home page.
If your Shibboleth credentials expire, you will need to sign-on again with your home organisation.

Revised Access Grid Registration Procedure

Before registering, you should review the Flash Guide which describes the normal registration process.
To register for the booking service, follow the link to register … via the UK federation; this will lead you to “The UK Access Management Federation” page.
Choose your home organisation, either from the list, or from recent selections
Sign-on with the subsequent dialog presented by your home organisation.
Unless you are already registered to use one of the other ja.net booking services, in which case this step will be skipped, you will now be presented with the registration dialog inviting you to enter your personal details. Depending upon the Shibboleth attribute release policy of your home organisation, the dialog may appear with values proposed for some of the fields.
If your personal details are accepted, you will be led through a further sequence of dialogs which permit you to specify details of your organisation, and access grid node.
On successful completion of the foregoing, you will be presented with a summary of your registration request for your approval. If, at this stage you chose to submit your registration, it will be referred to the administrator of your chosen venue for their approval. You will be notifed their decision by email.
Once your registration has been approved, you will be able to login to the service using either the normal login procedure or the Shibboleth login procedure, described above.