• USO logo
  • USO

USO

Identity management and authentication

Service Pack: Core Service

Subject: Safeguarding

Unified Sign-On (USO) gives every member of staff and pupil within a subscribing establishment a single username and password that simplifies and securely controls access to all supported services and resources.

One secure key for all services and resources

USO is a secure Identity Provider and authentication system that gives a single username and password to every relevant pupil and staff member in a subscribing school, Local Authority (LA) or Regional Broadband Consortium (RBC). The system has been in use for over ten years and is an integral part of TRUSTnet wherever they are delivered. Currently USO is in use by some 1.8 million individual users in schools and Local Authorities around the UK.

Award winning solution

In 2005, Atomwide integrated USO with Internet2’s Shibboleth® authentication system as part of a pilot project managed by the London Grid for Learning on behalf of Becta. The project went on to win the Computing Awards for Excellence 2006 Public Sector Project of the Year award.

Following the success of this project USO is, to this day, the only Identity Provider used across the LGfL estate of 33 London boroughs and their 2000+ schools.

Shibboleth

Rated highly for its standards-based, privacy-preserving approach, Shibboleth® is now the recommended solution to the authentication and authorisation needs of all UK education sectors, through the UK Access Management Federation which was formed by Becta in conjunction with JISC and JANET (UK).

In its role as an Identity Provider (for both Shibboleth and non-Shibboleth applications) USO’s key purpose is to create and manage unique user account profiles and credentials that can guarantee clear identification of an individual, in the context of any query raised in response to those credentials being presented to a Service Provider (also whether that be Shibboleth or non-Shibboleth).

Personalised experience

In USO’s second role, that of an authentication platform, USO must be able to respond appropriately to any subsequent query to determine whether or not to grant, or advise of the eligibility for, access to secured or otherwise restricted services, applications and resources, and to use the profile data to personalise the end user’s experience of online applications wherever appropriate. In many, but not all, instances, the aim is to enable a user to access services wherever they are entitled, but without revealing any more of the user’s status, location, or identity, than is absolutely necessary and as previously agreed between Atomwide and the provider. This applies equally whether or not the application being accessed uses Shibboleth.

Secure access to services and resources away from school

USO is applied specifically to services being accessed ‘off-net’ where licensing or other access restrictions may need to be applied, or anywhere the individual’s identity is required to complete the online experience (such as with email services, etc.). It is bypassed where on-net access is being employed and where IP authentication is sufficiently informative for the Service Provider to grant access. The accompanying Educational Content and Resources information showcases a wide range of resources that are available to school staff and pupils whilst in school (‘on-net’) via the National Education Network and also away from school (‘off-net’) via USO account credentials.

All TRUSTnet subscribing schools will be allocated USO accounts for staff and pupils as part of the core service package.

TRUSTnet