100 likes | 190 Views
Update of Japanese Academic Access Management Federation GakuNin in 2011. Nakamura, M, Yamaji, K. History. Number of Members. GakuNin Update in FY2011. Operation Registration System In detail by next speaker Assessment of Administration/Operations of IdP GakuNin Training Course
E N D
Update of Japanese Academic Access Management Federation GakuNin in 2011 Nakamura, M, Yamaji, K.
GakuNin Update in FY2011 • Operation • Registration System • In detail by next speaker • Assessment of Administration/Operations of IdP • GakuNin Training Course • For Academic: 3 times • For Commercial Vendor: 2 times • GakuNin CAMP • Collaboration with e-learning consortium • Collaboration with OpenID Summit Tokyo • GakuNin Symposium in March • R&D • VO platform • Developing more secured protocol • DS • Deploying GakuNin embedded DS to domestic SPs • uApprove.jp • In detail by next speaker
Level of Assurance Authentication focuses on verifying a person’s identity based on the reliability of a credential offered. • Level 1 • Little or no confidence in asserted identity • e.g. self identified user/password, essentially a persistent identifier • Level 2 • Some confidence in asserted identity • e.g. PIN/Password, used frequently for self service applications • Level 3 • High confidence in asserted identity • e.g. digital cert, used to access restricted data • Level 4 • Very high confidence in the asserted identity • e.g. Smart Card, used to access highly restricted data How sure am I that you are who you say you are? requests Level-1
Introduction of LoA to GakuNin • Integrate NIH’s PubMed as a GakuNin SP • PubMed request Level 1 • IdPs in GakuNin need to obtain Level I in accordance with FICAM(Federal Identity, Credential, and Access Management). • GakuNin have to be a Trust Framework Provider to be able to issue the Level 1 to GakuNin IdPs • It’s a long way. Is there any magic? • MoA between NII and NIH, which states GakuNin’s policy is Level 1 comparable at least.
History of PubMed Connection • 2010 October • Access to PubMed manager then requested Level 1 condition • 2010 Nobember • Review for level 1 on GakuNin side. (realized it is a bit complecated) • 2011 January • Teleconference with NIH in order to look for more easy way to integrate • 2011 February • First Version of MoA • 2011 March • Prepare required policy document on GakuNin Side • 2011 from April to August • Prepare required attachment such as “interpretation of our policy” • 2011 September • Regular Survey on Administration/Operation of IdPs Regular Survey on Administration / Operation of IdPs (Self Assessment) • 2011 October • Signed by NII then …
Service Classification Depending on Authentication Level Relatively Simple Services Secure Services Student Service Registration Certificate Facility Usage Attendance School Record Education &Research Edu. Affairs Researcher DB Faculty Office Work Time Manage Bulletin Board Financial Personnel Facility Usage Application Sanction DB Access Welfare Program & Healthcare Inspection Health Record Value Point e-Money Personal Money, Killer Application Library Service Entrance Rent Book e-journal Modified from the slide by Prof.Nagai at Tao of Attribute meeting in Kyoto (2011-12-02)
Beyond Level 1 • Japanese Grant Application System e-Rad will be shibbolized in 2013. • e-Rad have its own IdP and SP first. • By using the IdP e-Rad will SSO with researchers’ e-CV system in order to pull applicant’s publication lists from e-CV to e-Rad. • GakuNin’sIdPs also be able to connect • After 2014? • May request more trusted IdPs than Level 1 Pure SAML system
Future Work • Level 1 TFP by OIX, then Level 2 • Service Provider • GakuNin ready commercial wireless network: WiMAX (recently started) • University site license is required • Security Policy e-Learning • Cloud, Cloud and Cloud • More applications which request ePA • GakuNin IdP -> OpenID Connect RP