90 likes | 107 Views
Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force. 4 th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University leonhardt@georgetown.edu. EA2 Task Force: Defined.
E N D
Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force 4th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University leonhardt@georgetown.edu
EA2 Task Force: Defined • Dramatically increase the number of users who have access to federated authentication and authorization in the United States and beyond • Dramatically increase the number of applications / service providers that are EA2 capable • Assist in the resolution of policy issues • Assist in the resolution of technology and implementation issues • Enhance awareness of EA2 initiatives • Assist in current efforts wherever possible
EA2 Task Force: Membership • Rob Abel, IMS Global Learning Consortium • Ellen Blackmun, NASFAA • Tim Cameron, NCHELP/Project Meteor • Charlie Coleman, FSA, U.S. Department of Education • Larry Fruth, SIFA • Ken Klingenstein, Internet2/InCommon • Nancy Krogh, AACRAO • Hans L’Orange, SHEOO • Charlie Leonhardt, Georgetown • Adele Marsh, AES/PESC • Georgia Marsh, GSA/Federal E-Authentication Initiative • Brett McDowell, Liberty Alliance • David Temoshok, GSA/Electronic Authentication Partnership • Steve Worona, EDUCAUSE
EA2 Task Force: Motivation • Our customers (students, parents, faculty, staff, alumni, donors, visitors) want: • Everything • Anywhere • Anytime (i.e. “now”) • They would like it delivered: • Inexpensively or “free” • Conveniently and painlessly (“don’t make me login 15 times to 15 different services) • With guarantees of information security and privacy
EA2 Task Force: Federations • There is an excellent case for a federated approach for authentication (“I am who I say I am”) and authorization (“I can do this based on my role / location / other attributes as defined”) • Federated approach implies trust and agreement among “service providers” (hosted applications) sites and “consumer” (provider of credentials) sites • Internet2 middleware technology known as Shibboleth allows service providers to refer to consumer sites for authentication • Once authenticated, a second referral is made to a consumer site to obtain attribute data to be used in making application authorization decisions • An excellent example: the worldwide ATM network
EA2 Task Force: Shibboleth • Internet2 middleware initiative developed by a number of Universities and funded by NSF • InCommon Federation formed – now has 50 members; info at http://incommonfederation.org • Attempts to solve inter-institutional trust / authentication / authorization issues; has wide applicability among H.E. institutions and organizations that serve higher education • Standards-based, open source implementation • Policy based, trusted federations • Common goal: use non-native, non-centralized, trusted “third party” authentication/authorization
EA2 Task Force: Key Problems • Trust has not yet been established between InCommon and the Federal E-Auth Initiative • Policy and Procedural Issues (particularly around identity management and “levels of assurance”) are unresolved • Variability in the deployment of Identity Management systems • Easy-to-use toolkits to connect identity management systems to federated environments are not generally available • Challenges in the deployment of open source environments for EA2 • Variability in implementation of Credential Management Policies and Procedures
EA2 Task Force: Towards a Solution • Shibboleth 2.0 (including SAML 2.0) to be released this quarter • NIST is publishing revisions to Credential Assessment Framework and associated levels of assurance • Willingness on the part of FSA/US Dept of Education to EA2 enable their applications (limited in scope) • Higher Education needs to work with the vendor community to embed EA2 services in Applications (Google, Apple, Publishers, VLEs, and many business applications) • Establishment of inter-federation trust • Assist in policy issues whenever and wherever possible
EA2 Task Force: Future • Monthly Conference Calls • Policy Development Work • Pilot Projects • Convincing Government Agencies, Commercial application providers, Open Source Initiatives, and K-20 computing environments to embed EA2 frameworks within as many applications as possible • Work on deploying tools and methods to expand EA2 initiatives • Increasing awareness of the importance of EA2 frameworks to achieve the level of customer service and security that we all envision