1 / 9

Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force

Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force. 4 th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University leonhardt@georgetown.edu. EA2 Task Force: Defined.

margaretan
Download Presentation

Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force 4th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University leonhardt@georgetown.edu

  2. EA2 Task Force: Defined • Dramatically increase the number of users who have access to federated authentication and authorization in the United States and beyond • Dramatically increase the number of applications / service providers that are EA2 capable • Assist in the resolution of policy issues • Assist in the resolution of technology and implementation issues • Enhance awareness of EA2 initiatives • Assist in current efforts wherever possible

  3. EA2 Task Force: Membership • Rob Abel, IMS Global Learning Consortium • Ellen Blackmun, NASFAA • Tim Cameron, NCHELP/Project Meteor • Charlie Coleman, FSA, U.S. Department of Education • Larry Fruth, SIFA • Ken Klingenstein, Internet2/InCommon • Nancy Krogh, AACRAO • Hans L’Orange, SHEOO • Charlie Leonhardt, Georgetown • Adele Marsh, AES/PESC • Georgia Marsh, GSA/Federal E-Authentication Initiative • Brett McDowell, Liberty Alliance • David Temoshok, GSA/Electronic Authentication Partnership • Steve Worona, EDUCAUSE

  4. EA2 Task Force: Motivation • Our customers (students, parents, faculty, staff, alumni, donors, visitors) want: • Everything • Anywhere • Anytime (i.e. “now”) • They would like it delivered: • Inexpensively or “free” • Conveniently and painlessly (“don’t make me login 15 times to 15 different services) • With guarantees of information security and privacy

  5. EA2 Task Force: Federations • There is an excellent case for a federated approach for authentication (“I am who I say I am”) and authorization (“I can do this based on my role / location / other attributes as defined”) • Federated approach implies trust and agreement among “service providers” (hosted applications) sites and “consumer” (provider of credentials) sites • Internet2 middleware technology known as Shibboleth allows service providers to refer to consumer sites for authentication • Once authenticated, a second referral is made to a consumer site to obtain attribute data to be used in making application authorization decisions • An excellent example: the worldwide ATM network

  6. EA2 Task Force: Shibboleth • Internet2 middleware initiative developed by a number of Universities and funded by NSF • InCommon Federation formed – now has 50 members; info at http://incommonfederation.org • Attempts to solve inter-institutional trust / authentication / authorization issues; has wide applicability among H.E. institutions and organizations that serve higher education • Standards-based, open source implementation • Policy based, trusted federations • Common goal: use non-native, non-centralized, trusted “third party” authentication/authorization

  7. EA2 Task Force: Key Problems • Trust has not yet been established between InCommon and the Federal E-Auth Initiative • Policy and Procedural Issues (particularly around identity management and “levels of assurance”) are unresolved • Variability in the deployment of Identity Management systems • Easy-to-use toolkits to connect identity management systems to federated environments are not generally available • Challenges in the deployment of open source environments for EA2 • Variability in implementation of Credential Management Policies and Procedures

  8. EA2 Task Force: Towards a Solution • Shibboleth 2.0 (including SAML 2.0) to be released this quarter • NIST is publishing revisions to Credential Assessment Framework and associated levels of assurance • Willingness on the part of FSA/US Dept of Education to EA2 enable their applications (limited in scope) • Higher Education needs to work with the vendor community to embed EA2 services in Applications (Google, Apple, Publishers, VLEs, and many business applications) • Establishment of inter-federation trust • Assist in policy issues whenever and wherever possible

  9. EA2 Task Force: Future • Monthly Conference Calls • Policy Development Work • Pilot Projects • Convincing Government Agencies, Commercial application providers, Open Source Initiatives, and K-20 computing environments to embed EA2 frameworks within as many applications as possible • Work on deploying tools and methods to expand EA2 initiatives • Increasing awareness of the importance of EA2 frameworks to achieve the level of customer service and security that we all envision

More Related