160 likes | 297 Views
UPKI ― Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure. Yasuo OKABE Academic Center for Computing and Media Studies, Kyoto University okabe@i.kyoto-u.ac.jp. Information Infrastructure Centers in the Seven Universities in JAPAN. Sapporo.
E N D
UPKI ―Inter-University Authentication and Authorization Platform for Japanese Cyber-Science Infrastructure Yasuo OKABE Academic Center for Computing and Media Studies, Kyoto University okabe@i.kyoto-u.ac.jp
Information Infrastructure Centers in the Seven Universities in JAPAN Sapporo Hokkaido University Information Initiative Center Kyoto University Academic Center for Computing and Media Studies Sendai Tohoku University Information Synergy Center Kyushu University Computing and Communications Center Kyoto Tokyo Nagoya University of Tokyo Information Technology Center Osaka Fukuoka National Institute of Informatics (NII) Nagoya University Information Technology Center Osaka University Cybermedia Center
1968~69 Established as supercomputercenters for nation-wide service 1981 Connected by commercial X.25 service 1986 Dedicated interuniversity X.25 network service was started by NACSIS (predecessor of NII) Federated Identity Management (~2004) Unified ID Online subscription to secondary centers 1988 JAIN (Japan Academic Inter-university Network) project started IP over X.25 1992 SINET, the academic Internet backbone service was started by NACSIS 2002 Operation of SuperSINET was started 2003 NAREGI (National Research Grid Initiative) project started Brief history of the federation among the Centers
NII: Toward Cyber-Science Infrastructure Next-generation Academic Information Infrastructure for Interuniversity Collaboration Cyber-Science Infrastructure GeNii (Global Environment for Networked Intellectual Information) NII-REO (Repository of Electronic Journals and Online Publications NAREGI (National Research Grid Initiative) International Collaboration Corporation with Industry UPKI: Authentication and Authorization Platform 北海道大学 SINET/SuperSINET National Academic Internet Backbone ★ ● ★ 東北大学 京都大学 ☆ ★ ★ ★ 東京大学 九州大学 ★ NII 名古屋大学 ★ 大阪大学 Fundamental Resources for Academic and Research Activities Education and Training / Encouraging Young Talent
UPKI: concept Authentication and Authorization platform for Cyber-Science Infrastructure in Japan • Targets various applications • SSO of Web services • Network service • wireless LAN roaming, VPN, public IP phone/Web terminals • Grid computing • Utilization PKI
UPKI: project member NII SINET Headquarter Authentication and Authorization Working Group • Yasuo Okabe, Kyoto University (chair) • Noboru Sonehara, NII (vice chair) • Yoshiaki Takai, Hokkaido University • Hideaki Sone, Tohoku University • Hiroyuki Sato, University of Tokyo • Yasushi Hirano, Nagoya University • Shinji Shimojo, Osaka University • Takahiro Suzuki, Kyushu University • Satoshi Matsuoka, Tokyo Institute of Technology • Setsuya Kawabata, KEK
Authentication for campus wireless LAN Bridge CA Mutual auth NII Mutual auth Certif. Prof. A CA Prof. A is visiting other univ. Roaming service RA Hokkaido Univ. CA Policy mapping Pub key registrar repository register Certf. PKI Campus LAN Campus Public Wireless AP authenticatio authorization PKI token (private key) user (Prof. A)
UPKI: requirements • Scalability • up to 800 universities in Japan • Centralized system will never work • Federated ID management is indispensable • Security against so many cyber attacks and increasing physical attacks • Privacy • Compliant to the law of privacy protection in Japan • Enforced since April 2005. • Mobility • Both students and professors may visit other universities • Cost • National Universities has become an independent agency since 2004.
UPKI: basic idea • Deployment of Grid/PKI middleware for national academic AA infrastructure • Management of faculty members, administrative staffs and students • Virtual Organizations (VO) like committees, research groups or academic societies should be supported • Targets all of • Educational activities like E-learning • Administrative works like exchange of credits among universities • Research activities like Grid computing • Other networking services like WLAN roaming and a single infrastructure is by all applications • AA based on Federated Identity Management is the key • PKI solves some authentication issues, but not all • PKI itself has many problems in deployment
NAREGI National Research Grid Initiative • http://www.naregi.org/ • collaboration projects among industry, academic sector and the government.
NAREGI Grid Middleware stack http://www.naregi.org/concept/index_e.html#05
NAREGI CA • A full-fledged CA (Certificate Authority) Software for PKI • Originally developed for Grid computing, but can be used for general purpose • Free open source software Version 1.0.1 is available at the download site http://www.naregi.org/download/
Comparison among CA softwares ○:available、×:not available、△:some restriction
Case study The Consortium of Universities in Kyoto http://www.consortium.or.jp/ • Consortium of 50 universities in Kyoto • 3 national, 2 prefectural, 2 municipal, 43 private • Most of them are in the center area of Kyoto City • Activities • Shared lecture rooms near JR Kyoto Shinkansen station. • Class for ordinary students, evening classes and classes for graduated adults • Open Web terminals, WLAN services • Exchange of credits among universities in very conventional manner • How academic AAI will help them?
UPKI: issues • How various services can be provided on a single AA infrastructure • Web services • Grid computing • Network services • Existing works • GridShib: Shibolleth for non-web-based applications • EduRoam campus wireless roaming service architecture • EGEE multi-VO support and delegation via MyProxy • E-authentication by the U.S. government • GPKI, LGPKI and JPKI for Japanese e-government How we learn from and how we can collaborate with?
Summary • UPKI national academic authentication and authorization infrastructure project has just started. • Conducted by NII and the information infrastructure centers in 7 universities • As a basis of CSI (Cyber Science Infrastructure), the next generation of SINET/SuperSINET • Actually, federated identity management is unavoidable even in a (big) university • And political issues also exist • We have started later, so we have get same advantage • International federation/collaboration is a very important issue.