GakuNin: Federated Identity Management Activities in Japan Takeshi Nishimura/Academic Authentication Systems Office National Institute of Informatics
Most of Major Publishers 2009/8/5 An Academic Identity Federation in Japan Build up new ICT infrastructure to support R&E based on SSO technologies Provides trust framework (technologies, policies and assessment) Towards value added services (academic discount, etc.) by collaboration with commercial Improves usability and security with continuous R&D (including multifactor/cert. auth.) Lib Services Web mail Groupware E-Learning SP Univ. A Univ. B Univ. C IdP GakuNinSteering Committee Federation Policy IdP Auditing Promotion Faculty Staff Student Inter University Unified Campus Auth Identity Provider Service Attributes E-Journals Privacy-Preserved Info. Web Site Registration Sys. Metadata Repo. Discovery Service Easy Access from out of Campus Seamless access with SSO Reduction of ID management cost, Improvement of security Academic Federations have been established per country basis Content Services Application Services Admin Services eLearning ePortfolio Most of Major Publishers 2 Foodle
Number of IdPs/SPs (As of Oct. 2017) #IdP Users #SPs 200 M Users 1.42M 153 pilot Production Japanese total HE population is about 3.7million National Public Private Junior College Tech. College Inter-Univ. Institute Other Total Participants 67 17 54 51 1 10 200 Ratio 78% 19% 9% 0% 89% # Total 86 91 600 343 57
History of GakuNin ID Federation 2008 Feasibility Study with test accounts Participants: 30 IdP sites and 18 SP sites (incl. Elsevier) 2009 Pilot Operation (UPKI-Fed) with real accounts and services Preparation of policy documents 2010 Production Operation started (As a 3 years project) Renamed as “GakuNin” 2012 US FICAM LoA-1 assessment for requested IdPs started by cooperation with OIX (Open Identity eXchange); (switched to Kantara in 2015) 2014 Shifted to an official service by NII Still no fee is required to join
Attributes 2010- 2014 2017 jasn jaGivenName mail jaDisplayName sn jao ou givenName displayName eduPersonAffiliation eduPersonPrincipalName eduPersonEntitlement eduPersonScopedAffiliation eduPersonTargetedID jasn jaGivenName jaDisplayName jao jaou 2014 isMemberOf gakuninScopedPersonalUniqueCode 2017 eduPersonAssurance eduPersonUniqueId eduPersonOrcid
GakuNin enquete (questionnaire) Annual self-audit for IdPs Our rules Operating Policies for GakuNin Participants System Administration Standards for the GakuNin Based on answers, GakuNin asserts grade A & B.
2009/8/5 eduGAIN as you know
GakuNin with eduGAIN GakuNin joined eduGAIN in 2013. With slight update of our rules Our IdPs/SPs joins eduGAIN by opt-in basis (still) We are preparing metadata two times per month.
Our motivation for eduGAIN Formerly, e-Journals Currently, ORCID
Current issues about eduGAIN Building filter settings for Shibboleth IdP How to provide Discovery Service for eduGAIN IdPs Are there Open IdPs in eduGAIN? <afp:AttributeFilterPolicy id="PolicyforCUP" xmlns:afp="urn:mace:shibboleth:2.0:afp"> <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="https://shibboleth.cambridge.org/shibboleth-sp" /> <afp:AttributeRule attributeID="eduPersonScopedAffiliation"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> </afp:AttributeFilterPolicy>