Presentation is loading. Please wait.

Presentation is loading. Please wait.

4th Annual Conference on Technology and Standards Washington

Similar presentations


Presentation on theme: "4th Annual Conference on Technology and Standards Washington"— Presentation transcript:

1 Electronic Authentication, Authorization, and Identity Management: The PESC EA2 Task Force
4th Annual Conference on Technology and Standards Washington April 24, 2006 Charles F. Leonhardt Principal Technologist Georgetown University

2 EA2 Task Force: Defined Dramatically increase the number of users who have access to federated authentication and authorization in the United States and beyond Dramatically increase the number of applications / service providers that are EA2 capable Assist in the resolution of policy issues Assist in the resolution of technology and implementation issues Enhance awareness of EA2 initiatives Assist in current efforts wherever possible

3 EA2 Task Force: Membership
Rob Abel, IMS Global Learning Consortium Ellen Blackmun, NASFAA Tim Cameron, NCHELP/Project Meteor Charlie Coleman, FSA, U.S. Department of Education Larry Fruth, SIFA Ken Klingenstein, Internet2/InCommon Nancy Krogh, AACRAO Hans L’Orange, SHEOO Charlie Leonhardt, Georgetown Adele Marsh, AES/PESC Georgia Marsh, GSA/Federal E-Authentication Initiative Brett McDowell, Liberty Alliance David Temoshok, GSA/Electronic Authentication Partnership Steve Worona, EDUCAUSE

4 EA2 Task Force: Motivation
Our customers (students, parents, faculty, staff, alumni, donors, visitors) want: Everything Anywhere Anytime (i.e. “now”) They would like it delivered: Inexpensively or “free” Conveniently and painlessly (“don’t make me login 15 times to 15 different services) With guarantees of information security and privacy

5 EA2 Task Force: Federations
There is an excellent case for a federated approach for authentication (“I am who I say I am”) and authorization (“I can do this based on my role / location / other attributes as defined”) Federated approach implies trust and agreement among “service providers” (hosted applications) sites and “consumer” (provider of credentials) sites Internet2 middleware technology known as Shibboleth allows service providers to refer to consumer sites for authentication Once authenticated, a second referral is made to a consumer site to obtain attribute data to be used in making application authorization decisions An excellent example: the worldwide ATM network

6 EA2 Task Force: Shibboleth
Internet2 middleware initiative developed by a number of Universities and funded by NSF InCommon Federation formed – now has 50 members; info at Attempts to solve inter-institutional trust / authentication / authorization issues; has wide applicability among H.E. institutions and organizations that serve higher education Standards-based, open source implementation Policy based, trusted federations Common goal: use non-native, non-centralized, trusted “third party” authentication/authorization

7 EA2 Task Force: Key Problems
Trust has not yet been established between InCommon and the Federal E-Auth Initiative Policy and Procedural Issues (particularly around identity management and “levels of assurance”) are unresolved Variability in the deployment of Identity Management systems Easy-to-use toolkits to connect identity management systems to federated environments are not generally available Challenges in the deployment of open source environments for EA2 Variability in implementation of Credential Management Policies and Procedures

8 EA2 Task Force: Towards a Solution
Shibboleth 2.0 (including SAML 2.0) to be released this quarter NIST is publishing revisions to Credential Assessment Framework and associated levels of assurance Willingness on the part of FSA/US Dept of Education to EA2 enable their applications (limited in scope) Higher Education needs to work with the vendor community to embed EA2 services in Applications (Google, Apple, Publishers, VLEs, and many business applications) Establishment of inter-federation trust Assist in policy issues whenever and wherever possible

9 EA2 Task Force: Future Monthly Conference Calls
Policy Development Work Pilot Projects Convincing Government Agencies, Commercial application providers, Open Source Initiatives, and K-20 computing environments to embed EA2 frameworks within as many applications as possible Work on deploying tools and methods to expand EA2 initiatives Increasing awareness of the importance of EA2 frameworks to achieve the level of customer service and security that we all envision


Download ppt "4th Annual Conference on Technology and Standards Washington"

Similar presentations


Ads by Google