ICCE2009 Poster

854 views
764 views

Published on

Authentication and Authorization exchange for University Federation.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
854
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ICCE2009 Poster

  1. 1. Authentication and Authorization exchange for University Federation † M Nakagawa † † †† † † K Kanenishi K Matsuura Y Miyoshi H Mitsuhara Y Yano † †† The University of Tokushima Kochi University 1. Background 3. Shibboleth Informatization of higher education Features Federations • Open source Name Country Introduction of many web systems • Developed by Internet2 InCommon United States • MACE Project SWITCHaai Switzerland e-Learning utilization System cooperation • SAML implementation DFN-AAI Germany • Distributed infrastructure UK Federation United Kingdom Increase convenience Complex management Other federations... • Building federation Merit Demerit Components 2. Problem User Organization • Many passwords • Scattered identity • Each authentication • Synchronization ‣ Manage identity ‣ Protect resource ‣ Find organization ‣ Authentication ‣ Query attribute ‣ Multiple IdPs ‣ Release attribute ‣ Control access ‣ SAML feature How to solve? Identity Provider Service Provider Discovery Service 4. Extension Authorization exchange Anonymous user • Rewrite attribute Why? • Reduce operations • Decrease traceability Unidentify • Between SP and web system • Rule maintenance • For questionnaire System A Different identities • System architecture • SP side < IdP side • One time account Image • Mapping server • Authentication processing • Each identity Access restriction System B • Library called by web system • User normalization • Activity restriction Prototype ‣ Pattern matching 1 DS Request/Response Process ‣ Regular expression AuthnRequest 2 Abbrev ‣ String Redirect 3 System 5 3 4 ‣ XML base Internal Assertion 4 Attribute’ UUID or NO 1 6 AuthnRequest SP Mapped result 3 SP side IdP side ‣ UUID is user identifier side Library 2 Web server Attribute ‣ Lock inactivates account Session 10 SSO Attribute Initiator Authority 1 Attribute 8 11 9 4 Web 2 Asserion 7 Authn Lock Interface UUID Consumer Credential Handler Assertion Service Attribute Tomcat Account Anonymous Mapping server Service Provider Manager IdP 5. Future work Formulation Development Practical use ‣ New federation in Japan • Federation policy • Anonymous user • ek4 federation ‣ 8 universities • Extensionʼs specification • Reference implementation • Share educational materials ‣ e-Learning, HRD, etc...

×