Why Teams call analytics are critical to your entire business
ICCE2009 Poster
1. Authentication and Authorization exchange for University Federation
†
M Nakagawa
† † †† † †
K Kanenishi K Matsuura Y Miyoshi H Mitsuhara Y Yano
† ††
The University of Tokushima Kochi University
1. Background 3. Shibboleth
Informatization of higher education Features Federations
• Open source Name Country
Introduction of many web systems • Developed by Internet2 InCommon United States
• MACE Project SWITCHaai Switzerland
e-Learning utilization System cooperation • SAML implementation DFN-AAI Germany
• Distributed infrastructure UK Federation United Kingdom
Increase convenience Complex management Other federations...
• Building federation
Merit Demerit
Components
2. Problem
User Organization
• Many passwords • Scattered identity
• Each authentication • Synchronization
‣ Manage identity ‣ Protect resource ‣ Find organization
‣ Authentication ‣ Query attribute ‣ Multiple IdPs
‣ Release attribute ‣ Control access ‣ SAML feature
How to solve? Identity Provider Service Provider Discovery Service
4. Extension
Authorization exchange Anonymous user
• Rewrite attribute Why? • Reduce operations • Decrease traceability
Unidentify
• Between SP and web system • Rule maintenance • For questionnaire System A
Different identities
• System architecture • SP side < IdP side • One time account Image
• Mapping server • Authentication processing • Each identity Access restriction
System B
• Library called by web system • User normalization • Activity restriction Prototype
‣ Pattern matching 1
DS Request/Response Process
‣ Regular expression AuthnRequest
2 Abbrev
‣ String Redirect 3
System 5 3
4
‣ XML base Internal
Assertion
4 Attribute’ UUID or NO
1
6 AuthnRequest SP
Mapped result 3 SP side IdP side ‣ UUID is user identifier
side
Library
2 Web server Attribute
‣ Lock inactivates account
Session 10 SSO
Attribute Initiator Authority
1 Attribute 8
11
9
4
Web 2
Asserion
7 Authn Lock Interface UUID
Consumer Credential Handler
Assertion
Service Attribute Tomcat Account Anonymous
Mapping server Service Provider
Manager IdP
5. Future work
Formulation Development Practical use ‣ New federation in Japan
• Federation policy • Anonymous user • ek4 federation ‣ 8 universities
• Extensionʼs specification • Reference implementation • Share educational materials ‣ e-Learning, HRD, etc...