Presentation is loading. Please wait.

Presentation is loading. Please wait.

A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton,

Published byBrendan Wakely Modified over 9 years ago

Similar presentations

Presentation on theme: "A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton,"— Presentation transcript:

1 A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton, BostonU gettes@cmu.edu Common Solutions Group May, 2014

2 In the beginning… Essentially no security on the Internet 1980’s, 1990’s various HE Univs pursue central ID stores. Andrew, Athena, others? 1991 – BITNET-III, a project to use home Univ creds to access remote modem pools and central bill the Univ – FAIL!

3 And then… 1994/6 – slapd emerges from uMich – Many Universities initiate LDAP services – 1998 OpenLDAP project started Most of uMich slapd team moves to Netscape First common mechanism exposing IDs emerge from various Universities in late 1990s Public Key + LDAP – cost effective “I” in PKI PKI first seen as 18 months away… (ha ha !)

4 Many SSO … Various SSO efforts: – MIT Kerberos – Yale CAS – Michigan CoSign – Washington PubCookie – Many WebAuth – Duke, Stanford, ??? WebISO – Initial Sign-On (cuz, SSO deemed not wise) – families of apps for Sign-On. CMU named their SSO WebISO using pubcookie (oops!).

5 September 1999 Directories, Identifiers, AuthN (DIA) “Early Harvest” – various University geeks, herded by Ken Klingenstein, met in Denver to start discussions around Identity Mgmt and Access problems. No volunteers for work except RL “Bob” Morgan. During dinner… first ideas of inter-org AuthN/AuthZ on the web discussed. Seeds for what would later become Shibboleth planted. Glueworkers: RL “Bob” Morgan, Mark Poepping, Michael Gettes, Bob Brentrup, Alan Crosswell, David Wasley, Paul Hill, Frank Grewe, Keith Hazelton, Steve Kellogg, Daniel Arrasjid, Bill Doster, Mark Bruhn, Steve Worona. Planning group: Morgan, Gettes, Carmody, Poepping, KJK

6 And then… 1998/9: MACE formed – first projects: DoDHE, eduPerson, Shibboleth proposal (generated from uWash Internet2 meeting). First minutes: May 22, 2000 – interesting read. MACE guides I2MI – and the work begins! – HEPKI collaboration with i2-PKILabs, VidMid (H.323), eduPerson, Shibboleth, GRID collab starts, JA-SIG collab, LDAP Recipe, URN/OID Registry, evangelism!!! Fed/Ed PKI meetings – HEBCA – Bridged PKI

7 U.S. Federal Viewpoint (2002-04) HSPD-12 (Homeland Security Presidential Directive 12): President Bush, August 2004: mandatory gov-wide secure IDs for all employees + contractors. Yielded NIST FIPS 201 – PIV – using PKI, LDAP/X.500 and friends. Fed E-Auth initiative by NIST spawns SP-800-63, guidance to implement OMB-04-04, in support of HSPD-12 pending. – This is where LoA 1-4 come from – guidance and technical controls. – InCommon Bronze/Silver != Fed 1-4 but comparable

8 NSF Middleware (NMI-EDIT) 2002 - 2006 – Supposed to be collab between I2MI and GRID. GRID got the $$$. We produced software that worked. Produced tons of stuff. Regular software package releases of many components. Documentation + experiences. TIER Version 1? – Can’t say enough good stuff about NMI-EDIT

9 We have much InCommon 2004 – InCommon is born. IBM tried to patent Shib/SAML. We have email with our IP. SAML largely developed by RLBob and Scott Cantor (editor). 10 Years later… InCommon is critical infrastructure to many Universities. CMU relies on InCommon for local federation. A huge success story! Born from “US”. Core group but many made it work well.

10 What worked/works… Shibboleth, simpleSAMLphp, SAML 2.0 by vendors – social2SAML gateways emerging LDAP (eduPerson, LDAP-Recipe) Grouper – still no vendor product like it. Middleware Research – See KJK work CAMPs (Always sold out). Global reach. Global Collaborations – critical to success! NMI-EDIT – made so much happen! InCommon! InCommon! InCommon! – Certificates service fashioned after Euro deal on certs – ~600 participants (>400 HE), >7.5M users, 10 years!

11 Not so much… Signet – a Priv Mgmt System… didn’t take off. DoDHE – Directory of Directories – “Wait, our public data will be THAT public? NO!” USHER – Root CA for HE (and HEBCA) – Couldn’t get it in the browsers! No $$$$ Voice/Video + AuthN/Z – still proprietary. EDDY – Distributed Diagnostics. Good ideas, but InCommon Bronze, Silver, Gold Assurance Levels. PKI is STILL only 18 months away!

12 It wouldn’t be possible without these People… In no particular order: Keith Hazelton (Wisconsin), Steve Carmody (Brown), Mark Poepping (CMU), Michael Gettes (various/All), Ann West (MTU/Internet2), David Wasley (UCOP/retired), Tom Barton (Memphis/Chicago), Renee Shuey (PSU), Scott Cantor (The Ohio State), Jim Jokl (uVa), Scotty Logan (Stanford/missing), Frank Grewe (Minn), Paul Hill (MIT/ind), Von Welch (IU/ind), & Ken Klingenstein (Internet2) Various liaisons from around the world and …

13 RL “Bob” Morgan (Stanford/Wash) We still miss him very much !!

14 And we move on… Shibboleth Consortium formed (funding?) REFEDs – locus for R+E Federation Operators CommIT project – change how students apply to college nationally Scalable Privacy Grant (KJK will discuss) IAM Test-bed emerging MFA – Multi-Factor Authentication everywhere Provisioning and integration – practices for all Still, so much to do… – Trusted Identity in Education and Research (TIER)

15 And the Survey says …

Download ppt "A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton,"

Similar presentations

Dr Ken Klingenstein Director, Internet2 Middleware and Security Emerging Infrastructure for Collaboration: Next Generation Plumbing.

Dr Ken Klingenstein Director, Internet2 Middleware and Security Emerging Infrastructure for Collaboration: Next Generation Plumbing.
04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.

May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University

Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.

NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Welcome to CAMP Shibboleth Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP Shibboleth Ken Klingenstein, Director, Internet2 Middleware Initiative.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.

Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.

Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.

Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.

Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.

Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.

US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.

Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.
Shibboleth Update a.k.a. “shibble-ware”

Shibboleth Update a.k.a. “shibble-ware”
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl

1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.

The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.

Similar presentations

Ads by Google