A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton,

Slides:



Advertisements
Similar presentations
Dr Ken Klingenstein Director, Internet2 Middleware and Security Emerging Infrastructure for Collaboration: Next Generation Plumbing.
Advertisements

04 June 2002, TERENA, Limerick MACE: Directories at Work Keith Hazelton, Senior IT Architect, Univ. of Wisconsin-Madison Chair, MACE-Dir Working Group.
PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.
May 06, 2002 Getting Started with Digital Certificates: Is PKI-Lite Real PKI? Internet2 Spring Meeting 2002 Wash, DC.
Internet2 Middleware BASE CAMP slides Michael R. Gettes Principal Technologist Georgetown University
NSF Middleware Initiative: Managing Identity on Campus Michael R Gettes, Duke University Tom Barton, University of Chicago.
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
Welcome to CAMP Shibboleth Ken Klingenstein, Director, Internet2 Middleware Initiative.
Welcome to CAMP! Ken Klingenstein, Director, Internet2 Middleware Initiative.
Shibboleth: How It Relates to SAML Marlena Erdos Aug 27, 2001.
Practices from the Field NSF Middleware Initiative: Identity and Privilege Management Model Michael Gettes, Duke University Jim Phelps, UW-Madison EDUCAUSE.
Update on federations, PKI, and federated PKI for US feds and higher eds Tom Barton University of Chicago.
Drive-By Dialogues. Presenter’s Name Topics The Long Strange Trip of I2 – NLR Merger A Brief Comment on Optical Networking Middleware Developments Security.
US Higher Ed PKI Activities Internet2/EDUCAUSE ++ TF-EMC2 November, 2004 Amsterdam Michael R Gettes, Duke University TF-EMC2 November, 2004 Amsterdam Michael.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Welcome to CAMP Leveraging Campus Authentication Across Boundaries Workshop Ann West NMI-EDIT Outreach Michigan Tech/EDUCAUSE/Internet2.
Shibboleth Update a.k.a. “shibble-ware”
1 11 th Fed/Ed PKI Meeting Some quick updates from recent HEPKI-TAG and SURA work Jim Jokl
The Rise of Collaborative Tools Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
Welcome to CAMP Identity Management Integration Workshop Ann West NMI-EDIT EDUCAUSE/Internet2.
EDUCAUSE PKI Working Group Where Are We and Where are We Going.
PKI: Glue of Middleware Michael R Gettes, Duke University CAMP Enterprise Authentication Michael R Gettes, Duke University CAMP Enterprise Authentication.
Jack Suess, CIO University of Maryland, Baltimore County April 5, 2009.
Maturation & Convergence in Authentication & Authorization Services in US Higher Education: Keith Hazelton, Sr. IT Architect, University.
1 The InCommon Federation John Krienke Internet2 Spring Member Meeting Tuesday, April 25, 2006.
Current Activities in Middleware Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
InCommon as Infrastructure: How Recommended Practices and Federation Features Help Scale Federated Identity Management Michael R. Gettes, Carnegie Mellon.
InCommon Town Hall Meeting 19 October Town Hall Meeting When, in some obscure country town, the farmers come together to a special town-meeting,
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
NSF Middleware Initiative Renee Woodten Frost Assistant Director, Middleware Initiatives Internet2 NSF Middleware Initiative.
Shibboleth A Federated Approach to Authentication and Authorization Fed/Ed PKI Meeting June 16, 2004.
Shibboleth Update RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes, Georgetown Keith.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Shibboleth Update Advanced CAMP 7/31/02 RL “Bob” Morgan, Washington Steven Carmody, Brown Scott Cantor, Ohio State Marlena Erdos, IBM/Tivoli Michael Gettes,
Shibboleth Authenticate Locally, Act Globally A Penn State Case Study Renee’ Shuey May 4, 2004 ITS – Emerging Technologies.
Internet2 Middleware PKI: Oy-vey! Michael R. Gettes Principal Technologist Georgetown University
Credentialing in Higher Education Michael R Gettes Duke University CAMP, June 2005, Denver Michael R Gettes Duke University
The Golden Age of Plywood Ken Klingenstein Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado at Boulder.
HEBCA Overview CSG, uWash, 2002 Michael R Gettes Georgetown University
January 9, 2002 Internet2 WebISO Project RL "Bob" Morgan, University of Washington.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
February 1, 2002 Internet2 Middleware Initiative and MACE RL "Bob" Morgan, University of Washington.
Middleware Futures Internet2 Member Meeting Arlington VA, April 2006 RL “Bob” Morgan, University of Washington and Internet2.
University of Washington Identity and Access Management IEEAF – RENU Network Design Workshop Seattle - 29 Nov 2007 Lori Stevens, Director, Distributed.
05 October 2001 Directories: The Next Stage Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect University.
Middleware CAMP Feb Welcome Welcome to the Camp, I guess you all know why we're here. Tommy, by Pete Townsend, The Who We're not gonna take it Never.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Current Middleware Picture Tom Barton University of Chicago Tom Barton University of Chicago.
Middleware and Muddleware: A Progress Report Ken Klingenstein, Project Director, Internet2 Middleware Initiative Chief Technologist, University of Colorado.
October 2, 2001 Middleware: Pieces and Processes RL "Bob" Morgan, University of Washington.
Shibboleth Authenticate Locally, Act Globally A Penn State Case Study.
2-Oct-0101 October 2001 Directories as Middleware Keith Hazelton, Senior IT Architect University of Wisconsin-Madison Keith Hazelton, Senior IT Architect.
Welcome to CAMP Directory Workshop Ken Klingenstein, Internet2 and University of Colorado-Boulder.
CAMP Shibboleth: Next Steps Steve Carmody, Brown University Ann West, Educause/Internet2/Michigan Tech.
Interfederation: From Demo to Eternity RL “Bob” Morgan, University of Washington and Internet2 Internet2 Member Meeting, Chicago December, 2006.
01 October 2001 “...By Any Other Name…”. Consequences and Truths (Ken) The Pieces and the Processes (Bob) Directories (Keith) Shibboleth and SAML (Scott)
LIGO Identity and Access Management
Vidmid Session Overview
Internet2 Middleware: What’s In It For You
Current Activities in Middleware
Virtual organization support services:
Middleware CAMP June 2002 _______________________________________________________________.
Exploring and Supporting
Michael R Gettes, Duke University On behalf of the shib project team
Open Source Web Initial Sign-On Packages
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
Internet2 Member Meeting
Renee Woodten Frost Assistant Director Internet2 Middleware Initiative
Presentation transcript:

A very brief history of Identity in Higher Education a short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton, BostonU Common Solutions Group May, 2014

In the beginning… Essentially no security on the Internet 1980’s, 1990’s various HE Univs pursue central ID stores. Andrew, Athena, others? 1991 – BITNET-III, a project to use home Univ creds to access remote modem pools and central bill the Univ – FAIL!

And then… 1994/6 – slapd emerges from uMich – Many Universities initiate LDAP services – 1998 OpenLDAP project started Most of uMich slapd team moves to Netscape First common mechanism exposing IDs emerge from various Universities in late 1990s Public Key + LDAP – cost effective “I” in PKI PKI first seen as 18 months away… (ha ha !)

Many SSO … Various SSO efforts: – MIT Kerberos – Yale CAS – Michigan CoSign – Washington PubCookie – Many WebAuth – Duke, Stanford, ??? WebISO – Initial Sign-On (cuz, SSO deemed not wise) – families of apps for Sign-On. CMU named their SSO WebISO using pubcookie (oops!).

September 1999 Directories, Identifiers, AuthN (DIA) “Early Harvest” – various University geeks, herded by Ken Klingenstein, met in Denver to start discussions around Identity Mgmt and Access problems. No volunteers for work except RL “Bob” Morgan. During dinner… first ideas of inter-org AuthN/AuthZ on the web discussed. Seeds for what would later become Shibboleth planted. Glueworkers: RL “Bob” Morgan, Mark Poepping, Michael Gettes, Bob Brentrup, Alan Crosswell, David Wasley, Paul Hill, Frank Grewe, Keith Hazelton, Steve Kellogg, Daniel Arrasjid, Bill Doster, Mark Bruhn, Steve Worona. Planning group: Morgan, Gettes, Carmody, Poepping, KJK

And then… 1998/9: MACE formed – first projects: DoDHE, eduPerson, Shibboleth proposal (generated from uWash Internet2 meeting). First minutes: May 22, 2000 – interesting read. MACE guides I2MI – and the work begins! – HEPKI collaboration with i2-PKILabs, VidMid (H.323), eduPerson, Shibboleth, GRID collab starts, JA-SIG collab, LDAP Recipe, URN/OID Registry, evangelism!!! Fed/Ed PKI meetings – HEBCA – Bridged PKI

U.S. Federal Viewpoint ( ) HSPD-12 (Homeland Security Presidential Directive 12): President Bush, August 2004: mandatory gov-wide secure IDs for all employees + contractors. Yielded NIST FIPS 201 – PIV – using PKI, LDAP/X.500 and friends. Fed E-Auth initiative by NIST spawns SP , guidance to implement OMB-04-04, in support of HSPD-12 pending. – This is where LoA 1-4 come from – guidance and technical controls. – InCommon Bronze/Silver != Fed 1-4 but comparable

NSF Middleware (NMI-EDIT) – Supposed to be collab between I2MI and GRID. GRID got the $$$. We produced software that worked. Produced tons of stuff. Regular software package releases of many components. Documentation + experiences. TIER Version 1? – Can’t say enough good stuff about NMI-EDIT

We have much InCommon 2004 – InCommon is born. IBM tried to patent Shib/SAML. We have with our IP. SAML largely developed by RLBob and Scott Cantor (editor). 10 Years later… InCommon is critical infrastructure to many Universities. CMU relies on InCommon for local federation. A huge success story! Born from “US”. Core group but many made it work well.

What worked/works… Shibboleth, simpleSAMLphp, SAML 2.0 by vendors – social2SAML gateways emerging LDAP (eduPerson, LDAP-Recipe) Grouper – still no vendor product like it. Middleware Research – See KJK work CAMPs (Always sold out). Global reach. Global Collaborations – critical to success! NMI-EDIT – made so much happen! InCommon! InCommon! InCommon! – Certificates service fashioned after Euro deal on certs – ~600 participants (>400 HE), >7.5M users, 10 years!

Not so much… Signet – a Priv Mgmt System… didn’t take off. DoDHE – Directory of Directories – “Wait, our public data will be THAT public? NO!” USHER – Root CA for HE (and HEBCA) – Couldn’t get it in the browsers! No $$$$ Voice/Video + AuthN/Z – still proprietary. EDDY – Distributed Diagnostics. Good ideas, but InCommon Bronze, Silver, Gold Assurance Levels. PKI is STILL only 18 months away!

It wouldn’t be possible without these People… In no particular order: Keith Hazelton (Wisconsin), Steve Carmody (Brown), Mark Poepping (CMU), Michael Gettes (various/All), Ann West (MTU/Internet2), David Wasley (UCOP/retired), Tom Barton (Memphis/Chicago), Renee Shuey (PSU), Scott Cantor (The Ohio State), Jim Jokl (uVa), Scotty Logan (Stanford/missing), Frank Grewe (Minn), Paul Hill (MIT/ind), Von Welch (IU/ind), & Ken Klingenstein (Internet2) Various liaisons from around the world and …

RL “Bob” Morgan (Stanford/Wash) We still miss him very much !!

And we move on… Shibboleth Consortium formed (funding?) REFEDs – locus for R+E Federation Operators CommIT project – change how students apply to college nationally Scalable Privacy Grant (KJK will discuss) IAM Test-bed emerging MFA – Multi-Factor Authentication everywhere Provisioning and integration – practices for all Still, so much to do… – Trusted Identity in Education and Research (TIER)

And the Survey says …

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.