Click here to receive your FREE subscription to Campus Technology
Focus
Security: Trend Report: Identity Management
10/20/2005
Pubcookie. Pubcookie is open source technology developed by the University of Washington, which provides WebISO. When a user points her Web browser at a Pubcookie- enabled app that requires authentication, the Web browser is redirected to the Pubcookie login module on a trusted, secure server. The Pubcookie login server authenticates against an existing enterprise authentication service such as Kerberos, and returns a cookie to the user’s computer. Then the user’s browser is redirected back to the application server. As the user subsequently visits different servers within the enterprise, the cookie will serve as acceptable authentication until the cookie expires. (Go to www.washington.edu/computing/pubcookie and www.pubcookie.org.
Yale Central Authentication Service (CAS). CAS, developed by Yale University (CT) to provide a “pretty good” unified system of access to all Web-based resources, now forms the basis for systems at several universities and can be obtained at www.ja-sig.org.
Federated Authentication. Shibboleth is a national higher education initiative funded by the National Science Foundation (www.nsf.gov) and facilitated by Internet2 (www.internet2.org), to develop an open, standards-based way to authenticate between campuses. The user’s campus authenticates the user and then identifies him to other campusesthrough a “trust fabric” (shibboleth.internet2.edu/index.html). Adoption of Shibboleth has been very slow, largely because so few institutions have a mature campus trust fabric.
PKI Authentication
Finally, the Holy Grail of authentication—PKI. PKI provides a level of authentication akin to having both the guard at the door of the bank and the teller ask for a driver’s license, passport, and fingerprints before any transaction. But PKI hasn’t yet been widely adopted in higher ed largely because the technology is seen as complex and requiring substantial back-room support, either from a knowledgeable staff or an expensive vendor. Educause has developed the Identity Management Services Program ( www.educause.edu/imsp) to take advantage of discounted pricing and customized purchasing from vendors such as VeriSign (www.verisign.com). Still, Jeff Schiller, network manager at MIT (one of the few institutions to fully implement PKI), argues that the primary reason for the perceived complexity and expense of PKI is that institutions don’t keep the implementation simple.Trends and Next Steps
The general trend is from weak to strong authentication. Two-factor authentication for key administrative applications and single-sign-on authentication for just about everything is becoming the norm. Federated authentication and PKI are just around the corner.
Recommended Reading
- Fixed-Mobile Convergence: Dartmouth Beefs Up Cell Coverage, Cuts Costs
Problems with cell phone coverage aren't uncommon on college campuses. There are two main reasons: The beefy structure of historic buildings can block cellular reception within walls, and, on more remote campuses outside cities, signal coverage can be light.
- Thompson Rivers U Deploys Unified Digital Campus for ERP
Thompson Rivers University (TRU) in British Columbia has selected SunGard Higher Education's Banner Unified Digital Campus (UDC) to integrate its ERP systems.
- DV Kitchen Web Video Publishing System Released
DVcreators.net has released DV Kitchen, a new video encoding and publishing application for Mac OS X designed specifically for creating materials to be posted on the Web.
- NEC Debuts 4 Education Projectors
NEC this week debuted four new projectors targeted toward education applications, along with a new MultiSync LCD display. The new NP-series projectors are entry-level models started at $899 but are designed to provide high light output, support for closed captioning, and built-in networking capabilities.
- Security Researchers Uncover Spring Framework Vulnerability
Software frameworks are enjoying enormous popularity these days among a range of developers. It's popularity well earned; frameworks provide powerful tools for building more flexible and less error-prone applications. They generally enhance developer productivity with out-of-the-box functionality. And they can free developers to focus on features instead of common coding tasks.
- 3PAR Server Arrays Integrate Fat-to-Thin Processing
Utility storage provider 3PAR has announced the release of the 3PAR InServ T400 and T800 Storage Servers. The new hardware is built on the company's third-generation InSpire architecture, featuring the 3PAR Gen3 ASIC with integrated fat-to-thin processing.
