Secure Access and Secure Communications

1
Secure Access and Secure Communications

• Collaborative Technologies Units Central
  Authentication Service (CAS) and Instant
  Messaging Pilot
• DCSS October 14, 2005

2
But first...

• Collaborative What?
• Collaborative Technologies Unit (CTU)
• Formerly the Portal Group
• Expanding focus beyond My VT to include
• Single Sign-on
• Instant Messaging
• Announcements
• Discussion Forums
• Etc....

3
Secure Access

• Central Authentication Service (CAS)

4
Secure Access

• Central Authentication Service (CAS)
• Enterprise Single Sign-on for the Web
• Developed by Yale University
• Open Source Project Under JA-SIG
• Widely Adopted by Higher ED
• Replaced VTs Authportal System on September 30,
  2005

5
(No Transcript)
6
Secure Access

• How CAS Works
• VTs CAS uses PID/password
• Users authenticate to CAS server
• Applications receive assurance of authentication
  from CAS
• CAS is the only system to see the password

7
How CAS Works
S
T
Web application
CAS
NetID
S
T
Web browser
C
8
Secure Access

• Why CAS?
• Secure/Proven System
• Light Code Base (1000 lines of code)
• Strong Higher Ed user base and support community
  - 100 deployments
• Integrated with uPortal the underlying
  framework of My VT
• Support for proxy authentication Ex. a channel
  inside My VT needs to request information on a
  users behalf
• Many existing libraries and examples for
  CASifying applications such as Banner,
  Blackboard, and various e-mail servers.
• Portability APIs for Java, PERL, JSP, ASP,
  PL/SQL, Apache module and Pam module

9
Secure Access

• CAS Today
• Primary Authentication for My VT
• Hooks into Hokie SPA
• Hooks into Filebox
• Hooks into Departmental Software

10
Secure Access

• CAS Looking Forward
• Use CAS as primary authentication mechanism for
  major enterprise systems
• Hokie SPA
• Filebox
• Sakai
• Blackboard?
• Webmail?

11
Secure Access

• CAS Looking Forward
• Make CAS available to any web-based application
  at VT
• CAS could possibly solve password requirement
  issues for some applications
• CAS could also serve as an alternative to using
  ED-Auth
• Options for expanding the use of CAS are being
  discussed with IRM and the IT Security Office

12
Secure Access

• Questions or Comments?
• Ken McCrery
• kmccrery_at_vt.edu

13
Secure Communications

• Instant Messaging (IM) Pilot

14
Secure Communications

• Proposal for IM Project
• Provide a secure mechanism for real-time
  enterprise communication
• E-mail is not in real-time
• Many users have resorted to using insecure
  commercial IM solutions to conduct VT business
• Offer presence awareness
• My VT and Sakai services needed a way to identify
  who was currently working online

15
Secure Communications

• Proposal for IM Project
• Stimulate online collaboration
• There is often a need for multiple people to
  gather together briefly. This could be done
  without having to schedule meetings and use
  conference space
• Serve as an alternative to e-mail communications
• Proposal was made after problems with VT mail
  server crippled communications for nearly 3 days

16
Secure Communications

• IM Pilot Stats
• Pilot began on 4/8/2005
• Invitation to use pilot was sent out to ISC and
  TECHSUPPORT listservs
• 93 participants signed up for pilot
• Averages 25-30 simultaneous users throughout the
  day

17
Secure Communications

• IM Pilot Environment
• Server Environment
• Running open source Jabberd 2
• Platform has been very stable
• Load has been very light
• Client Environment
• Many clients to choose from
• No one client does all things well
• Incompatibility between different clients
  depending on function (i.e. file transfers may
  only work between two people running the same
  client)
• IM Portal Channel still under development

18
Secure Communications

• IM Pilot Results
• Messaging
• Work as expected
• Reliable
• Secure
• Chat
• Requires a separate module on the server
• A number of failures have been reported
• Persistent chat rooms sometimes loose archive
• File Transfer
• Tough to support
• Client-to-client protocols are often incompatible
• No way to ensure client-to-client transfers are
  secure
• Server-side transfers will undoubtedly produce a
  lot of overhead

19
Secure Communications

• IM Pilot Looking Forward
• Survey current pilot participants
• Publish beta web client in My VT
• Expand pilot to larger audience
• Determine feasibility of production service over
  the next 6-12 months

20
Secure Communications

• Questions or Comments?
• Ken McCrery
• kmccrery_at_vt.edu
• To participate in the IM Pilot go to
• https//survey.vt.edu/survey/entry.jsp?id11127288
  12467