New%20Developments%20in%20Access%20Management:%20Setting%20the%20Scene

1
New Developments in Access Management Setting
the Scene

• Alan Robiette
• JISC Development Group
• JISC-CNI Conference, June 2002

2
Outline

• Overview and terminology
• Authentication problems and progress
• Authorisation problems and progress
• Summary and conclusions

3
The High-Level Problem

• We need national-scale services for
• Authentication (linking people to electronic IDs)
• Authorisation (linking IDs to privileges)
• Profiling (linking IDs to personal preferences)
• Accounting (in the sense of tracking and
  recording usage, whether or not for actual
  billing)
• All in an interoperable framework which can be
  realistically implemented by our institutions
• Not to mention all our third-party suppliers

4
Authentication

• On a local scale, largely a solved problem
• Various solutions exist, some with single sign-on
  (Internet2 promoting WebISO for web resources)
• Digital certificates are on the increase
• All serious Grid middleware requires them
• But the management problems get no easier
• Public-key technology will itself evolve
• XML-based schemes may become a real factor
• E.g. XKMS, Web Services Security

5
Authentication Issues on a National Scale

• Naming and name-space management
• How is uniqueness assured nationally?
• What happens in the case of multiple
  affiliations?
• Should real IDs be generally visible to off
  campus providers?
• Trade-offs between privacy, convenience and
  accountability

6
Authorisation Issues

• Determining an individuals privileges
• What attributes (roles) is it useful to consider?
• Which are generic and which application-specific?
• How many could be defined sector-wide?
• Location of the access control decision
• At the resource itself (greatest provider
  control)?
• At the institution (i.e. devolution of trust)?
• At some intermediate point (e.g. as in the
  present case in the UK, at the Athens server)?

7
Where Should Control Be Applied?

• Logically at the resource itself
• The resource owner logically should determine who
  gets access and who does not but this may
  require more user information to be disclosed
• For electronic information, this is often
  delegated (e.g. on the basis of a contract)
• A better model for a bibliographic database than
  for a supercomputer? Or even a telescope?

8
Where is the Complexity Felt?

• Do we best achieve interoperability by having the
  same software interface at
• All service providers servers?
• All campuses?
• All users local environments (wherever they
  are)?
• More than one of these?
• And where the complexity ends up, so do most of
  the costs

9
Other Concerns

• The single sign-on question
• How important is seamlessness?
• The portal problem
• To address this properly is quite hard
• Standards and interoperability
• There arent many, especially for authorisation
• The international scene
• A system for JISC services is all very well, but
  what about integrating resources from the wider
  world?

10
Current UK Developments

• EduServs development plan for Athens
• Single sign-on introduced Spring 2002
• White paper and proposed trial of distributed
  authentication Summer 2002
• JISC call for projects issued Summer 2002
• With the objective of exploring a range of
  emerging technologies, particularly for
  authorisation
• JISC is actively working with Internet2-MACE in
  the US and TERENA in Europe

11
Developments Elsewhere (1)

• Shibboleth (Internet2)
• Devolves authentication and attribute assertion
  to campuses
• Resource owner requests attributes from campus
  and makes decisions based on the response
• Model allows both campus and user control over
  attribute release (strong emphasis on privacy)
• Open source reference implementation due to be
  released Autumn 2002
• Publishers getting involved in trial programme

12
Developments Elsewhere (2)

• PAPI (Spanish national network)
• Distributed architecture authentication and
  authorisation both carried out at campus (i.e.
  campuses have to be trusted by resource owners)
• Multi-tier architecture easy to interface to
  existing publishers services
• Open source and in use in a number of
  sites/consortia in Spain, including some
  publisher involvement

13
Is a Common View Emerging?

• What is clearly needed is a single, widely
  accepted vendor-independent scheme
• At first sight the different projects (PAPI,
  Shibboleth, Athens) look very distinct
• However they share many components and a common
  architecture appears feasible

14
And What About the Grid?

• Currently the Grid communitys problems appear
  more complex
• Grid middleware relies heavily on X.509 identity
  certificates, which are far from universal
  otherwise
• Even in the longer term, it may not be possible
  to standardise on one single Grid authorisation
  solution
• But there may be analogies with other relatively
  complex problems, e.g. medical middleware

15
Conclusions

• Authorisation in particular remains a tough
  problem
• But some of the emerging solutions look
  promising, for quite large sets of commonly
  encountered applications
• International co-operation in this area is
  looking very promising