Скачать презентацию Internet 2 Web ISO Pubcookie Efforts in Web Скачать презентацию Internet 2 Web ISO Pubcookie Efforts in Web

afd925b01d092bd2609428bcb8516559.ppt

  • Количество слайдов: 21

Internet 2/Web. ISO & Pubcookie “Efforts in Web Authentication” TERENA TF-AACE workshop November 26, Internet 2/Web. ISO & Pubcookie “Efforts in Web Authentication” TERENA TF-AACE workshop November 26, 2002 Stockholm, Sweden Nathan Dors, University of Washington [email protected] edu

Topics What is Web. ISO? Web. ISO Working Group Web. ISO and Target Application Topics What is Web. ISO? Web. ISO Working Group Web. ISO and Target Application Interfaces Pubcookie: History, Model, and Status 2

What is Web. ISO? A Working Definition ”Web. ISO systems are designed to allow What is Web. ISO? A Working Definition ”Web. ISO systems are designed to allow users, with standard web browsers, to authenticate to web-based services across many web servers, using a standard, typically username/password central authentication service. ” 3

What is Web. ISO? Web. ISO = “Web Initial Sign-On” • handy terminology • What is Web. ISO? Web. ISO = “Web Initial Sign-On” • handy terminology • a common IT problem • with many existing solutions • scope is authentication only (usually) • scope is intra-institution (usually) • Web. ISO is not a standard, nor an API 4

Web. ISO Use Scenarios • User visits local web portal, uses the local Web. Web. ISO Use Scenarios • User visits local web portal, uses the local Web. ISO solution for sign-on • User visits multiple apps, on multiple servers, uses the local Web. ISO for “single sign-on” • User visits web-based email service, uses Web. ISO for 3 -tier authn to backend IMAP server • User visits multiple apps, uses Web. ISO to authenticate with different levels of assurance 5

Web. ISO Service Model & Components • Weblogin service • Verification service • Web Web. ISO Service Model & Components • Weblogin service • Verification service • Web Application Agent • Web Application • Web browser 6

Example Web. ISO Solutions • Pubcookie • CAS (Yale) • Web. Auth (Duke) • Example Web. ISO Solutions • Pubcookie • CAS (Yale) • Web. Auth (Duke) • A-Select • Etc… 7

Internet 2/MACE Web. ISO Working Group • Email discussion list • Conference calls (~2 Internet 2/MACE Web. ISO Working Group • Email discussion list • Conference calls (~2 per month) • Working group meetings • Internet 2 Middleware Architecture Committee for Education provides oversight • http: //middleware. internet 2. edu/webiso 8

Web. ISO WG: Initial Focus • Share experience • Work towards a common solution Web. ISO WG: Initial Focus • Share experience • Work towards a common solution • ensure compatibility with related projects (OKI, u. Portal, Shibboleth) • selected “Pubcookie” for modification 9

Refined Focus • Share experience • Ensure compatibility • Create intellectual capital • Recommend Refined Focus • Share experience • Ensure compatibility • Create intellectual capital • Recommend best Web. ISO practices • system design • architectures • interfaces 10

Current Draft Documents “Web. ISO: Service Model and Component Capabilities” RL “Bob” Morgan, Univ Current Draft Documents “Web. ISO: Service Model and Component Capabilities” RL “Bob” Morgan, Univ of Washington “Trusted Delegation of Privileges in an N -Tier Environment” Chad La Joie, Virginia Tech University 11

Current Activity • Problem: How best to support vendor application integration with Web. ISO? Current Activity • Problem: How best to support vendor application integration with Web. ISO? • reduce resistance, reduce costs • Activities: • surveying interfaces to target applications in existing Web. ISO packages • investigating existing target application APIs (e. g. OKI Authn Specification, Web. CT) • deliverables are undefined; recommendations 12

Web Application Agent Models Model 1: Server Module Web server Web. ISO/WAA Model 2: Web Application Agent Models Model 1: Server Module Web server Web. ISO/WAA Model 2: Run-time library Web server Webapp Web. ISO/WAA 13

Other Issues • Location-based authentication (kiosks) • 3 -tier, delegated authn • Multiple authentication Other Issues • Location-based authentication (kiosks) • 3 -tier, delegated authn • Multiple authentication types • Privacy • Logout • “Cancel” or “no prompt” options • User interface • Non-human user agents 14

Web. ISO Futures… • Longevity of existing Web. ISO packages? • Convergence toward SAML Web. ISO Futures… • Longevity of existing Web. ISO packages? • Convergence toward SAML formats? • Shibboleth influences? • Is it a viable local Web. ISO solution? • Will Web. ISO packages add Shib HS capability? 15

Next topic: Pubcookie “A sufficiently featureful, deployable, open-source Web. ISO package…” 16 Next topic: Pubcookie “A sufficiently featureful, deployable, open-source Web. ISO package…” 16

Pubcookie History • 1999 - developed and deployed at the University of Washington • Pubcookie History • 1999 - developed and deployed at the University of Washington • Jun 2001 - selected by Internet 2/Web. ISO for initial activity towards general availability • May 2002 - face-to-face mtg in Seattle with designers and developers • current committers from Carnegie Mellon, Univ of Washington, Univ of Wisconsin • still licensed by Univ of Washington • Oct 2002 - P 3. 0 included in NSF National Middleware Initiative Release 2 17

Pubcooke 3. 0 Components • Login server software • Verify against Kerberos 5, LDAP, Pubcooke 3. 0 Components • Login server software • Verify against Kerberos 5, LDAP, /etc/shadow • Single Sign-On • Kiosk mode • Template-based HTML interface • Application server software • Apache 1. 3 module • Microsoft ISAPI Filter for IIS 4. x, 5. x • delivers identity via environment (e. g. REMOTE_USER) • Key management utilities • All written in C 18

Pubcookie Challenges • Deployment • 3. x much easier than 1. x; autoconf for Pubcookie Challenges • Deployment • 3. x much easier than 1. x; autoconf for Unix • key management tools requires lite use of PKI • Open source development • Maintenance vs new features • Release management • Quality assurance • Contribution policy • Motivation • Support 19

Pubcookie 3. 0. 0 Release • Version 3. 0. 0 -beta 3 • released Pubcookie 3. 0. 0 Release • Version 3. 0. 0 -beta 3 • released Oct 25, 2002 • could have been RC 1… • but probably fortunate that it wasn’t • Current Status • awaiting fix to mod_pubcookie for Apache • login server is ready (as ready as any x. 0. 0 release) • ISAPI Filter for IIS is ready • documentation is improving with each release • need to develop FAQ, guidelines for self-signed certs 20

Pubcookie Roadmap • Release Pubcookie 3. 0. 0 (Dec 2002? ) • Review feature Pubcookie Roadmap • Release Pubcookie 3. 0. 0 (Dec 2002? ) • Review feature requests • improve HTML templating • “global” logout • support authn across DNS domains • general 3 -tier & location-based authn solutions • support Apache 2. 0 • Reflect on design • SAML offers standard assertion format; POST profile • Rally together, set directions for 2003… 21