1 / 15

A very brief history of Identity in Higher Education a short stroll down memory lane

A very brief history of Identity in Higher Education a short stroll down memory lane. Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton, BostonU gettes@cmu.edu Common Solutions Group May , 2014. In the beginning…. Essentially no security on the Internet

devi
Download Presentation

A very brief history of Identity in Higher Education a short stroll down memory lane

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A very brief history of Identity in Higher Educationa short stroll down memory lane Michael R Gettes CMU, MIT, Internet2, Duke, Georgetown, Princeton, BostonU gettes@cmu.edu Common Solutions Group May, 2014

  2. In the beginning… • Essentially no security on the Internet • 1980’s, 1990’s various HE Univs pursue central ID stores. Andrew, Athena, others? • 1991 – BITNET-III, a project to use home Univcreds to access remote modem pools and central bill the Univ – FAIL!

  3. And then… • 1994/6 – slapd emerges from uMich • Many Universities initiate LDAP services • 1998 OpenLDAP project started • Most of uMichslapd team moves to Netscape • First common mechanism exposing IDs emerge from various Universities in late 1990s • Public Key + LDAP – cost effective “I” in PKI • PKI first seen as 18 months away… (ha ha !)

  4. Many SSO … • Various SSO efforts: • MIT Kerberos • Yale CAS • Michigan CoSign • Washington PubCookie • Many WebAuth – Duke, Stanford, ??? • WebISO – Initial Sign-On (cuz, SSO deemed not wise) – families of apps for Sign-On. CMU named their SSO WebISO using pubcookie (oops!).

  5. September 1999Directories, Identifiers, AuthN (DIA) • “Early Harvest” – various University geeks, herded by Ken Klingenstein, met in Denver to start discussions around Identity Mgmt and Access problems. No volunteers for work except RL “Bob” Morgan. • During dinner… first ideas of inter-org AuthN/AuthZ on the web discussed. Seeds for what would later become Shibboleth planted. Glueworkers: RL “Bob” Morgan, Mark Poepping, Michael Gettes, Bob Brentrup, Alan Crosswell, David Wasley, Paul Hill, Frank Grewe, Keith Hazelton, Steve Kellogg, Daniel Arrasjid, Bill Doster, Mark Bruhn, Steve Worona. Planning group: Morgan, Gettes, Carmody, Poepping, KJK

  6. And then… • 1998/9: MACE formed – first projects: DoDHE, eduPerson, Shibboleth proposal (generated from uWash Internet2 meeting). First minutes: May 22, 2000 – interesting read. • MACE guides I2MI – and the work begins! • HEPKI collaboration with i2-PKILabs, VidMid (H.323), eduPerson, Shibboleth, GRID collab starts, JA-SIG collab, LDAP Recipe, URN/OID Registry, evangelism!!! • Fed/Ed PKI meetings – HEBCA – Bridged PKI

  7. U.S. Federal Viewpoint (2002-04) • HSPD-12 (Homeland Security Presidential Directive 12): President Bush, August 2004: mandatory gov-wide secure IDs for all employees + contractors. Yielded NIST FIPS 201 – PIV – using PKI, LDAP/X.500 and friends. • Fed E-Auth initiative by NIST spawns SP-800-63, guidance to implement OMB-04-04, in support of HSPD-12 pending. • This is where LoA 1-4 come from – guidance and technical controls. • InCommon Bronze/Silver != Fed 1-4 but comparable

  8. NSF Middleware (NMI-EDIT) • 2002 - 2006 – Supposed to be collab between I2MI and GRID. GRID got the $$$. We produced software that worked.  • Produced tons of stuff. Regular software package releases of many components. Documentation + experiences. • TIER Version 1? • Can’t say enough good stuff about NMI-EDIT

  9. We have much InCommon • 2004 – InCommon is born. • IBM tried to patent Shib/SAML. We have email with our IP. SAML largely developed by RLBob and Scott Cantor (editor). • 10 Years later… InCommon is critical infrastructure to many Universities. CMU relies on InCommon for local federation. • A huge success story! Born from “US”. Core group but many made it work well.

  10. What worked/works… • Shibboleth, simpleSAMLphp, SAML 2.0 by vendors • social2SAML gateways emerging • LDAP (eduPerson, LDAP-Recipe) • Grouper – still no vendor product like it. • Middleware Research – See KJK work • CAMPs (Always sold out). Global reach. • Global Collaborations – critical to success! • NMI-EDIT – made so much happen! • InCommon! InCommon! InCommon! • Certificates service fashioned after Euro deal on certs • ~600 participants (>400 HE), >7.5M users, 10 years!

  11. Not so much… • Signet – a PrivMgmt System… didn’t take off. • DoDHE – Directory of Directories • “Wait, our public data will be THAT public? NO!” • USHER – Root CA for HE (and HEBCA) • Couldn’t get it in the browsers! No $$$$ • Voice/Video + AuthN/Z – still proprietary. • EDDY – Distributed Diagnostics. Good ideas, but • InCommon Bronze, Silver, Gold Assurance Levels. • PKI is STILL only 18 months away! 

  12. It wouldn’t be possible without thesePeople… In no particular order: • Keith Hazelton (Wisconsin), Steve Carmody (Brown), Mark Poepping (CMU), Michael Gettes (various/All), Ann West (MTU/Internet2), David Wasley (UCOP/retired), Tom Barton (Memphis/Chicago), Renee Shuey (PSU), Scott Cantor (The Ohio State), Jim Jokl(uVa), Scotty Logan (Stanford/missing), Frank Grewe (Minn), Paul Hill (MIT/ind), Von Welch (IU/ind), & Ken Klingenstein (Internet2) • Various liaisons from around the world and …

  13. RL “Bob” Morgan (Stanford/Wash)We still miss him very much !!

  14. And we move on… • Shibboleth Consortium formed (funding?) • REFEDs – locus for R+E Federation Operators • CommIT project – change how students apply to college nationally • Scalable Privacy Grant (KJK will discuss) • IAM Test-bed emerging • MFA – Multi-Factor Authentication everywhere • Provisioning and integration – practices for all • Still, so much to do… • Trusted Identity in Education and Research (TIER)

  15. And the Survey says …

More Related