Docstoc

A-Select

Document Sample
A-Select Powered By Docstoc
					A-Select: Hitchhiking in
authentication space
TERENA TF-AACE workshop, Stockholm,
26 November 2002




Ton Verschuren
Innovation Management – SURFnet – NL
Ton.Verschuren@SURFnet.nl
Rationale for A-Select


• A-Select is a weblogin system like pubcookie
• Separation between authN and authZ
• Better security thru stronger (local) authN
• New authN methods shouldn’t bother apps
• We’re looking for authN means that users
  already have: hitchhiking!
• Differentiate between various levels of
  assurance




                                                 2
             A-Select overview
                                        Application
                User


                                   Filter             A-Select
                                                       Agent




                                           Local                 Remote
                                         A-Select                A-Select
                                          Server                  Server
     Remote                Local
 Authentication        Authentication
Service Providers         Service
                         Providers              UDB
                                                                            3
Supported AuthN Service
Providers (ASPs)
• V 1.1 (now):
    – IP address
    – U/p thru RADIUS
    – Internet banking (banking card)
    – SMS (mobile phone)
• V 1.2 (Nov/Dec):
    – LDAP
• V 2.0 (?):
    – SAML
• V n.n (?):
    – PKI


                                        4
Implementation
• A-Select server: Java
    – Apache + Tomcat
• Crypto: Cryptix
    – SHA1 hashes + RSA signatures
• Filters for Apache and IIS
• Memory cookies:
    – Ticket granting ticket (for SSO)
    – Application ticket
• Redirection to ASP
• UDB:
    – JDBC
    – LDAP (v1.2)
• SSL recommended but not required


                                         5
License model


• A-Select server & agent: free
• ASPs IP address and RADIUS: free
• ASPs SMS (and banking card): free for
  academic community

• Other ASPs:
   – Do-it-yourself, or
   – Contract our developers




                                          6
The Future of A-Select


• Benchmarking of “similar” products
   – Functionality
   – With APIs for ASPs
   – Price
• Your input is welcome!




                                       7
    What’s next: standardising on
    APIs?
                                      Applications

                   Authorisation Systems



                           webISO


     Back Office



?                    Authentication Systems




                                                     8
More info


• More on a-select.surfnet.nl
   – Functional & technical design + API
   – Demo Portal



• And now…a demo!




                                           9

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:2
posted:8/4/2012
language:Latin
pages:9