Here's the project plan with OKI to address Inter-operability among authentication systems
which continues to be a problem on campus, notably for the CSU digital marketplace project. I just need the funding to get rocking on it which shouldn't long to nail down.
The Authentication Open Service Interface Definition offers a solution to achieve interoperability among varying
authentication systems using modular software interfaces where adapters
can be utilized in a plug-and-play manner to map the identity namespaces among varying authentication providers.
goal of this project is to develop a demonstration for the OpenIWorld
conference in August. The demonstration will be an application
and server that each can use either a Kerberos or SAML2
based authentication mechanism. Specifically:
a client-side application that can use either Kerberos or SAML
(depending on what the service protocol requires) to
\* a server-side application that can authenticate using either Kerberos or SAML and utilize the same authorization service.
Below outlines the deliverables required to produce a demonstration usable at the OpenIWorld:eLearn conference.
1. A SAML 2.0 client OSID implementation
The client-side OSID is used by native applications to acquire the SAML 2.0 credential from a Shibboleth authentication transaction and prepare those credentials for transport to the server.
2. A SAML 2.0 server OSID implementation
The server-side OSID is used by servers and web-application servers to validate and extract attributes from the SAML data for the purpose of establishing an identity and/or other data for use with an authorization service.
3. A Kerberos client OSID implementation
The client side OSID is used by native applications to acquire a Kerberos ticket and prepares that data for transport to the server. This work will leverage on prior work related to Kerberos and the OSIDs.
4. A Kerberos server OSID implementation
The server side OSID is used by servers and web application servers to validate a Kerberos ticket and extracts an identity for use with an authorization service.This work will leverage on prior work related to
Kerberos and the OSIDs.
5. A Authentication OSID adapter for federation
The adapters will federate the Kerberos and SAML authentication OSIDs to present to the application and server software a single authentication interface.
6. A test client/server
A client that demonstrates the usage of these OSIDs.
7. Documentation of demonstration
8. Production and delivery of the OpenIWorld demonstration