A very brief history of Identity in Higher Education – a short stroll down memory lane: Michael Gettes
In the beginning: essentially no security on the Internet; then CMU did Andrewy, MIT did Athena in the ’80s; BITNET-III, a project to use home University creds to access remote modem pools and central bill the University – FAIL!
94/6 – slapd emerges from uMich (LDAP), 1998 OpenLDAP project started. Most of uMich slapd team moves to Netscape in ’98.Public Key + LDAP – cost effective PKI – still 19 months away.
Various SSO efforts: MIT Kerberos; Yale CAS; Michigan CoSign; Washington PubCookie; Many WebAuths. Did WebISO effort in Internet2.
September 1999, Ken Klingenstein, first ideas of inter-org AutnN/AuthZ on the web.
1998 – MACE fomred – first projects: DoDHE, eduPerson, Shibboleth.
US Federal Viewpoint – HSPD1-12 mandated government-wide secure IDs for all employees + contractors. Yielded NIST FIPS 201 – PIV, using PKI, LDAP/X.500 and friends. Ded E-Auth initiative spawns guidance. InCommon Bronze/Silver != Fed 1-4 but comparable.
NSF Middleware (NMI-EDIT) – 2002 – 2006 collab between I2MI and GRID. Produced tons of stuff, regular software package releases of many components.
2004- InCommon is born. IBM tried to patent Shib/SAML, but were unsuccessful. SAML largely developed by RL Bob Morgan and Scott Cantor. 10 years lager.. InCommon is critical infrastructure to many Universities.
What worked/works: Shibboleth, simpleSAMLphp, SAML 2.0 by vendors; LDAP (eduPerson, LDAP-Recipe); Grouper; Middleware Resarch; CAMPS; Global collaborations; NMI-EDIT; InCommon! (~600 participants, >7.5 million users; 10 years).
Not so much: Signet (Priv Mgmt System – didn’t take off); DoDHE (Directory of Directories); USHER – Root CA for HE – couldn’t get it in the browsers; Voice/Video AuthN/Z – still proprietary; EDDY – Distributed Diagnistics; InCommon Bronze, Silver, Gold – not a lot of uptake yet.
PKI Still 18 months away!
And we move on…
SHibboleth Consortium formed; REFEDS (locus for R+E federation operators_; CommIT project; Scalable Privacy Grant; IAM test-bed emerging; Multi-factor authentication; Provisioning and integration – practices for all. Still much to do – Trusted Identity in Education and Research (TIER).
IAM Test-bed: https://spaces.internet2.edu/display/InCCollaborate/IAM+Testbet
Oren Sreebny 