CSG Spring 2014 – Notre Dame – Identity Landscaping Workshop

A very brief history of Identity in Higher Education – a short stroll down memory lane: Michael Gettes

In the beginning: essentially no security on the Internet; then CMU did Andrewy, MIT did Athena in the ’80s; BITNET-III, a project to use home University creds to access remote modem pools and central bill the University – FAIL!

94/6 – slapd emerges from uMich (LDAP), 1998 OpenLDAP project started. Most of uMich slapd team moves to Netscape in ’98.Public Key + LDAP – cost effective PKI – still 19 months away.

Various SSO efforts: MIT Kerberos; Yale CAS; Michigan CoSign; Washington PubCookie; Many WebAuths. Did WebISO effort in Internet2.


September 1999, Ken Klingenstein, first ideas of inter-org AutnN/AuthZ on the web.

1998 – MACE fomred – first projects: DoDHE, eduPerson, Shibboleth. 

US Federal Viewpoint – HSPD1-12 mandated government-wide secure IDs for all employees + contractors. Yielded NIST FIPS 201 – PIV, using PKI, LDAP/X.500 and friends. Ded E-Auth initiative spawns guidance. InCommon Bronze/Silver != Fed 1-4 but comparable.

NSF Middleware (NMI-EDIT) – 2002 – 2006 collab between I2MI and GRID. Produced tons of stuff, regular software package releases of many components.

2004- InCommon is born. IBM tried to patent Shib/SAML, but were unsuccessful. SAML largely developed by RL Bob Morgan and Scott Cantor. 10 years lager.. InCommon is critical infrastructure to many Universities. 

What worked/works: Shibboleth, simpleSAMLphp, SAML 2.0 by vendors; LDAP (eduPerson, LDAP-Recipe); Grouper; Middleware Resarch; CAMPS; Global collaborations; NMI-EDIT; InCommon! (~600 participants, >7.5 million users; 10 years).

Not so much: Signet (Priv Mgmt System – didn’t take off); DoDHE (Directory of Directories); USHER – Root CA for HE – couldn’t get it in the browsers; Voice/Video AuthN/Z – still proprietary; EDDY – Distributed Diagnistics; InCommon Bronze, Silver, Gold – not a lot of uptake yet. 

PKI Still 18 months away!

And we move on…

SHibboleth Consortium formed; REFEDS (locus for R+E federation operators_; CommIT project; Scalable Privacy Grant; IAM test-bed emerging; Multi-factor authentication; Provisioning and integration – practices for all. Still much to do – Trusted Identity in Education and Research (TIER).

IAM Test-bed: https://spaces.internet2.edu/display/InCCollaborate/IAM+Testbet


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: