International Symposium on Grids & Clouds 2018 (ISGC 2018) in conjunction with Frontiers in Computational Drug Discovery (FCDD)

A Study of Credential Integration Model in Academic Research Federation Supporting a Wide Variety of Services

22 Mar 2018, 16:00

30m

Room 802, BHSS (Academia Sinica)

Oral Presentation Networking, Security, Infrastructure & Operations Networking, Security, Infrastructure & Operation Session

Speaker

Dr Eisaku Sakane (National Institute of Informatics)

Description

Single Sign-on mechanism raises usability of Information Communication Technology (ICT) service and is currently an essential technology. It is an ideal situation for users to be able to receive the desired services with only one credential. However, there is still a situation where they need to use each appropriate credential according to services. The purpose of this paper is to investigate the situation where users must use each credential according to the desired services, and to clarify the problems in the situation and the addressed issues. Then, a credential integration model is considered. In Japan, there is the GakuNin which is an academic access management federation. In the federation, if the negotiation between an identity provider (IdP) and a service provider (SP) have been completed regarding a use contract for the service which the SP offers, all constituent members of the academic institution which operates the IdP will be able to receive the services with the credential issued by the IdP. The restricted services, for example, a service for the staff of the academic institution only, can be offered by specifying the attributes which the IdP manages. Also, Japan has the HPCI project that is a national project and offers high performance computing infrastructure (HPCI) to not only academic researchers but also industrial ones. In order to use HPCI, first, researchers must apply a research project proposal. If the proposal is accepted, the researchers will obtain HPCI credential after initial identity vetting based on a face-to-face meeting. The HPCI credential is issued by an IdP in the HPCI federation. Since the HPCI opens the door to not only academia but also industry the IdPs in the HPCI federation cannot be simply replaced with the IdPs in the GakuNin. However, if the HPCI user belongs to an academic instituion the user will be compelled to manage both the GakuNin and the HPCI credentials. Such credential management burden is one of the issues addressed in this paper. In this paper, based on the situation in Japan mentioned above, we discuss a credential integration model in order to more efficiently use a wide variety of services. We first characterize services in an academic federation from point of view of authorization and investigate the problem that users must use each credential issued by different IdPs. Then, we discuss the issues to integrate user's credentials, and consider a model that solves the issues.

Presentation materials

Slides

sakane-isgc2018.pdf