Proposal for a common global access management system

May 10, 2011
Tags: , , , ,
proposal

Click to download paper

Parties who are interested in tracking and discussing this proposal are encouraged to subscribe to cgams-announce@jiscmail.ac.uk at http://www.jiscmail.ac.uk. This proposal will also be the subject of discussion at a BoF at the TERENA Networking Conference 2011 on Thursday 19 May at 1400 CEST.

An extract from the “Executive Summary” of Proposal for a common global access management system (click to download the paper).

In recent years, user requirements have driven the development of a set of access management systems to support inter-organisational activities within the global research and education community. These systems have, in general, addressed separate and often quite different application domains. Viewed independently, these access management systems have generally been highly successful. However these systems have, in general, addressed separate and often quite different application domains and, when considered as an ensemble, two issues become apparent:

• Their multiplicity imposes significant complexity and costs on organisations and users, by requiring them to interact with a number of dissimilar access management systems.

• Despite their multiplicity, these systems fail to address the inter-organisational access management requirements of many applications, resulting in significant opportunity costs.

An access management system that not only provided an access management solution for these other use-cases, but also for those of existing applications, would clearly be highly desirable. A new access management technology, ABFAB, developed primarily by the education and research community and undergoing standardisation within IETF, may be able to deliver this.

The technology has already been substantially implemented by Project Moonshot, a JANET(UK)-led initiative in partnership with the GEANT project and others; the planned work will be completed during Q3 2011. The technology has been demonstrated with a number of applications; little or no software modifications were required.

This paper argues that an access management system that delivered value to significant parts of the global research and education community could be implemented within months, and at relatively little effort and cost, and without ‘re-inventing the wheel’. This would be achieved through re-use of the global RADIUS infrastructure that currently supports eduroam: it presently incorporates over forty countries on every continent, connecting thousands of organisations and many millions of users. Some minor modifications to this infrastructure would be required but these could be managed almost entirely through upgrades to existing software. Most of the required effort would need to be directed at modifying existing the RADIUS infrastructure’s policies to address the new applications.

This access management system could confer a number of benefits to the community, including:

  • Lower operational costs for service providers and their customers.
  • Increased opportunities for collaboration and revenue generation.
  • Improved user experience leading to greater adoption and use of services.

The purpose of this document is twofold:

  1. To brief the reader of a proposed strategy for establishing a common global access management system by April 2012, that will hopefully lead to discussion and consensus. This paper does not not seek a single access management system; it is instead advocating a common access management system that is available to those that wish to use it.
  2. To ensure that the community is aware of the potential opportunities and other consequences of the technology, so that informed action can be taken.

There is no Internet presence for this proposal at present; the manner in which this proposal is taken forwards – if at all – is a matter for the community. However, a temporary mailing list has been created to support co-ordination in the interim. Parties who are interested in tracking and discussing this proposal are encouraged to subscribe to cgams-announce@jiscmail.ac.uk at http://www.jiscmail.ac.uk.

pixelstats trackingpixel

Filed under:
JANET Development, Technology by josh

Leave a Reply