著作: [金西 計英]/[松浦 健二]/[三好 康夫]/[嵯峨山 和美]/Takagi Tomohiro/[矢野 米雄]/Design of Authentication Infrastructure for the WEB Service Federation between Universities/Proceedings of Association of Pacific Rim Universities 9th Distance Learning and the Internet Conference 2008(DLI 2008)
(英) Design of Authentication Infrastructure for the WEB Service Federation between Universities
(英) Recently the computerization of the higher education progresses rapidly in Japan. Especially, the WEB service such as the library system, the course registration system and LMS attracts attention very much. A variety of WEB services are developed, and improve the usefulness of user such as students and faculty members. There are ever-increasing amount of web services. Appropriately managing of several services for the user is becoming difficult. The managing two or more passwords is borne by the user. Developing the framework that cooperates between the WEB services, and offering it are important. As for the cooperation of the WEB services, the research and development are advanced as WEBSSO (WEB Single Signe On). We also develop the framework that cooperates between the WEB services and verify it. In addition, the demand on the cooperation interorganizational the WEB service is increase in these days. Such cooperation is called federation. Therefore, a new framework different from existing WebSSO architecture is needed. It is necessary to strictly correspond to user's management and severely to share the authentication information for several organizations. For example, the library system for another university can be used by achieving interorganizational federation. This doesn't mean that the service open to the public is used. The student at other university is treated just like the student at own university. Adaptive management of the authentication and authorization is necessary to achieve the federation. So, this study proposes the new model of the authentication and authorization. We achieve the federation by using OSS middleware Shibboleth that is developed at Internet2. However, the function is insufficient only the Shibboleth. Then, we have enhanced the Shibboleth. For the federation, personal information provider and service provider should cooperate appropriately. Policies are exchanged among both the providers beforehand. Data (personal information) is dynamically exchanged based on this policy. Processing such as switching service between student and teacher becomes possible at the stage of the authentication. In addition, to verify the effectiveness of federation based on the management of the authentication and authorization, a prototype environment was constructed. The experimental environment is constructed of two or more WEB service servers and a personal information server. The federation model is verified on the experimental environment. The authentication and authorization are continued to function normally based on this model. We confirm the certain effectiveness.
(英) Proceedings of Association of Pacific Rim Universities 9th Distance Learning and the Internet Conference 2008(DLI 2008)
|年月日||必須||2008年 11月 19日|