Last updated: 
2 months 2 weeks ago
Group Manager
At the request of the Research Councils UK e-Infrastructure group, Janet established a working group from 2013-2016 to support those providing and using e-infrastructure services in achieving an approach that both protects services from threats and is usable by practitioners. More detail about the group can be found in the Terms of Reference The Working Group published the following papers: E-infrastructures: Access and Security (summary paper) (Jan 16) Federated Authentication for e-Infrastructures (Sep 14) Technical Security for e-Infrastructures (Nov 14) Authorisation/Group Management for e-Infrastructures (May 15) Policies for e-Infrastructures (Jan 16) Accounting and e-Infrastructures (Nov 16) Information about the Working Group's activities, as well as discussion documents, links and recommendations is linked under the following categories. Unless marked otherwise, all items are works-in-progress and we very much welcome your comments and contributions. Meetings   Presentations Case Studies Discussions Technologies References     Andrew Cormack (WG Chair)

Group administrators:

Federated Authentication for E-infrastructures

25 March 2015 at 8:55am

A growing challenge for on-line e-infrastructures is to manage an increasing number of user accounts, ensuring that accounts are only used by their intended users, that users can be held accountable for any misuse, and that accounts are disabled when users are no longer entitled to use them. Users face a similar challenge in managing multiple authentication credentials for different on-line services. One option, which may provide more efficient authentication for e-infrastructures and a better experience for users, is to build on the account management systems and processes already provided by users’ home universities or colleges. Federating authentication in this way is already commonly used to gain access to networks (eduroam) and electronic publications (UK Access Management Federation). E-infrastructures based on X.509 proxy certificates can implement federated login to certificate stores or issuers, for example, using the Short Lived X.509 Credential Services (SLCS) or Identifier-Only Trust Assurance (IOTA) profiles. Jisc is currently piloting technologies and processes that make federated authentication suitable for a wider range of e-infrastructure services. This paper therefore identifies the authentication services likely to become available to e-infrastructures through federation and considers the benefits they may bring.