Universal Authentication

Continued from page 1

By David Talbot

While some U.S. universities have been using Shibboleth since 2003, adoption of the system grew rapidly in 2005. It's now used at 500-plus sites worldwide, including educational systems in Australia, Belgium, England, Finland, Denmark, Germany, Switzerland, and the Netherlands; even institutions in China are signing on. Also in late 2005, Internet2 announced Shibboleth's interoperability with a Microsoft security infrastructure called the Active Directory Federation Service.

Critically, the system is moving into the private sector, too. The science and medical division of research publishing conglomerate Reed Elsevier has begun granting university-based subscribers access to its online resources through Shibboleth, rather than requiring separate, Elsevier-specific logins. And Cantor has forged ties with the Liberty Alliance, a consortium of more than 150 companies and other institutions dedicated to creating shared identity and authentication systems.

With Cantor's help, the alliance, which includes companies such as AOL, Bank of America, IBM, and Fidelity Investments, is basing the design of its authentication systems on a common standard known as SAML. The alliance, Cantor says, was "wrestling with lots of the same hard questions that we were, and we were starting to play in the same kind of territories. Now there is a common foundation....we're trying to make it ubiquitous." With technical barriers overcome, the companies can now roll out systems as their business needs dictate.

Of course, Cantor is not the only researcher, nor Shibboleth the only technology, in the field of Internet authentication. In 1999, for instance, Microsoft launched its Passport system, which let Windows users access any participating website using their e-mail addresses and passwords. Passport, however, encountered a range of security and privacy problems.

But thanks to the efforts of the Shibboleth team and the Liberty Alliance, Web surfers could start accessing multiple sites with a single login in the next year or so, as companies begin rolling out interoperable authentication systems.

OTHER PLAYERS
Universal Authentication

Stefan Brands -- Cryptology, identity management, and authentication technologies
McGill University

Kim Cameron -- "InfoCard" system to manage and employ a range of digital identity information
Microsoft, Redmond, WA

Robert Morgan -- "Person registry" that gathers identity data from source systems; scalable authentication infrastructure
University of Washington

Tony Nadalin -- Personal-identity software platform
IBM, Armonk, NY

Home page image courtesy of Bryan Christie Design.