লেখক পরিচিতি
লেখকের নাম:
মোহাম্মদ জাবেদ মোর্শেদ চৌধুরী
মোট লেখা:৫১
লেখা সম্পর্কিত
Identity Federations
Currently there are literally thousands of websites around the world providing a plethora of different services via Internet. Originally, the protocols for digital communication were mainly designed to exchange information efficiently and reliably. No one predicted that the web services would be so popular and widely used in its current form. At the budding stage, the identities of communicating parties could be assumed, and there was no need to verify it formally. It led to the omission of Identity Layer which could be used for formal verification of Identity. To overcome the issue, the process of authentication was subsequently added to verify claimed identities. The authentication process requires users to register to generate or retrieve required identities which are usually accompanied with a credential or security token.
A credential, in context of an Identity Management system, is a shared secret between a user and a credential provider and is usually used by the user to assert as the legal holder of the corresponding identity. With tremendous expansion of the Internet during 1990s, the number of web-services as well as the user-base was expanding rapidly, more and more identities and credentials were issued, and soon their management became a challenge, for both service providers and users. Identity Management (IdM, in short) was invented to facilitate online management of user identities which resulted in various different identity management systems.
Initially, these systems were not are interoperable, meaning identity authentication performed in one system was not recognised by others. However, with the advent of new business scenarios, cooperation between disparate organizations was felt to provide conglomerated services to enable Business to Business (B2B) transactions. This need gave rise to Identity Federation (also known as Federated Identities or Federation of Identities) which enables organizations to provide services across their own borders by transferring authenticated identities among their trusted partners and collaborators. This article aims to bring this exciting technology into the attention of different stakeholders involved in providing different web-enabled services in Bangladesh.
Case Study:
Higher Educational Institutes in Bangladesh
e-Service in Higher Education sector is extremely important. This allows users (students, teachers, researchers and administrative authorities) to access the respective services from anywhere via Internet. For students, example of such services could be the respective Student Management System that will allow them to update and maintain their student data as well as access library to order new resources and renew their borrowed ones. For teachers, such service could allow them administer course related data and such examples could be given for other stakeholders. Administratively, such institutions consist of different departments each being autonomous yet collaborative in different contexts. As mentioned earlier, Identity Federation offers a lot of advantages in such scenarios. We will present two use-cases to illustrate the advantages in Intra-University and Inter-University settings.
Intra-University
i. Rahim is a student of the ABC University which has enabled Federated services among its different administrative and academic organisations.
ii. Rahim wants to accomplish a few tasks from his home. The focal point of the services offered to the students is the Student Portal System. Rahim visits the Student Portal System.
iii. Like before, the Student Portal System will check if he already has a session. If yes, it skips steps iv and
iv. Rahim is redirected to the central University IdP where he has to authenticate himself.
v. Upon successful authentication, he is again redirected to the portal with his identity information.
vi. Having authenticated himself, he lands on the homepage of the portal.
vii. There are links for different services and he, at first, wishes the check his email and so clicks the link for emails.
viii. He is forwarded to the email service which redirects him to the IdP again (assuming there is no previous session with the email service).
ix. The IdP finds the user is already authenticated and so redirects him again to the email service with the identity information.
x. He can now read, send or do whatever related to the email services.
xi. Once he completes using the email service, he wants to visit the library service to renew his book loan.
xii. He clicks the library link and the usual flows take place.
xiii. After completing the task at the library website, Rahim wants to order his transcripts and so he clicks the Transcript link that will take him the Examination Control Office which is responsible to provide this service and again the usual flows take place.
xiv.Once he is done, he logs out.
A Federated approach has saved time and hassle for him by allowing him to avail different services by logging in just once. In traditional setting, he would have to log in at least four different places.
Inter-University
Collaboration among different universities is a key feature in western universities. Collaboration can have different forms. Federations can be used to securely share such resources across the universities that will allow researchers from one university to access resources located at another university using the credential of the first university. Not only for a joint research program, can federations be used by any related individual of a university to access resources at other universities with minimum effort.
Many countries around the world are adopting federated standards for their rich list of benefits. Government of Bangladesh can get the benefits by adopting the identity federation. Most universities are yet to build their own infrastructures for e-Services. The University Grant Commission can lay down a combined plan that the universities will utilize to build their infrastructures with the possibility for expansion to the federations. As the e-Service landscape of Bangladesh is just forming, we believe that this is the best time to envision the crucial role identity federations can play in e-Services and then plan and act accordingly.