Title: Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story
1Real Life Solution, Real Life Problems A-Select,
An Open Source Federated Identity Management
SolutionAn Identity 1.0 story
- Maarten Koopmans
- SURFnet, maarten.koopmans_at_surfnet.nl
- OASIS Adoption forum 2006
2In the beginning
- Well, the 90s a chip card for higher education.
- It failed miserably.
3 (2)
- Tests with mobile phones and e-banking (token
based in NL). - Piggybacking in 2001-2.
4Authentication middleware, 2002
- Authentication middleware that could act as a
switch between multiple authentication methods
and added SSO as a bonus.
5A-Select 1.0 Q4-2002
- First lesson choose your project name carefully!
Authentication selection. - Well just call it A-Select for now.
61.0 features
- SSO
- Multiple authentication methods
- Simple Cross mode, full identity shared between
domains - 3 universities, 30.000 users.
- They liked it. We invested.
7A-Select in 2002
8A-Select in 2002 (2)
9The marketing dilemma
- How do you get the other universities to use
this? - Encourage usage outside and within higher-ed
10The question then becomes
112002-3 versions 1.1 1.3
- Logging
- APIs and protocol improvements
- Better user database support
- More AuthSPs
12A-Select in 2003
132003 Build a community
- E-government chose A-Select, as did the public
libraries - System integrators
- More universities.
- Some 100.000 users in NL
142004 Strengthen the community
- e-government becomes DigiD, keep them on board
- Work together with libraries
- Add features
- fail over
- more application integration components
- Open standards are becoming very important with
Shibboleth and SAML, especially for higher
education
152004 A-Select diffusion
- Encourage usage via diffusion program target
100,000 users by the end of 2006. - Result gtgt 200,000 users in higher ed and more
are coming! - Activities
- Documentation
- Integration components
- On site support
- Project consultancy
162005 Towards a Federation
- Release 1.4.1 integrating a lot of contributions
from the community, massive clean-up of the
codebase - Release 1.4.2 Adding a simple yet flexible
authorization engine and attribute acquisition
(using, CGI, SOAP, LDAP)
17A-Select in 2005
18A-Select in 2005
192005 Digid more and more visible
- First cities are using Digid as an A-Select based
IdP - First tests with online tax forms with Digid as
IdP
202006 Federation for real
- Release 1.5 adds SAML 1.1 with Shibboleth
profiles. A-Select can act as IdP for
Shib-protected resources. - From 2007 onwards Digid mandatory for online tax
forms - Millions of users.
21Federation in 2006
SAML
(SAML)
users
identities
central federation components
resources
22Winding down
- Apache style licensed
- 98 Java based code
- gt 5 authN Methods
- Healthy market and community
- millions of users
- Incremental growth has paid of from authN to
federation middleware - Open source is a viable model for NL as a
company
23Whats next
- 1.6
- WS- support
- SAML 2.0 support
- A-Select starter kit (with Linux, reverse proxy,
...)
24Expanding internationally
- Open standards important for collaboration!
- Thank you, OASIS!
25Questions / discussion
Maarten.Koopmans_at_surfnet.nl