Real Life Solution, Real Life Problems: A-Select, An Open Source Federated Identity Management Solution An Identity 1.0 story

1
Real Life Solution, Real Life Problems A-Select,
An Open Source Federated Identity Management
SolutionAn Identity 1.0 story

• Maarten Koopmans
• SURFnet, maarten.koopmans_at_surfnet.nl
• OASIS Adoption forum 2006

2
In the beginning

• Well, the 90s a chip card for higher education.
• It failed miserably.

3
(2)

• Tests with mobile phones and e-banking (token
  based in NL).
• Piggybacking in 2001-2.

4
Authentication middleware, 2002

• Authentication middleware that could act as a
  switch between multiple authentication methods
  and added SSO as a bonus.

5
A-Select 1.0 Q4-2002

• First lesson choose your project name carefully!
  Authentication selection.
• Well just call it A-Select for now.

6
1.0 features

• SSO
• Multiple authentication methods
• Simple Cross mode, full identity shared between
  domains
• 3 universities, 30.000 users.
• They liked it. We invested.

7
A-Select in 2002
8
A-Select in 2002 (2)
9
The marketing dilemma

• How do you get the other universities to use
  this?
• Encourage usage outside and within higher-ed

10
The question then becomes

• Why dont you use it?

11
2002-3 versions 1.1 1.3

• Logging
• APIs and protocol improvements
• Better user database support
• More AuthSPs

12
A-Select in 2003
13
2003 Build a community

• E-government chose A-Select, as did the public
  libraries
• System integrators
• More universities.
• Some 100.000 users in NL

14
2004 Strengthen the community

• e-government becomes DigiD, keep them on board
• Work together with libraries
• Add features
• fail over
• more application integration components
• Open standards are becoming very important with
  Shibboleth and SAML, especially for higher
  education

15
2004 A-Select diffusion

• Encourage usage via diffusion program target
  100,000 users by the end of 2006.
• Result gtgt 200,000 users in higher ed and more
  are coming!
• Activities
• Documentation
• Integration components
• On site support
• Project consultancy

16
2005 Towards a Federation

• Release 1.4.1 integrating a lot of contributions
  from the community, massive clean-up of the
  codebase
• Release 1.4.2 Adding a simple yet flexible
  authorization engine and attribute acquisition
  (using, CGI, SOAP, LDAP)

17
A-Select in 2005
18
A-Select in 2005
19
2005 Digid more and more visible

• First cities are using Digid as an A-Select based
  IdP
• First tests with online tax forms with Digid as
  IdP

20
2006 Federation for real

• Release 1.5 adds SAML 1.1 with Shibboleth
  profiles. A-Select can act as IdP for
  Shib-protected resources.
• From 2007 onwards Digid mandatory for online tax
  forms
• Millions of users.

21
Federation in 2006
SAML
(SAML)
users
identities
central federation components
resources
22
Winding down

• Apache style licensed
• 98 Java based code
• gt 5 authN Methods
• Healthy market and community
• millions of users
• Incremental growth has paid of from authN to
  federation middleware
• Open source is a viable model for NL as a
  company

23
Whats next

• 1.6
• WS- support
• SAML 2.0 support
• A-Select starter kit (with Linux, reverse proxy,
  ...)

24
Expanding internationally

• Open standards important for collaboration!
• Thank you, OASIS!

25
Questions / discussion
Maarten.Koopmans_at_surfnet.nl