University of California, United States of America Executive Director Designate, CNI
The growth in online services is increasing the demand for authentication systems to manage access and improve security for network users and network service providers. The paper provides an overview of issues which are currently arising in the United States in the area of authentication.
It should be emphasised that much excellent work is also being carried out in the United Kingdom through a series of reports on authentication and related technology. This work sets out the issues and options and is providing guidance and leadership which is not available in this is area in the United States. Specific attention is drawn to the work of Andrew Young from Salford University.
Authentication has acquired a much higher priority during the last year. In this process, the problem has been redefined substantially. In the past, the function of a password has been to entitle the user to use ID, to make expenditure, to control access to files etc. In the 1970s, when the concept of distributed computing began to emerge on campuses, for the first time ID was needed for a complex variety of services. KERBEROS emerged in this context from MIT’s ATHENA network. However, this retained the flavour of mainframe systems with an emphasis on the need to identify the user and to manage resources.
During the last year, movement toward networked information resources has begun to make notable progress, creating a market in networked information resources. This market is significantly oriented toward institutions rather than individuals only. Universities are beginning to negotiate site licenses for the use of faculty and students. Unfortunately, the technology is not really available to support this: the networked log-in model does not really work. Institutional machines are required to vouch for individuals in a trust relationship, the implicit statement being that the individual, by virtue of their status as a member of a user community has access to a particular resource (for example, an encyclopaedia or scholarly publishing).
The first attempt to solve this problem, so-called IP filtering does not really work because identifying where the user comes from is problematic: the system does not work well with itinerant students, in the context of university outsourcing, or in the environment of lifetime learners obtaining access through office facilities. A scheme for managing access which is based on physical location of the user is not rational in a networked information environment. This is the essence of the problem which it is necessary to trying resolve. The issue is not about network logging-on, but rather concerned with inter-institutional relationships and communities.
Recognition of this, does not obviate the need for institution-based security. However, the focus has moved. KERBEROS is mature technology, but is not as widely or effectively implemented as may be expected, mainly because it was not considered sufficiently important. The switch to an inter-institutional focus is changing this situation rapidly. Without it, important commercial relationships on which library strategies depend cannot be implemented.
A number of technical options exist in relation to implementation: they are all variations on the concept of certificates. The user is provided with a cryptographic version of an ID card, digitally signed by an authority which recognises them — for example, a university ID card containing more data than can be memorised. The certificate is stored on this card in encrypted form. However, this system has limitations. It does not co-exist well with computer laboratories: use on different selected machines may be problematic, for example in the case of users who want to operate from public machines at different sites.
The interplay of certificates with other systems is a central point. In one trust-based model, there is a strong hierarchy exists for distributing certificates; in another choice more choice exists in relation to who is to be trusted. It is an open question as to how which option is more desirable. The original impetus for certifications came from the for identification of individuals, the concept being: "this ID card from University X says that I am me". It also shows that the individual is affiliated to the institution and therefore entitled to academic discount or to use a particular facility. In the context of access to academic resources it is not statements about identity, but about affiliation which are important together with sufficient ability to track transactions retrospectively to ensure accountability.
There is a clear privacy issue implicit in this discussion. For example, it is not necessary that publishers should be able to harvest details of all individuals using licensed material: all they need to know is that the user was a member of a community. There is perhaps a need for various forms of certification, possibly including some "blinded" forms, for example one which simply indicates that the user is student 7356. Individual accountability without identity may be the a very useful approach. Identity can also be established without making available all attributes of the individual concerned.
There is a need to think through carefully the way in which it is desirable to impact privacy through authentication systems: this a fundamental and central issue. In the area of electronic reserves, for instance, material may be licensed only for one semester for one class. In this circumstance, is it appropriate for each student’s use to be tracked? Technology must be sufficiently flexible to allow decisions to be taken.
A great deal of work remains to be done on authentication, requiring broad-based leadership. The author of the paper is shortly to take up post as Director of the Coalition for Networked Information (CNI). An effort to move matters forward will be high on the CNI agenda. This is needed to support organisational commerce and resource sharing. To be really effective wide deployed is needed. Information providers need to offer it to, but may not yet grasp the nature of the requirement — there is frequent discussion of assigning large numbers of passwords to all users every year, but this appears highly impracticable. The development of a consensual approach by the user community would in all probability be welcomed by providers.
[93] This account was drafted for this report by The Marc Fresko Consultancy. It is based on notes taken during the presentation.