Authentication Services Roadmap

Where is CITES headed with authentication services?

The CITES authentication roadmap describes CITES plans to reduce the number of CITES passwords to a single strong password model. The points in the roadmap are explained in the following whitepapers:

• Reduction of Passwords Whitepaper (Draft)
• Higher Levels of Assurance Whitepaper (under development)
• Federated Authentication Whitepaper (under development)

CITES welcomes input on our roadmaps. Please visit the Roadmap Feedback Form if you would like to send us your comments on the authentication roadmap.

What does this mean?

Users

The user will have a single password to log in to CITES services, which will reduce frustration from having to remember and manage separate passwords. Additionally, CITES will work to reduce the number of times users must enter their password in a single session at the same computer. Because the single password would allow access to essential services and sensitive information, the user will need to be diligent in protecting it.

Departmental IT Support

With one password to remember, the users supported by the departmental IT staff will experience fewer difficulties logging in to CITES services. Password resets due to forgotten passwords will also decrease. Departmental and college IT support staff should see a corresponding drop in their support burden for password-related issues. More complex problems might also become less time-consuming when IT support staff no longer have to refer users to CITES to reset a password before proceeding with troubleshooting.

College and Departmental Services

Diminished support needs for a single CITES password might make CITES authentication services more attractive to college and departmental application developers. Note: We look forward to working with college and departmental IT staff to explore the ramifications for their units.

How do we start?

The following describes how CITES will take the first steps towards a single strong password model (assuming adequate funding and resources):

Consolidation of passwords: Currently, all passwords needed for CITES services can be set at the Password Home Page, with the exception of the Active Directory (AD) password used for CITES NetFiles and the Campus AD Windows system. CITES plans to incorporate the AD password reset application into the Password Home Page, which will make the page the single source for password resets. This change will move CITES closer to the ability to synchronize all its passwords so that to the users' perception they are setting and using a single password for CITES services.

Prior-Authentication: Many departments use Bluestem to authenticate users to web applications. CITES plans to develop a Bluestem capability that recognizes if a user is already logged in to another Bluestem-protected application and accepts that as authorization instead of prompting for a login and password again. Consequently, prior-authentication will reduce the number of times a user must log in to Bluestem during a single session at a computer. Departments and colleges would have the option of accepting prior-authentications on their Bluestem applications and could set a limit to the length of time a login would be valid.

Simplification of Password Resets: The convenience of a single password comes with a caveat: a forgotten password will mean more services the user will be unable to access including critical applications that the user needs for day-to-day activities, so users must be able to reset their password with a minimum of time and difficulty. A project is already underway in CITES to develop an application that will allow users to reset their NetID password without the need to contact the CITES Help Desk for assistance. Referred to as the Self-Service Password Reset Tool, this project is relevant to the Authentication Project because it helps CITES move in the direction of a single password model where users could quickly reset their password without a dependency on CITES or other departmental support staff.

Campus- and University-Level Password Consolidation: A tentative plan to synchronize the campus-level and university-level strong password is under discussion by the Common Architectural Vision and Roadmap Committee (CAV), which includes representatives from each campus and university administration.