skip navigation
University of Illinois | Home | Help Desk | Status | CIO | Site Map |
CITES logo go to navigation

CITES Authentication Roadmap (2005 Draft)

CITES > roadmaps > authentication > authentication roadmap

Definition

Authentication allows an identity to be linked to a user -- it is the key to enter the front door of the campus network, network services, and applications. Usernames and passwords are the ubiquitous form of authentication today.

Goal

CITES' goal is to offer an authentication service which is customer friendly, and extensible to campus units, while maintaining sufficient security, privacy, and auditability. The authentication service should be adaptable as needs change, allowing mandated and best practice guidelines for authentication to be met.

Strategic Directions

There will be three key areas of focus over the next several years:

1) Reduction of passwords

Establish a single strong password for each user, and provide flexible yet secure methods for services and applications to leverage this password while maintaining its integrity.
Additionally, the number of times when a user needs to enter this password during a particular work session should be minimized, moving towards single sign-on for many services or where possible. This should be achievable over the next 18 months.

2) Federated authentication

Establish the trust relationships, standards, and framework that allow for authentication services operated by different entities, whether that be within the University, with other universities, or with other external partners, to be leveraged as part of the CITES-provided authentication service. Federated authentication options include cross-forest trust between Active Directory deployments and Security Assertion Markup Language (SAML)-based authentication assertion services like Shibboleth from Internet2. This should be achievable over the next 1 to 3 years.

3) Higher levels of assurance (multifactor authentication)

Where data policy and risk level demand, a higher level of authentication assurance should be utilized, and the authentication service will need to support such graduated, or "step-up", authentication. Higher levels of assurance are achieved by using multifactor authentication like smart cards, one-time password devices, biometrics, etc.
This should be achievable over the next 2 to 4 years.

 


  Services by Category   Services by Audience
* Calendaring * New to Campus?
* Classroom Technologies * Students
* Computer Facilities * Faculty & Staff
* Computing Accounts * Instructors
* Educational Technologies * Techsupport Providers
* Email  
* Networking & Remote Access   Other Help
* Passwords * Training
* Security * Computing & Networking 101
* Services For Departments * Contacts
* Software * Glossary
* Telecommunications    
* Complete List of Services    

 

CITES welcomes comments about our services and comments about our web site.
Return to the top of this page.
Last modified August 26, 2005