Versions Compared

Old Version 2

changes.mady.by.user Paul B Hill

Saved on

compared with

New Version 3

changes.mady.by.user Paul B Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Provide a single sign-on service for use by MIT web applications requiring authentication
  • Provide a solution for authenticating to web applications from "kiosk machines" and other clients where X.509 certificates cannot be used.
  • Must work with all popular web browsers, and require no additional software to be installed on the user's client machine
  • Must initially support the existing authentication infrastructure (X.509 certificates), as well as username and password over TLS.
  • Central servers will be operated and maintained by NIST
  • Must provide a clear and intuitive interface to the end user, which does not detract from the experience of using the protected web application
  • Must work with all popular web browsers, and require no additional software to be installed on the user's client machineMust be easily integrated into existing application web servers. Procedure must be at least as easy as the current certificate mechanism and even easier if possible.
  • Must offer flexible configuration optionsMust be well documentedMust support web server pools
  • Must initially support the existing authentication infrastructure (i.e. Kerberos and X.509 certificates), and be extensible to support new authentication mechanisms as needed.Must support credential delegationstandards evolve and MIT's needs evolve.
  • Must support integration with eventual authorization systemMust support integration with eventual inter-institutional authentication systemauthorization systems
  • Must provide detailed logging/audit trail for diagnosis of problems.
  • Must support integration with emerging inter-institutional authentication systems
  • Should optionally support credential delegation
  • Ensure 24/7 availability of the service; scalability
  • Central servers provided and maintained by NISTMust support web server pools
  • Central servers must require minimal effort to maintain
  • Must offer flexible configuration options

Technology Requirements

In choosing a base package for web authentication, ISDA was most interested in evaluating packages based on the following criteria:

...

    • Linux platform (preferred)
    • Apache 2.0.46+
    • OpenSSL 0.9.7+
    • cURL 7.10.2+
    • Kerberos v5
    • Perl 5.6.1+
    • Perl modules:
  • *- *-- HTML::Template
    • *-- FCGI
      • Crypt:SSLeay
    • mod_fastcgi (optional)

...