MIT IS&T wishes to improve web authentication in several ways:
1) We wish to improve the experience for users that are using kiosk machines that do not support the use of soft certificates or hardware tokens.
2) We wish to improve the experience for users new to the MIT community that have not yet obtained a soft certificate or a hardware token.
3) We wish to provide a solution for web server administrators that they will find easy to configure and will not prompt users for a username and password.
The goal of this project is to:
1) develop the technical requirements necessary to improve our web authentication mechanism
2) investigate existing web authentication mechanisms and select a system that meets our desires and requirements
3) prototype an implementation at MIT to flesh out any issues and demostrate the results
4) communicate the work of this effort broadly within IS&T and the community
5) work within the IS&T framework to form a core team that will bring the project to full support and deployment.
Results of the December 15, 2006 meeting:
The current proposed solution will move forward with the Stanford WebAuth Login Server as the core point of authentication and will use Shibboleth components for the application servers. The WebAuth solution will only be used as a method for signing into the Shibboleth infrastructure, and it will not be made available to web application servers as a SSO method at this time, and that there would need to be a further discussion before a change in strategy or direction with the various parties.