Planning the Taiwan Access Management Federation based on Shibboleth

摘要

There are a number of different ways to verify that a user at a computer attached to the Internet may be certified as being entitled to use an electronic resource (usually one that has to be paid for) held on a server elsewhere on the Internet. Authentication by Internet Protocol is appropriate when the user is in a fixed environment, but, to enable a user to have wider access, other mechanisms are needed, the most universally applicable being authentication relying on the information provided by an access management federation using Shibboleth. Shibboleth is a standard-based, open source software package for Web single sign-on across or within organisational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. The requirements for the security of the solution particularly regarding the intellectual property rights of the owners of the data are discussed. Various possible solutions are outlined, based on those in use in the UK Federation, the US InCommon system, the Swiss SWITCHaai, and the Australian Access Federation. The framework and development leading to the implementation of the Taiwan Access Management Federation (TAMF) principally follow SWITCHaai and to a lesser extent the other three Federations. The history, management structure, software used, and the organisations participating in the four federations that TAMF follows are discussed. It is hoped that this could serve as a model for federations around the world.