You are here

"Friend" lightweight authentication system

Project ID: 
70
Current stage: 
Manager: 
Unit: 
What: 

Description: Develop a lightweight authentication system, similar to (or based on) the cosign "Friend" system, to allow users not affiliated with Informatics to authenticate to our systems.

Deliverables: Additions to the authentication system to support lightweight accounts. May also require authorisation system changes, to support authorising lightweight users.

Why: 

Customer: services-unit, and anyone else deploying systems which require lightweight accounts

Case statement:

When: 

Status:

Timescales:

Priority:

Time:

How: 

Proposal:

Resources:

Plan: We can choose two possible options for this:

*) Deploy the UMICH cosign Friend technology, which will only allow friend authentication to web-based services, which don't rely on using delegated credentials with backend systems

*) Deploy a Kerberos based solution which uses a new realm - FRIEND.INF.ED.AC.UK, with a seperate KDC, and uses cross-realm authentication to provide friend based access. This has the advantage that is far more flexible - and would allow us to provide 'friend' access to non-web services such as AFS.
However, it would require writing our own code.

Other: 

Dependencies:

Risks:

Milestones

Proposed date Achieved date Name Description
2007-07-30 2007-08-06 ifriend-master- Create new KDC for friend principals
2007-08-10 2007-08-13 ifriend-web-int Produce web interface to allow the creation of iFriend accounts
2007-08-03 2007-08-20 ifriend-cosign Modify cosign service to accept iFriend accounts
2007-09-04 2007-08-24 ifriend-backups Create backup arrangements for friend service, including enabling a slave KDC