Applications >> Academia
Challenges

The continued development and widespread deployment of security solutions are vital to increased use of the Internet and Internet applications by Academia. Public-Key Cryptography enables, in an information setting, secure expression of complex relationships among widely distributed users, machines, and organizations. Consequently, research and development of PKI is critical to securing the emerging inter-networked world: in government, commerce, and academia.

The availability of an interoperable PKI will enable new classes of Academic applications as well as permit improvement of the security of existing ones. Many examples can be described that are essential to expanding the academic mission of higher educational institutions. There are also many research questions that will need to be explored in the efforts to provide these services in a ubiquitous and transparent manner, so that PKI will be as widely available and easy to use as network ports are today.

Next-generation applications need a flexible way to decide access control based on many complex attributes, in distributed populations and organizations. Because of its ability to securely express information in such communities, public key cryptography is the perfect building block. Realizing this vision requires identifying and solving trust and usability shortcomings in client, server, and application tools. Academia provides a large set of real problems to drive and test our research work.

Our Solution

Niyamas envisions developing a mechanism for more robust access management of campus and external information resources using existing institutional authentication methods. The target environment is web-based resources and standard web browsers. No modification of the browser is required but some additional software for web servers is used.

Our model includes the notion of a formal agreement between the resource provider and the authentication domain of the User, but this formality could be relaxed if needed.

An important tenant of this model is that the User’s authentication “secret” never be given to a platform in another authentication domain. This includes even the notion of who that User might be, regardless of their credential. Only if the remote service actually requires specificity, and this has been agreed to by the User’s authentication domain, would any such information be revealed.

This model assumes that prior to operation; the Service Provider enters into an agreement with the Campus that allows members of the Campus community to gain access to one or more Services from that Provider. The rules for eligibility and the User Attributes that may be supplied to the Service are negotiated.

Finally, a set of “Service Names” is provided to the Campus and PKI public keys are exchanged so that authentication information between the Service Platform and the Campus Authentication Proxy can be signed and validated. The Campus then completes one or more Service Profiles for that Provider’s Services.

Applications:

Controlled access to copyrighted materials for students

Electronically signed submission of student assignments with timestamp

Protect sensitive data used by researchers while enhancing its availability

Expand use of Campus Directory while protecting individual privacy

Secure wireless networking

Applications for Federal Student Loans and Services

Student and Faculty electronic interaction with administrative systems