 |
||||||||
 |
||||||||
 |
||||||||
 |
||||||||
 |
||||||||
 |
||||||||
|
||||||||
|
|
While much work to date on authentication and access control has been focused on the institutional context -- the authentication of members of an institutional community as part of the control of institutionally controlled resources -- the CNI program is cast within a framework of facilitating electronic commerce in content among organizations. The specific scenarios of interest are those where an organization contracts for access to a networked resource on behalf of the members of its user community; in order to implement such a contract both technical and policy arrangements must be established among the individual users, their parent organization, and the content provider. Technical mechanisms are needed to allow the content provider to identify authorized members of the licensing institution's user community; policy issues arise and interact with the technical mechanisms chosen in establishing the appropriate balance of privacy and accountability as members of that community make use of the resource. The objective of the CNI program is first to establish a common taxonomy of best practices and de facto standards that can be used to facilitate both the negotiation of contracts and the actual implementation of access arrangements, and then to move to proof of concept testbeds that actually validate the technical approaches in practice. To the extent that common practices can be developed, they should facilitate the use of network-based access to information resources without the need for extensive custom development on the part of both user institutions and content providers in support of each license agreement, and thus should contribute to a broader and more liquid marketplace in networked information. The first step of the program will be to develop a white paper. This white paper will summarize architectural models for inter-organizational access management, and will outline technical and standards issues involved in each model, as well as discussing privacy, accountability, and management issues implicit in each model and the extent to which they are addressed by technical or contractual provisions. CNI will take leadership in developing this white paper, working in conjunction with volunteers, who will both contribute to and review the white paper. The initial work will be done primarily through an electronic mail list, possibly supplemented by one or more conference calls if appropriate. Work on the white paper will culminate in late March with a day-long meeting -- most likely in the Washington DC area -- to review a final draft. The white paper's conclusions will be presented to the broader CNI community at the Spring CNI Task Force Meeting in Washington on April 14-15,1998; a session at that meeting will also seek to begin work on establishing one or more implementation testbeds. I expect that as design of the testbeds advances, CNI will issue additional testbed-specific calls for participation. Organizations will be able to participate in the testbeds even if they do not contribute directly to the development of the white paper; similarly, involvement in the white paper work does not imply a commitment to participating in subsequent testbed work, although obviously I hope that many of the organizations who contribute to the white paper will go on to testbed deployments. In moving forward on this initiative, CNI seeks and welcomes the participation of not only a wide range of publishers and other network-based content providers and academic institutions (represented both through their libraries, as the focal point in developing license agreements, and through their information technology organizations, as primary developers of the authentication and access control infrastructure for the institution), but also public, state and corporate special libraries concerned with contracting for access to information resources on behalf of their patron communities, and library systems vendors, who will play an important role in providing access management infrastructure components for some libraries. Recognizing the broad significance of access management, and its interactions with many other institutional information technology initiatives, CNI is committed to work closely with its sponsor organizations -- CAUSE, Educom (and Educom's Networking and Telecommunications Task Force), and the Association of Research Libraries -- as well as the Common Solutions Group, the University Consortium for Advanced Internet Development (Internet 2), the Digital Library Federation and other interested organizations to make progress in this area. We will also be keeping in close touch with developments already underway in the United Kingdom higher education community. As a first step, I am eager to hear from representatives of organizations interested in participating in the development of the white paper, and ask that they contact me to join in this work. They should be prepared, as part of their participation, to discuss the requirements of their organizations and authentication and access management approaches that have been deployed or are under consideration, as well as policy issues that provide a context for their planning. An email message with some background on your organization's perspective and approach to these issues would be most useful. Given the tight timeframe, I would be grateful for responses by February 10. I would also welcome any questions or thoughts on how to move this initiative forward from the community.
![[Image: Clifford's Signature]](/Images/TN/CliffordL.gif) Clifford A. Lynch Executive Director, CNI cliff@cni.org 202.296.5098
![[Backward]](/Images/larrw.gif)
![[To Index]](/Images/index.gif)
![[CNI Home Page]](/Images/home.gif)
|
||||||
|
