• About ET
• Initiatives
• Publications
• Search

---

Special Projects

At any given time, ET will be involved in projects which have University-wide or national involvement and do not fit into ET's traditional initiatives framework. These are known as Special Projects. The most current projects of this nature are listed below.

Current Special Projects include:

• LionShare -- ET's LionShare team continues to participate in the development of the Mellon-funded Lionshare Project. ET has created a new Certification Authority, the SASL-CA, which issues short-term certificates to users with valid credentials. The SASL-CA has the potential to accept credentials in a variety of formats but currently, only Kerberos is supported. The ET LionShare team created the SAML-based Lionshare Security Profile, which makes use of short-term certificates issued by a SASL-CA. Additional work is being done to build a Lionshare module for the Shibboleth Attribute Authority to allow for self retrieval of attributes with Holder-of-Key confirmation.


• eAuthentication -- ET is participating in the eAuthentication Initiative to assess and assure ITS' current identity management processes. The eAuthentication Initiative standardizes levels of authentication assurance, assessment of authentication systems for each level, and methods of federated authentication between organizations. Federated authentication is part of federated identity management; it allows organizations to rely on digital credentials issued by partner organizations even if partners deploy different authentication technologies, such as passwords or public key infrastructure (PKI). Federated authentication attains interoperability by specifying the exchange of standards-based authentication assertion formats, scales well to nationwide or Internet-wide use, and is experiencing growing adoption. However, considerable effort is still required to broker trust relationships within or between federations, and to assure interoperability between products. The eAuthentication Initiative is doing what is necessary to create a government-wide federation that also includes industry partners and citizens (reference: Burton Group Report on the Federal eAuthentication Initiative. In addition, ET is working with the Interoperability Sub-Working Group of The Electronic Authentication Partnership to develop straightforward means of relying on digital credentials issued by a variety of eAuthentication systems. One of the long-term goals is to define methods of interoperability between federations as well as individual units.

As part of our eAuthentication efforts, ET and other ITS units are participating in several national pilot projects:

• Credentials Assessment -- Penn State and three other universities (University of Washington, Cornell University, and University of Maryland Baltimore County) participated in a federal credentials assessment audit based on the Credentials Assessment Framework. The Credential Assessment Framework (CAF), based on technical and policy guidance from the Office of Management and Budget (OMB) and the National Institute of Standards and Technology (NIST), provides a structured means for delivering assurances to federal agencies as to the veracity, and thus dependability, of identity credentials and tokens. One of ET's objectives is to perform a gap analysis of identity management practices in higher education.