Middleware Workshop
Chairman :
Kazu Yamaji
Members :
Yasuo Okabe
Kento Aida
Nate Klingenstein
Motonori Nakamura
Objectives :
This session will encourage the collaborations of middleware developers and those responsible for identity management and directory services to discuss ways to get campuses ready for middleware technologies so that end users can connect to the network and access resources (online journals, collaborative services, grid applications, wireless roaming, etc.) in a secure, scalable and manageable way. This workshop may also include some Grid Middleware talks.
Target Audience :
People who are engaged in and/or interested in middleware on the network services, such as access management federation, wireless roaming, grid computing and collaboration tools.
Expected Number of Participants :
Agenda :
Session 1
  • 14:00 - 14:30 ID Management in University - Slides

    - Kenzi Watanabe, Saga University Japan


    In this presentation, I will mention necessities ID management in University from various aspects with taking the case of Saga University at first. From a technical aspect, integration is needed of ID management for educational systems. From a university evaluation aspect, unique ID is necessary for all researchers in university to gathering activities their research outcomes, education, social contributions and so on. Then, I will mention some issues for implementing ID management systems.


    Kenzi Watanabe did his Bachelor of Science and Master of Science in Physics from Saga University, Japan in 1987 and 1989, respectively. He received PhD degree in Information Science from Saga University, Japan in 1998. He is presently a Professor in the Department of Information Science, Graduate School of Science and Engineering, Saga University, Japan. His research interests are intelligent educational systems, advanced Internet technologies and applications.

  • 14:30 - 14:50 Update of Japanese Academic Access Management Federation GakuNin in 2011 - Slides 1 Slides 2

    - Motonori Nakamura and Kazu Yamaji, NII Japan


    The Japanese academic access federation, GakuNin, is deploying federated identify in Japan using the SAML 2.0 standard, primarily with Shibboleth software. GakuNin entered production operation in 2010, and has grown today to 34 IdPs and 33 SPs. This talk summarizes the GakuNin progress in the 2011 and the future plan, especially how to expand our trust framework in terms of level of assurance. In order to accelerate its activity, the federation focuses on additional technologies beyond just operational management. Of these new technologies, we will specifically introduce our user consent acquisition system, new discovery service tool, virtual organization system and its related services.


    Motonori Nakamura graduated from Kyoto University, Japan, where he received B.E., M.E., and Ph.D. degrees in engineering in 1989, 1991 and 1996, respectively. Currently he is a professor at the National Institute of Informatics (NII), Japan and the Graduate University for Advanced Studies (SOKENDAI).

    Kazu Yamaji received his Ph.D. degree in Systems and Information Engineering from the Toyohashi University of Technology, Japan, in 2000. Currently he is an associate professor at the National Institute of Informatics (NII), Japan. His primary research interests include modeling and developing trusted e-science space in order to share and reuse research materials.

  • 14:50 - 15:05 Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan - Slides

    - Eisaku Sakane and Kento Aida, NII Japan


    Building of High Performance Computing Infrastructure (HPCI) is now in progress in Japan. HPCI includes supercomputers and storages managed by universities and research institutes. We built an authentication system for HPCI. The authentication system realizes single sign-on over all resources and enables distributable user management by ID federation mechanism. We used Grid Security Infrastructure (GSI) and Shibboleth system as key technology. Passing through pilot operation of the system, we are now preparing operation in production level. This talk presents our authentication system and its pilot operation, and discuss issues toward production level operation in next fiscal year.


    Eisaku Sakane received his Doctor of Science from Osaka City University, Japan, in 2003. Currently he is an associate professor (by special appointment) at the National Institute of Informatics (NII), Japan. His research interests are grid computing, authentication and authorization system.

  • 15:05 - 15:20 Expanding eduroam in asian countries - Slides

    - Hideaki Sone, Tohoku University Japan


    Topics in this talk will be from introduction of eduroam, to evaluation of use of the Delegate Authentication System (DEAS), as well as eduroam JP update after the great earthquake disaster.


    Hideaki Sone is a professor at Tohoku University Cyberscience Center, and his research field includes information network systems. He also works with NII for eduroam and information security policy.

Session 2
  • 15:30 - 16:00 Update of AAF's middleware initiatives: Federation Registry management tool, AAF National Entitlement Server project for fine-grained authorisation - Slides

    - Heath Marks and Terry Smith, Australian Access Federation


    Heath Marks is the Manager of the Australian Access Federation (AAF). Heath was appointed by the Council of Australian University Directors of Information Technology (CAUDIT) in July 2009 to head a Team to support the AAF's operations, engage with the higher education and research sectors and more specifically grow the Federation into the future. Heath has over 13 years experience in the delivery of Information Technology in the tertiary sector.

    Terry Smith is the Technical Manager of the Australian Access Federation (AAF). In early 2009 Terry managed the AAF Pilot project that boot-strapped today's AAF operation. Terry is responsible for the ongoing operation of the federation and for providing support and training activities to the AAF subscriber community. He has been working in Identity and Access Management in the tertiary sector for more than 25 years.

  • 16:00 - 16:40 tiqr: an innovative approach to 2-factor authentication using modern smart phones - Slides

    - Roland van Rijswijk, SURFnet Netherlands


    Authentication is of paramount importance for all modern networked applications. The username/password paradigm is ubiquitous. This paradigm suffices for many applications that require a relatively low level of assurance about the identity of the end user, but it quickly breaks down when a stronger assertion of the user's identity is required. Traditionally, this is where two- or multi-factor authentication comes in, providing a higher level of assurance. There is a multitude of two-factor authentication solutions available, but we feel that many solutions do not meet the needs of the research and education community. They are invariably expensive, difficult to roll out in heterogeneous user groups (like student populations), often closed source and closed technology and have usability problems. In this talk, we will introduce tiqr, an innovative approach to two-factor authentication we developed that uses the features of modern smart phones to provide a secure and easy-to-use system and is available for free in open source.


    Roland van Rijswijk works as Technical Product Manager for several SURFnet services and manages the tiqr project. He is responsible for innovation management in the area of Internet security. Roland obtained a Master of Science degree in Computer Science from the University of Twente (2001), after which he worked in software development for Philips, Advanced Encryption Technology (AET) and InTraffic. His expertise is in the application of high-end cryptography. Roland joined SURFnet in 2008.

  • 16:40 - 17:10 InCommon Update: Net+, Assurance, Research & Scholarship, Admissions - Slides

    - Nate Klingenstein, Internet2 USA


    InCommon has become a large federation. Size and importance have created many opportunities for InCommon to innovate in deployment. A general update about InCommon and its membership will be first. Next, four big InCommon initiatives will be discussed.

    • Net+ offers universities discount prices on major cloud services, delivered over the fast Internet2 network, using InCommon identity.
    • InCommon Assurance is making higher trust applications a reality, certifying Identity Providers for applications that need strong identity.
    • Research & Scholarship (R&S) marks applications used for research and education. Universities can then write one simple attribute release rule for all R&S applications, and new applications can receive attributes without working with every identity provider.
    • The InCommon Admissions project is working with the CommIT Collaborative to build an identity infrastructure for the college admissions process that can integrate test scores, school transcripts, recommendations, and more, with a single login, strong trust, and privacy controls.


    Nate Klingenstein is a member of the Shibboleth core team and works for InCommon in roles with the Technical Advisory Committee, Assurance, and Training teams. His primary research interests include sharing identifiers and identities across domains and the attribute aggregation needed to make it happen, modeling and sending of rich identity data, the nature of identity vs. identifier vs. attribute, holder-of-key federated identity, and modeling externally facing enterprise middleware interfaces. He co-chairs the OASIS SSTC, the standards committee that defines SAML and its many extensions, co-chairs the APAN Middleware WG, and works with a variety of other standards organizations including the ITU-T and ISOC.

  • 17:10 - 17:30 Discussion
Remarks :
Video Conference facility is needed.
We desire to have our middleware session in conjunction with REFEDS session on the same day. REFEDS session will be proposed by Nicole Harris (REFEDS Secretariat and JISC Advance). Similar to that of the previous one in India, the best arrangement for us is as follows,
  • REFEDS session in the morning then
  • Middleware session in the afternoon

© Copyright 2009-2012 APAN | | Last updated: 01 Feb 2012