Get Real: The Security of Your Network Users' Digital Identities Has Become Crucial. It's Time to Look at Authentication Technology. (Technology)

By Warger, Tom | University Business, February 2003 | Go to article overview
Save to active project

Get Real: The Security of Your Network Users' Digital Identities Has Become Crucial. It's Time to Look at Authentication Technology. (Technology)


Warger, Tom, University Business


With hundreds of millions of people using the Internet every day, the task of creating and managing digital identities has become a major challenge for operators of online information services. Many of those Internet users have, in fact, multiple identities (as employees, students, subscribers, customers)--roles, and relationships that need to be accurate, trustworthy, and secure. And each digital identity has its own life cycle, with attributes, credentials, and access permissions changing sometimes daily. Being able to establish authoritatively the identity of network users is the technical domain of "authentication"--the bedrock of Internet-based transactions.

But colleges and universities have historically favored openness of network accessibility over security concerns. For the most part, authentication of users has been accomplished at the threshold of particular applications--primarily e-mail for faculty and students, and enterprise resource planning systems (ERP) for staff and administrative users. License agreements with software and content providers have been enforced by limiting access by IP domain. Right now, some IHEs require all computers used on the campus network to be registered, but many more do not. There are signs, however, that the protection of digital identities is becoming a higher priority on campuses. The University of Colorado-Boulder, for one, set a first-week-of-2003 deadline for encrypted authentication of all e-mail, telnet, and FTP sessions, with the goal of ensuring that no username-password pairings are sent over the network as plain text, which is vulnerable to theft via electronic eavesdropping.

TOO MANY IDENTITIES

Identity information is typically maintained inside each information service or software application at an institution. Passwords and PIN numbers are assigned and managed by the keepers of e-mail library, course management systems (CMS), ERPs, and departmental LANS. What's more, security practices vary widely in methods and rigor, even on the same campus. To cope with the number of different passwords to remember, many users use the same password for each system that gives them the chance to choose their own. Others write down their passwords in notebooks or carry them on paper in their wallets. Both of these measures undermine good password discipline by worsening the extent of any breach of secrecy. Then, in the background, IT staff tending separate repositories of identity information duplicate services, wasting valuable time and talent. Still, for all their effort, the institution's information services are not more secure. Each password-authenticated transaction is only as secure as the practices and standards for that particular application.

FINDING A CORE FOR IDENTITY

The good news is that valuable tools for identity authentication are actually in widespread use. Kerberos, a server-based generator of encrypted, temporary certificates of identity, was developed at MIT and is an open-standard component found in most authentication software. (For more on Kerberos, head to web.mit.edu/kerberos/www/krb5-1.2/index.html) Lightweight Directory Access Protocol (LDAP), another open standard, is used as a repository for storing identity profiles and corresponding access privileges. The most commonly used commercial products implementing these tools are Microsoft Active Directory and Exchange Server (www.microsoft.com). On many campuses, these products were initially adopted to provide e-mail and network account management, but have since gained added value because the LDAP service underlying them can be used for user authentication by many other software packages.

Kerberos and LDAP also figure in the emerging Public Key Infrastructure (PKI) method of user authentication, which uses encrypted "certificates" to vouch for properly identified network users. At Dartmouth College, Kerberos has been in use since the mid-1980s to allow different directory systems--including some custom written at Dartmouth--to share user credentials.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Get Real: The Security of Your Network Users' Digital Identities Has Become Crucial. It's Time to Look at Authentication Technology. (Technology)
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?