News for and about the Internet2 community

["Lauren Rotman" <>]

Internet2 Introduces Critical Middleware Software and Tools 

Technology to Provide Research and Education Institutions Enhanced Privilege
Management Capabilities 

ANN ARBOR, Mich. - August 7, 2006 - Internet2's Middleware Initiative today
introduced its Signet Privilege Management System and the Grouper Group
Management Toolkit. Signet and Grouper make it easier to manage access to
protected online resources by providing research and academic institutions
the critical software and tools needed to support enhanced institution-wide
role- and permission-based authorization for appropriate access to
resources. 

"Today, universities and other institutions of higher learning face
significant challenges in managing student and faculty access privileges to
online content and campus resources like library and course materials or
even wireless Internet service," said Ken Klingenstein, Internet2's director
of middleware and security, "The Signet System and Grouper Toolkit enable
organizations, both institutional and virtual, to better manage and control
individuals' access to these protected resources. This is accomplished by
providing a framework for the consistent application of authorization rules
across all of their IT systems." 

The Signet Privilege Management System provides institutions an easy to use
framework to manage user access privileges in terms familiar to business
managers and provides a consolidated, shared authorization data repository
that is independent of any specific institutional systems. The Grouper Group
Management Toolkit enables both automated and manual mechanisms for
assigning users to groups based on their individual campus affiliations,
status, or other relevant roles. Both Grouper and Signet can be used
together or stand alone and enable a distributed model for control, so that
those responsible for assigning or delegating user access privileges can
directly manage them to meet their needs across all the necessary campus
systems. 

For instance, a Biology professor can use Grouper to list the students
working on a special project and then use Signet to designate that they
should be allowed weekend access to his laboratory and to an associated
research data set for specified length of time. Signet in turn interacts
with the campus provisioning system to automatically adjust all the affected
systems which secure the laboratory and research database. After the
specified time, the system automatically removes the students' access to
those resources. 

Today at Cornell University, Signet and Grouper are being implemented to
vastly simplify how its community members and visiting students gain
appropriate access to campus services. 
 
"Better support for visiting students is one of the first goals Signet and
Grouper will help us achieve. The software will provide sponsoring units
with an efficient means of assigning and disabling temporary privileges to
students who come here for special classes and seminars throughout the
year." said Andrea Beesing, assistant director for identity management,
Cornell University, "To date, providing temporary access to services has
been very manual and inefficient. This created obvious challenges for quick
scalability and campus security. Today, we're deploying Signet and Grouper
to promote a seamless experience for the students, our faculty and our IT
team."

In addition to the benefit of having a common management service for
distributed control of user access across a variety of systems, Grouper and
Signet facilitate greater accountability and policy compliance, by providing
a consistent application of authority rules and synchronization of authority
data across systems. Business heads and auditors alike benefit from a
transparent and comprehensive view of activity across IT systems.

Klingenstein added, "Since so many people are often involved in accessing
their institution's IT systems, accountability is absolutely key. Using
Signet and Grouper, organizations will have a clear view into system
activity to ensure appropriate usage at all times."

As more and more companies and organizations make information and resources
accessible online, the need for secure access solutions has become critical.
In the future, Signet and Grouper will be able to support the management of
virtual organizations and aid the grid computing community by giving project
teams spread around the world the ability to manage access to resources that
are geographically dispersed. The software and tools also have broad
implications for scientists looking for a way to manage access to their
research resources with the same tools they use to manage their other
academic responsibilities.

"Recognizing the importance of security and identity management in building
and using high-performance networks and technology for the future, the
Internet2 community began the Middleware Initiative to address critical
issues in authentication and authorization in order to create practical and
secure inter-institutional services," said Klingenstein. "The Signet
Privilege Management System and the Grouper Group Management Toolkit
represent another major milestone in this critical ongoing effort." 

Development of Signet and Grouper was supported with funding from Stanford
University and from the University of Chicago and the University of Bristol
respectively. Both were developed with additional support from Internet2,
the NSF Middleware Initiative (NMI) and the Joint Information Systems
Committee (JISC). 

For more information visit: http://signet.internet2.edu and
http://grouper.internet2.edu

About Internet2
Led by more than 200 U.S. universities working with industry and government,
Internet2 develops and deploys advanced network applications and
technologies for research and higher education, accelerating the creation of
tomorrow's Internet.  Internet2 recreates the partnerships among academia,
industry, and government that helped foster today's Internet in its infancy.
For more information, visit: www.internet2.edu. 

Contact:
Lauren Rotman

202.331.5345

###