Download publication - Surf

cakeexoticInternet and Web Development

Dec 13, 2013 (3 years and 8 months ago)

175 views



A
Report

for

SURFnet

COIN Feasibility Study

January

2011

Engagement:

223530510


Report

for
SURFnet

January

2011

Page
i



Engagement:
223530510

Version
1.2

COIN Feasibility Study

Table of Contents

1
.0

Introduction

................................
................................
................................
......

3

2.0

Vision

................................
................................
................................
................

4

2.1

Definition

................................
................................
................................
............

4

2.2

Service Co
nsumption

................................
................................
.........................

4

2.3

Identity Provisioning and Attribute Sharing

................................
.........................

5

2.4

Identity Federation in Higher Education

................................
..............................

6

2.5

Unified Communication and Collaboration

................................
..........................

6

3.0

Technology

................................
................................
................................
.......

8

3.1

Architecture Overview

................................
................................
........................

8

3.2

Identity Federation

................................
................................
.............................

8

3.3

Attribute Sharing

................................
................................
..............................

11

4.0

Conclusions and Recommendations

................................
...........................

13

4.1

Conclusions

................................
................................
................................
.....

13

4.2

Recommendations

................................
................................
...........................

14

References

................................
................................
................................
..............

16





Report

for
SURFnet

January

2011

Page
2



Engagement:
223530510

Version
1.2

COIN Feasibility Study


Report


Report

for
SURFnet

January

2011

Page
3



Engagement:
223530510

Version
1.2

COIN Feasibility Study

1.0

Introduction

Today, SURFnet deploys the SURFgroepen

platform which provides collaboration
functionality for academic institutions in the Netherlands. SURFgroepen is based on
Microsoft SharePoint technology. SURFgroepen required substantial customization to make
it work on the Internet. Furthermore, it appe
ared to be virtually impossible to integrate
SURFgroepen functionality in academic portals.

COIN ―
middleware
layer

SURFnet
Reference
client
SURFnet
Custom
Client
applications
3rd Party
Organi
-
zation
Collaboration
Services

Figure
1

COIN acts as a “man in the middle” between (collaboration) services and specific
client applicatio
ns

SURFnet initiated a study towards a more open collaboration infrastructure dubbed COIN as
depicted in
Figure
1
. The
vision for

COIN
goes beyond the sharing of collaboration
functionality across educational institutions and aims to
provide a generic infrastructure that
enables a seamless integration between
service providers

and
service consumers
.

SURFnet is
currently

implementing this infrastructure. For this implementation SURFnet has
made a number of technology choices.

SURFnet

has asked Gartner to assess the
se

choices.
T
he objective of this feasibility study is to answer the following questions:



To what extent is the COIN vision aligned with market developments?



Are there any initiatives known to Gartner that may render COIN ob
solete in the near
future?

This report is written for our sponsor Frank Pinxt and all those involved in the development
of COIN.

Chapter 2 examines on the vision for COIN. Chapter 3 assesses the technology choices
regarding identity federation en attribute

sharing.
Finally, chapter
4

provides our conclusions
and recommendations.


Report

for
SURFnet

January

2011

Page
4



Engagement:
223530510

Version
1.2

COIN Feasibility Study

2.0

Vision

In this chapter we examine the vision

for COIN
.

First, we give the definition of
the vision.
Then, we examine the relevant market trends

regarding service provisioning using

Internet
technology
.
Furthermore, we assess

the developments in the area of identity provisioning
and attribute sharing
.

We conclude this chapter with an view on unified communication and
collaboriation

2.1

Definition

The objective of COIN is to provide an in
frastructure that enables a seamless integration
between
service providers

and
service consumers
.

In essence the vision of COIN is based
on three pillars:



Services are mainly provided by ―others‖



Educational and Research Institutions

act as identity provid
ers of service consumers



SURFnet‘s role is to act as ―man
-
in
-
the
-
middle‖

COIN
enables
three categories of service providers

to share their services on the
infrastructure
:



Education
al

and Research
Institutions



The universities and colleges provide
different services (like e
-
learning

and computing

environments) to their users.
Through COIN these services can be shared with users from other institutions.



Third Parties



SURFnet is developing contracts with thir
d parties (like Google and
Microsoft) to provide services (like collaboration, office apps) through the COIN
infrastructure.



SURFnet



SURFnet has developed various services
in the past
(like an extensive
media library). Through COIN these services
will

be provided to all connected
institutions.

Once a SURFnet service is rendered obsolete by market developments
SURFnet will replace its service by a market alternative.

Service consumers are e.g. students, university and college staff.
Each consumer in the

COIN ecosphere has a certain set of user attributes. These attributes describe specific
features of the individual user. These attributes are maintained by the identity providers but
can also originate from the service providers. A specific set of attribu
tes can be shared
across the service providers through COIN. An example is the group attribute which provides
information on group membership.

To be able to act as the ―man in the middle‖ the COIN platform provides two important
functions:



Identity Federat
ion



Enabling the cross
-
sharing of identities from multiple identity
providers to multiple service providers.



Attribute Sharing



Enabling the cross
-
sharing of user attributes from multiple identity
providers between multiple service providers including t
he group context of users.

2.2

Service
Consumption

With the advent of
fast and reliable Internet connections

and the standardization of web
services the usage
cloud computing

has accelerated over the last couple of years. Gartner
defines cloud computing as a s
tyle of computing where scalable and elastic IT capabilities
are provided as a service to multiple customers using Internet technologies.

Report

for
SURFnet

January

2011

Page
5



Engagement:
223530510

Version
1.2

COIN Feasibility Study

The three types of cloud computing as defined by NIST

(National Institute of Standards and
Technology)

are widely
acce
pted by the market. These types are:
Infrastructure as a Service
(IaaS), in which a computing resource such as processing power or storage is provided;
Platform as a Service
(PaaS), in which tools for the construction of point solutions are
provided; and
S
oftware as a Service
(SaaS), in which the service provides functionality
similar to an end
-
user application.

Another rele
vant trend is the trend of
mash
ups
.

Mashup software in higher education is
simply that which brings functionality and/or data together
from more than one source. The
more formal Gartner definition is that a mashup is a lightweight, tactical presentation
-
layer
integration of multisourced applications or content in a single, browser
-
compatible offering.

Higher education has embraced mashups
, and many institutions have some applications
and/or projects that use mashups.
There are many examples of universities combining feeds
from Twitter, Facebook and Linked
-
In accounts, YouTube videos into a single experience on
their websites.
Academic and
administrative applications are likely to include mashups
.

There is also a strong shift from point solutions towards commercial
-
of
-
the
-
shelve or
packaged solutions. The big ERP systems (Oracle and SAP) are a good example. Instead of
developing functionali
ty by themselves which is a complex and expensive activity more and
more organizations shifted towards configuring packaged solutions.

The bottom line:

IT is
becoming more and more commoditized.

Nicholas Carr makes an interesting parallel between the elect
ricity grid and cloud computing

in his book ―The big switch‖
.

When electricity was coming up late 19
th

century many factories
deployed their own generators. Only when entrepreneurs like Edison noticed the potential of
economies of scale by putting generato
rs together the electric grid took off. Something
similar is happening with computing. Today, most organizations still deploy their own
hardware. Cloud computing provides an economy of scale offering more flexibility and lower
costs.

We conclude that the f
irst pillar of COIN

(services are mainly provided by ―others‖) is fully in
line with
today‘s
market developments.

2.3

Identity
Provisioning
and Attribute Sharing

Developments in identity provisioning
have been slow so far
. We have seen technologies as
Single Sign
-
On
(SSO)
to establish a single identity within an enterprise

making a slow
adoption
. We have seen generic Internet identities provider initiatives as Microsoft Passport

and the Liberty Alliance fail.

Today
we see
the main
service providers also act
ing

as identity providers. Through mergers
and
acquisitions

a landscape is emerging where a number of large identity providers share
identities

across the various services

within their realm. The most important ones inclu
de:



Microsoft Live



Google



Facebook



Yahoo

There is an obvious market for independent identity providers. Banks and telco providers
have been mentioned often as potential providers in this area. However, so far no break
-
through developments have occurred.

The attribute sharing part of the COIN initiative is somewhat comparable with
citizen data
vaults
. Citizen data vaults are services that provide data subjects with the ability to access
their data outside the context of a particular government transaction
and allow them much
-
finer
-
grained control about who, when and how data can be accessed within the relevant
Report

for
SURFnet

January

2011

Page
6



Engagement:
223530510

Version
1.2

COIN Feasibility Study

legal framework that they are subject to. They also save constituents from redundant data
entry and assist in passing information generated in one go
vernment setting to another
setting. The first offerings that cover multiple government domains will emerge around 2014,
but they won't start getting traction until after 2018.

The Dutch government has established DigiD which provides all citizens a digita
l identity.
DigiD is used by some government
administrations
.
Although the Dutch government has
formulated certain ideas t
he
realization of a
Dutch
citizen data vault

still seems far away.

An

interesting initiative to take a closer look
at
is Mydex
,

a UK i
nitiative, which has the
objective to restore the control of individuals
over the management and sharing

of their
personal data (attributes) online via the help of a Personal Data Store.

Commercial solutions are available in the area of health care. Googl
e Health and Microsoft
HealthVault are
examples of
services that
offer personal health records (PHRs) that are free
and controlled by the consumer and could achieve a high degree of interoperability with
clinical systems operated by healthcare providers an
d other third parties.

It is obvious that COIN is a front runner concerning the attribute sharing part

of the initiative
.
Commercial solutions that offer an independent personal data vault are not likely to take off
within the coming five years. In the mea
ntime Internet behemoths such as Google and
Facebook will
tend to
focus on strengthening the position of their own identity service and
enlarging their realm with new services.

2.4

Identity Federation
in
Higher Education

Today,

in higher education

most service
s are internal and relatively low
-
assurance, such as
e
-
learning platforms or "narrow" shared services such as high
-
performance computing. The
most advanced use of identity federation occurs within the libraries where federated IAM
enables a convenient way
of controlling access to content that publishers especially seem to
appreciate. Most notably, other external service providers (ESPs) such as Google and
Microsoft have been slow or reluctant in joining IAM federations with their cloud
-
office
productivity s
uites that otherwise have been very successful in this sector. This situation
remains, even though they both have shown that they can handle SAML
-
based
authentication in other situations. The potential for just "turning the switch" on a service for
large w
ell
-
defined user groups has apparently not appealed or perhaps even occurred to
many ESPs. This is in part due to a lack of marketing to ESPs that would benefit from joining
these federations.

The current effects of the financial crisis might change this s
ituation rapidly. Many institutions
are looking for cost savings through economies of scale. To achieve this, they look at shared
services, software as a service (SaaS) and cloud services. All of these sourcing modes
strongly benefit from federated IAM. Ga
rtner expects accelerated growth of implementation
of federated IAM by higher education institutions in general and ESPs in particular during the
next three years.

2.5

Unified Communication
and

Collaboration

As discussed in section
2.1
, the vision of the COIN program is to enable

a seamless
integration between service providers and service consumers
, resulting in effective and
efficient collaboration. In this context, t
he developments around Unified Communication &
Collaboration (UCC)
are akin to the ambition of COIN
. The idea behind UCC is that users
are able to communicate and collaborate via a suite of various channels and applications
(Voice, Video, Mail, Internet, M
obile). Large vendors as Google, Microsoft, IBM and CISCO
are offering functionalities that enable users to:

Report

for
SURFnet

January

2011

Page
7



Engagement:
223530510

Version
1.2

COIN Feasibility Study



Message (via e
-
mail clients, mobile and instant messaging software



Collaborate (via audio / video conferencing, web meetings, document sharing
func
tionalities)



Presence (determining of the whereabouts and status of colleagues / team members)



Social Network (integration with Social Software, share content)

Especially the areas around Instant Messaging, Presence and collaborative tools for Video
Confer
encing and organizing Web Meetings have a high potential for enhancing the intensity
and quality of collaboration between the users of SURFnet.


Figure
2

Overview
Elements
Unified Communication & Collaboration

Mashups, portal con
soles, application programming interfaces, Web services and packaged
clients will enable communications and collaboration services to be blended into a mix that
includes e
-
mail, Really Simple Syndication feeds, social networks, calendars, blogs, tasks,
wik
is, personal profiles and discussion forums
.
Users expect to be able to employ an
integrated set of collaboration tools, escalating to the highest value combination of
interactive services


both inside and outside the firewall, and including fixed and wir
eless
networks


for the business task at hand. Presence services will be a vital unifying tool,
enabling users to "right
-
click" on a name and invoke a variety of collaboration mechanisms.
Shared team spaces will provide temporary and persistent repositori
es for interactions.
These capabilities will be available as a complete stack from several vendors, which
currently only provide point solutions, as vendors expand their offerings. Standards
-
driven
integration will make even more combinations possible, bey
ond relying on a single vendor
product stack.



Voice
Fixed voice,
mobile voice and
softphone
clients
Applications
Collaboration,
content, and
applications with
integrated
communication
functions
IM/Presence
Instant
messaging,
presence and rich
presence
aggregation
Conferencing
Audio, video and
Web conferencing
Messaging
E
-
mail, Web mail,
voice mail
and unified
messaging
Report

for
SURFnet

January

2011

Page
8



Engagement:
223530510

Version
1.2

COIN Feasibility Study

3.0

Technology

This chapter
assesses the technology choices

SURFnet has made for COIN.
First, we
introduce the architecture and provide an overview of the technology choices made.

Then
we look into
the two main
functions of COIN: identity federation and attribute sharing.

3.1

Architecture Overview

Figure
3

provides a schematic view on the intended elements of the COIN architecture. The
figure reads like a value chain. On the left we positioned the service providers. The middle
shows COIN and on the right we find the educational institutions.

Identity Federa
tion is accomplished through the so
-
called
Engine Block
. This piece of
logic

developed
in PHP acts as an identity provider towards the service providers and as a service
provider towards the identity providers (i.e. the educational institutions). Attribute

assertions
are exchanged using the SAML 2.0 protocol.
In
section

3.2

we examine the feasibility of this
part of the COIN architecture.

Gadget
Container
OpenSocial
Proprietary
Gadget
COIN
SAML
Engine
Block
Identity
Provider
Back End
Portal
SURFnet
Service Providers
Education
GUI Reference Client
Portal

Figure
3

COIN Architecture Overview

CO
IN realizes attribute sharing by leveraging the OpenSocial framework. Functionality
provided by service providers is made available through portals by using
gadgets
. Gadgets
are (small) pieces of end user functionality. The OpenSocial framework provides a
standard
for running gadgets
in portals
and
facilitates the communication
with gadgets and the back
-
end of the service provider.

Educ
a
tional institutions are encouraged to develop their own portals or enhance their
existing ones

using COIN
. However, in ord
er to demonstrate the viability of COIN SURFnet
decided to implement a GUI Reference Client. For this client SURFnet choose the Shindig
reference implementation of OpenSocial
.

The technology choices made for attribute sharing are assessed in
section

3.3
.

3.2

Identity Federation

This section describes in more detail the definition, market development
s

and the

evaluation
of the SURFnet
choices

i
n the area of Identity Federation.

Report

for
SURFnet

January

2011

Page
9



Engagement:
223530510

Version
1.2

COIN Feasibility Study

3.2.1

Definition

Enterprises use federated identity standards,
agreements, and technologies to enable
applications or services to exchange identity or entitlements across autonomous IT domains.

This enables d
omains
using identity
-
dependent applications
, to work seamlessly together.
Identity Federation provides a loose
ly coupled approach to Identity Management that meets
the requirement for:



Cross
-
domain authentication
;



Convenient

single author
i
z
ation (the concept of Single Sign On)
;



Attribute sharing
and service
interoperability
;



Minimi
z
ation of technical and procedura
l interdependencies.

Identity Access Management

has been on several top 10 lists for some time in higher
education. Several drivers have been behind its continued attention


first, user
-
convenience (single
-
sign
-
on), and security, then compliance and priva
cy, now lately as a
vital component in the quest for "economies of scale" focused on shared services driven by
the recession

and cost cuttings.

3.2.2

Market Development
s

Gartner
uses a Hype Cycle to
evaluate

new developments via the categories Technology
Trigger
, Peak of Inflated Expectations, Through of Disillusionment, Slope of Enlight
en
ment
and Plateau of Productivity.
Federated Identity Management is defined in
the Hype Cycle of
July
2010

as a technology that almost has reached the Plateau of Productivity and

mainstream adoption is foreseen in less than two years.

Standard
s

Two
major

standards are observed by Gartner in the market place:



Security Assertion Markup Language (SAML) 2.0



provides a relatively complete
federation solution for browser
-
based use
cases and an assertion format for many
web services uses. The core SAML assertion format supports authentication,
authorization, and attribute statements. Virtually all Identity Management vendors
support SAML 2.0 basic operational modes and many support s
ome or all of the
more advanced SAML 2.0 features
;



OpenID

2.0



is an open standard
that describes the
decentralized

authentication of
users
, allo
wing consolidation of
digital identities
and eliminating the need for own
proprietary authentication
systems
.
S
elf
-
asserted OpenID usage continues to spread
rapidly for consumer access and where password authentication has been good
enough. Microsoft's delay of Windows CardSpace 2.0 prevents a major market
influencer from offering an improved alternative to OpenID
. Currently Gartner states
that enterprises should
avoid using OpenID

for high
-
risk transactions
until there is
evidence that the protocol's inherent security weaknesses have been resolved.

Two

other standards of importance
in the higher educ
a
tion domain
ar
e WS
-
* and A
-
Select:



WS
-
Federation



is an Identity Federation, jointly developed by various companies
such as IBM, Microsoft and Ping Identity;



A
-
Select



full name ‗
A
-
Select Authentication System‘

is an open source project
initiated and designed by Alfa
& Ariss.
A
-
Select is supported by OpenASelect which
is a robust and secure Single Sign
-
On (SSO) authentication system for building
federated identity based infrastructures
.

Report

for
SURFnet

January

2011

Page
10



Engagement:
223530510

Version
1.2

COIN Feasibility Study

Developments on the area of the Open Identity Exchange (OIX), an Open Identity Trus
t
Framework model, are
started and should be followed with close attention. Other ‗open‘
standard
s

are OpenSSO (
developed by SUN) and OpenIAM


both or not
widely adopted
.

Products

Four types of (commercial) Identity Federation products can be
distinguished

in the market
place

today
:



Virtual Directory



products that
enable access to multiple, heterogeneous identity
repositories (e.g., Lightweight Directory Access Protocol (LDAP), Active Directory,
relational databases, and repositories with Sim
ple Object Access Protocol (SOAP) or
Representational State Transfer [REST] interfaces)
;



Synchronization Server
s



product that
focus on the harmonization of data between
identity repositories associated with target applications
;



Federation products



have

two comp
onents: the Identity Provider (
IdP
)

and Service
P
rovider (SP), which are not dependent on each other. The IdP component
authenticates the user, issues Security Assertion Markup Language (SAML)
assertion credentials, and then redirects the user to
the SP. The SP validates the
user's SAML credential and then issues local credentials that the hosted application
can consume
;



Cl
oud Identity Management product
s



are marketed as ―cloud
-
based single sign
-
on.‖ These products reside in a hosted environment.

Users must authenticate to the
cloud IdM product before getting Single Sign On (SSO) into hosted applications
.

The large vendors (Novell, CA, IBM, Oracle) focus on the Federation products

and try to
offer the
i
r functionalities in one suite
, while smaller
vendors

(Arcot, Symplified, TriCipher)

focus more on the in
-
development niche market of Cloud Identity Management.

Taking the above definitions into account, the COIN initiative can be identified as
a
―Federation product‖
. Note that one of the functional
diffe
rentiators of the COIN program



Group definitions


is often available in vendor solutions.

Costs

The
Federated Identity
market remains highly competitive, with downward pricing pressure
resulting in discounting and aggressive sales tactics, but list

pricing has remained relatively
steady since mid
-
2007. For the most part, pricing has reached levels that Gartner believes
accurately reflect
the solutions‘
value.
Gartner sees the following pricing structures:



Per
-
user list pricing places 5,000
-
user cost
s (for external users) at an average o
f
approximately $10 per user



100,000
-
user costs at an averag
e of approximately $3 per user;



One
-
million
-
user pricing is generally less than $1 per user, but deployments of that
size are more likely to use site licensin
g or other pricing models
.

3.2.3

Evaluation

Given
the security issues with OpenID
, the choice
for the widely adopted SAML 2.0 standard
is in line with market developments. However, it should be noted that vendors do offer
several Identity Federation products tha
t offer similar functional possibilities (including group
functionality) and federated access based on a palette of protocols towards (multiple)
services. These commercial
SSO
solutions however are expensive


especially given the
high numbers of users SUR
Fnet is dealing with.

Considering the current stage of
Report

for
SURFnet

January

2011

Page
11



Engagement:
223530510

Version
1.2

COIN Feasibility Study

development,
Gartner has opinion that
the
co
-
developed
1

open source
soluti
on for
Federated Identification
is a solid choice for the coming years
.

3.3

Attribute Sharing

This section describes in more detail

the definition, market

developments
and the evaluation
of the SURFnet activities on the area of
Attribute Sharing
.

3.3.1

Definition

As discussed in chapter 2, SURFn
et strives to let her users to work more closely together

and wants to achieve i
nterconnection

and (
user and
group) attribute sharing between web
services.

This is based on a

common open set

of Application Programming Interfaces (APIs)
specific for web
-
base
d Social Network Applications, for the exchanging of
(user and group)
attributes between the
proprietary gadget container, the Service Provider gadgets and the
GUI

(Graphical User Interface)

Reference Client (or Portal).

Based on the current choices of SURFnet, specific attention will be given to the OpenSocial
standard and the Shindig reference i
mplementation of the OpenSocial standard
.

3.3.2

Market Development
s

Communication and c
ollaborating via Social Network Applications and

Portals are
technologies that
are
moving rapidly towards the ‗Plateau of Productivity‘

and therefore have
a high relevance for

higher education
organization
s

to consider. However, t
he market for
Social

Network

Applicat
i
ons

is very dynamic and Gartner analysts predict significant
cha
nges in the upcoming
twelve

months.

This means for organizations actively involved in
this rapidly
changing market
,

a high amount of unpredictability.

Gartner sees
two major
standards

in the market
:



Facebook (Graph API Reference and Social Plugins)



offers a variety of proprietary
standards on the area of Social Networking and Attribute Sharing. With o
ver 500
million users and over 1 million linked websites, Facebook is the currently the most
dominant player in the market. Facebook supports group functionality
.



OpenSocial



developed by Google,
LinkedIn,
MySpace and other Social Networks.
While booming in the early days, OpenSocial is currently not adopted by the large
Social Networks and Web Application providers
. Instead Gartner notices a strong rise
in the usage of the Facebook at the expense of OpenSoc
ial
. Market development
s

need to be monitored closely
, since it is expected that Google will
launch
a new
‗Social‘
initiative

(code name ―Google Me‖)
that will likely to be based on a
(
renewed)
version of OpenSocial.

SURFnet is involved in the development
and promotion of the OpenSocial standard.

At this moment SURFnet has identified several Service Providers, amongst Polar
Grid, Nature (magazine
), Sakai
, that support the OpenSocial standard.

3.3.3

Products

In addition,
various vendors such as
Appleseed
,
and
B
udd
ypress develop open source
solutions that offer Social Networking functionality
and position themselves between a
provider of Portal technology and related Social Networking services
:




1

The solution is co
-
developed with WAYF, t
he Danish e
-
identity federation

Report

for
SURFnet

January

2011

Page
12



Engagement:
223530510

Version
1.2

COIN Feasibility Study



Appleseed



open source, fully decentralized social networking software.

Appleseed
could have a great potential as a web
-
based groupware application;



Buddypress



open source solution that strives to bring people together. Within the
academic world two relevant cases are available: CUNY Academic Com
mons & Solo
Practice Univers
ity.

Both solutions are in the early stages of their life cycle.
Appleseed is still in active
development.

The first official stable release
of Buddypress
was in May 2009.

3.3.4

Evaluation

In summary, given the fact that the Facebook standards are proprietary, the choice for
OpenSocial and the

Shindig Reference implementation is
currently

a logic choice
.

However,
a
s stated in the introduction
, the
developments evolve very rapidly. This is al
so
demonstrated by the
fact that
the
Shindig Reference implementation can hardly follow the
pace. Gartner predicts that the market
for social network applications
could
change
dramatically
within the upcoming
twelve

months.



Report

for
SURFnet

January

2011

Page
13



Engagement:
223530510

Version
1.2

COIN Feasibility Study

4.0

Conclusions

and

Recommendation
s

This
chapter

holds the main

conclusions and recommendations

of the feasibility study
.

4.1

Conclusions

In this section we return to the objective of this feasibility study to answer the following
questions:



To what extent is the COIN vision aligned with
market developments?

(See section
4.1.1
)



Are there any initiatives known to Gartner that may render COIN obsolete in the near
future?

(See section
4.1.2
)

4.1.1

Market Alignment

As we have seen in section
2.2

t
he vision of COIN to share services from various parties
through a common infrastructure is
coincides with
market developments in the area of cloud
computing, mashups

and the further commoditization of IT.

Furthermore, accordi
ng to Gartner SURFnet has chosen
the most appropriate technologies
given the current market development
s
:



SAML 2.0

is
at this moment, given the security issues around OpenID, the most used
standard by enterprise on the area of cross
-
domain authentication;



OpenSocial

is at this moment the only widespread open set

of Application
Programming Interfaces (APIs) specific for web
-
based Social Network Applications
.
Facebook is currently market leader but uses a proprietary set of standards;

Gartner has opinion that

the in house
-
developed solution for Federated Identification is a
solid choice for the coming years.

However, especially within the domain of Social Networking, the market is developing rapidly
and currently it is
impossible to predict

how future
-
proof st
andards like OpenSocial will be in
the next
twelve

months and thereafter.

At the moment the market favor
s

the
proprietary
Facebook standards.

4.1.2

Competing Initiatives

The
objectives of the
COmanage
effort

of
the
Internet2 Middleware Initiative

resemble
those
of COIN.
COmanage
seeks to
provid
e

a platform to consolidate the identity information of
participants

and linking the collaboration tools (mailing lists, wikis, domain science app
s)
back to that new identity management system
. However,
t
here is no service instance
currently in place for immediate use.

Co
mmercial initiatives that come close
to the ambition of COIN

are
the PHR initiatives of
Google and Microsoft
. However, Google Health and Microsoft HealthVault are
fully focused
on
the domain of health care only. Government initiatives in the area of citizen data vaults
are scarce

and have failed to gain mo
mentum so far.

Today, the biggest
commercial
competing initiatives come from large social network
providers (such as Google and Facebook) that promote their proprietary digital identity
and
share user attributes
across the services
with
in their realm.
Gartner does no
t expect
commercial solutions that offer an independent personal data vault functionality to take of
f
within the coming five years.

Report

for
SURFnet

January

2011

Page
14



Engagement:
223530510

Version
1.2

COIN Feasibility Study

4.2

Recommendations

Gartner recommends SURFnet to continue with the technology choices made but also to
monitor developments in
the area of social software with great scrutiny. 2011H2 would be a
good moment to re
-
evaluate the choice for
OpenSocial. 2012H2 would be a good moment to
re
-
assess the
available
commercial
products

and take

a

new
make or buy decision
.





Report

for
SURFnet

January

2011

Page
15



Engagement:
223530510

Version
1.2

COIN Feasibility Study


Attachments


Report

for
SURFnet

January

2011

Page
16



Engagement:
223530510

Version
1.2

COIN Feasibility Study

References



Federated Identity (Burton Group, 26

September 2008)



Hype Cycle for Education, 2010 (Gartner, 26 July, 2010)



Hype Cycle for Identity and Access Management Technologies, 2010 (Gartner, 19
July 2010)



Hype Cycle for Social Software, 2010 (Gartner, 4 august 2010)



Hype Cycle for Web and User Inte
raction Technologies, 2010 (Gartner 23 July, 2010)



Magic Quadrant for Web Access Management (Gartner, 12 November 2009)



New Directions in Federation (Burton Group, 5 October 2009)



The Emerging Architecture of Identity Management (Gartner, 16 April 2010)



Th
e State of User
-
Centric Identity Frameworks, 2010 (Gartner, 28 January 2010)



Three Paradigms of IAM in Higher Education: Description, Trends and Lessons
Learned

(Gartner, 26 March 2010)






Any questions regarding this
Report

should be addressed to:

Guido van der Harst

Associate Director

Gartner Nederland BV

De Entree 256

1101EE Amsterdam

The Netherlands

Telephone:
+31 61 058 3559

Facsimile:
+31 20 695 4483

E
-
mail:
guido.vanderharst@gartner.com


This
Report

was prepared for

SURFnet
:

Frank

Pinxt

SURFnet

PO Box 19035

3501DA Utrecht

The Netherlands

Telephone:
+31 30 230 5364

Facsimile:
+31 30 230 5329

E
-
mail:
frank.pinxt@surfnet.nl