Notices

Identity Management Program

The purpose of the program is to promote the study of subjects related to identity management area, such as authentication and authorization protocols and public key infrastructure. The program lasts six months and the selected works are followed up by the Identity Management Technical Committee.

2015
Notice

Selected Projects
The use of a second factor and continuous authentication in critical service providers
Supervisor: Emerson Ribeiro de Mello

Scholar: Sérgio Nicolau da Silva

Institution: Instituto Federal de Santa Catarina (IFSC)

A&A framework based on policies and attributes for virtual organizations
Supervisor: Débora Christina Muchaluat Saade

Scholar: Edelberto Franco Silva

Institution: Universidade Federal Fluminense (UFF)

A client device for authentication challenge response for visual encryption
Supervisor: Ricardo Dahab

Scholar: Felipe Rodrigues Novaes

Institution: Universidade Estadual de Campinas (Unicamp)

A tool for monitoring and optimization of the CAFe federation
Supervisor: Michele Nogueira

Scholar: Leonardo Melniski

Institution: Universidade Federal do Paraná (UFPR)

2014
Notice

Selected Projects

Methods for authentication and federated access control in command line interfaces for scientific application management in SINAPAD
Supervisor: Antônio Tadeu A. Gomes (LNCC)

Student: Marcelo Monteiro Galheigo

Summary: The goals of this project are the study of methods for authentication and federated access control of the CAFe federation for the command line interface, made available to the users in the SINAPAD PAD.BR computer grid, and the implementation of the method that shows to be more adequate for the needs of the scientific community and SINAPAD. Research, architecture and prototyping solutions are planned, which not only include the adoption of CAFe for user authentication through the PAD.BR grid command line interface, but can also be extended to other non-web applications.

Federated access control based on policies and attributes for experimental networks of the Internet of the Future
Supervisor: Débora Christina Muchaluat Saade (UFF)

Student: Edelberto Franco Silva

Summary: We currently find different efforts to develop testbeds for experimenting with the Internet of the Future. An emerging need is their interconnection to enable multiple networks to be gathered to create a larger testing environment of greater diversity of technologies and equipment. Then, the problem with identity management both locally and related to the federation of these testbeds comes. In previous works, we proposed integration of academic federations, such as CAFe, with SFA-based test federations to facilitate authentication and control of the access to the resources. This project proposes study, evaluation and validation of a policy-based access control proposal, in order to enable federated control on the use of the resources available in the testbeds.

Proposal of a ICAO 9303 Standard Academic ID Card
Supervisor: Jean Everson Martina (UFSC)

Student: Felipe Coral Sasso

Summary: Several efforts have been made within the federations recently. We can clearly mention the CAFe Federation as an example of success. The efforts to make authentication data available and usable by all federation entities are the pillar of this model. However, some problems are still open. The first of them is the offline operation of the authentication process. Today, the federation model requires the systems to work online and synchronously, which limits their use for some applications. Second, the federation data is only available for computer systems and not for people, making it difficult for the humans involved in the evaluation of such credentials. Finally, the federation has numberless technical and legal problems to provide private data, such as biometric parameters, which would make authentication much stronger. Thus, this project would like to propose a study to create an identification card model based on the ICAO 9303 standard, which should enable offline authentication, identification of security parameters by human agents and enable loading of the users´ biometrics data by the issuing institutions.

2013
Notice

Selected Projects

Identity, authentication and authorization management in the Web of the Things
Supervisor: Cássio Vinícius Serafim Prazeres (UFBA)

Student: Tito Gardel do Prado Filho

A new web paradigm, focusing on services and applications to be consumed by other applications, opposed to the web made only for and by people, is outlining as the next step in the web evolution. This evolution should enable a range of opportunities and possibilities for new and powerful web applications to surge. One of these applications is the possibility to combine things from the physical world with things from the virtual world of the web, which is called the "Web of Things." Everyday physical objects, such as automobiles and electrical domestic appliances, among others, can, with the Web of Things, be readable, identifiable, addressable and even controllable using services over the web. In this context, issues, such as security, trust and privacy, are essential. This project presents an infrastructure for making physical devices available on the Web by means of a service busbar. To control and provide security in the access to these devices, use of authentication (OAuth) and identification (OpenID Connect) mechanisms is proposed in this project.

Evaluation of the use of documents in compliance with the ICAO 9303 standard in the academic area 
Supervisor: Jean Everson Martina (UFSC)

Student: Thaís Bardini Idalino

Recently, the federal government created the National System of Civil Identification Registry with the purpose to implement the unique number of Civil Identity Registry - RIC. This unique number will be delivered to the citizens in the form of a smart card. RIC will be equipped with two chips, the first, contactless, enabling RIC to work as a travel document, ICAO 9303 standard, and the second, contact, with support to multiple application. RIC will be issued with digital certification making the personal identification process faster and more secure, whether in person or in communications over the internet. The technological progress implemented in RIC includes, in addition to the digital signature, mechanisms of unambiguous identification of the individual. The purpose of this project is to study the technology used in RIC, in order to see the hardware and software characteristics and limitations. Especially, we want to make it feasible to integrate with the different needs of authentication of the academic systems through small implementations.

Transfer of credentials for use of testbeds to the Internet of the Future
Supervisor: Débora Christina Muchaluat Saade (UFF)

Student: Edelberto Franco Silva
We currently find different efforts to develop testbeds for experimenting with the Internet of the Future. An emerging need is their interconnection to enable multiple networks to be gathered to create a larger testing environment of greater diversity of technologies and equipment. Then, the problem with identity management both locally and related to the federation of these testbeds comes. Thus, this project proposes to evaluate the integration between the proposed SFA (Slice-based Federation Architecture) testbeds federation and Shibboleth and the transposition of credentials based on the use of STCFed, in order to facilitate controlled user access to different test networks.

Analysis of the private cloud infrastructure integration with CAFe Federation and OpenID Service
Supervisor: Carlos André Guimarães Ferraz (UFPE)

Student: Ioram Schechtman Sette

Cloud computing has attracted the attention of education and research institutions, as well as the market, in the last years, as it enables use of computing as a utility service. The privacy of the data stored in the cloud is a concern for the users of these services, once the platform is exposed on the Internet and shared with other users. In this scenario, identity management and access control mechanisms are important because they aim to protect the data from unauthorized access. Identity federations also enable the authentication of the users to be done by institutions, which actually know them. The purpose of this work is to integrate the authentication of an open cloud computing platform with identity management federations and services through SAML and OpenID protocols. The results will be analyzed and compared for easy integration, performance and scalability.

2012
Notice

Registration for students