Planning the Taiwan Access Management Federation based on Shibboleth

There are a number of different ways in which it may be verified that a user at a computer attached to the internet may be certified as being entitled to use an electronic resource (usually one that has to be paid for) held on a server elsewhere on the internet. Authentication by Internet Protocol is appropriate when the user is in a fixed environment but to enable a user to have wider access other mechanisms are needed, the most universally applicable being authentication relying on the information provided by an access management federation using Shibboleth. Shibboleth is a standard-based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. The requirements for the security of the solution particularly regarding the intellectual property rights
of the owners of the data are discussed. Various possible solutions are outlined based on those in use in the UK Federation, the US InCommon system, the Swiss SWITCHaai, and the Australian Access Federation. The framework and development leading to the implementation of the Taiwan
Access Management Federation (TAMF) primarily follow the SWITCHaai and to a lesser extent the other three Federations. The history, management structure, software used and the organization participants in the four federations that TAMF follows are discussed. The progress of TMAF is described as well. It is hoped that this could serve as a model for federations around the world.

Pre-refereed text.