Nowadays, a university needs to build and maintain a central ID database and authentication system for better ICT (information and communication technology) services. In 2008, the headquarters of ...Kyushu University had defined medium-range policy of ICT infrastructure preparation, and the policy had indicated construction of a central authentication system. According to the policy, the authors elaborated an installation plan of the Kyu(Q)shu University authentication system (QUAS, for short). Since 2009, Information Infrastructure Initiative of Kyushu University, to which the authors belong, has been issuing ID cards to all employees, and also operating LDAP servers. This paper introduces the action plan and outline of QUAS. This paper also describes two recent topics of QUAS. One is high load of LDAP servers because of rapid increase of mobile devices, and the other one is development of a multifactor authentication Shibboleth Identity Provider (IdP).
The department “organization and information technology” (OIT) of the Faculty of Medicine of the “Ludwig-Maximilians-Universität München” introduced a system to centrally manage user accounts and ...security during the last two years. The initial state was that we had several user directories for different services, resulting in high operating expense. We describe the aims, the concepts, the techniques, the realization and the difficulties we had introducing a central user directory. The new central user directory covers not only authentication, but also authorization in the connected subsystems. The following subsystems are connected: Windows logon, Email and Calendaring, various intranet services like medical documentation system, diagnostic findings of clinical chemistry or radiology, remote access to Email and Calendaring via a firewall, RADIUS and last but not least logging on to SAP, which is our ERP (enterprise resource planning system).