A Study on the Establishment of Integrated Authentication System for National R&D Research Outcomes Registration
Copyright ⓒ 2020 The Digital Contents Society
This is an Open Access article distributed under the terms of the Creative Commons Attribution Non-CommercialLicense(http://creativecommons.org/licenses/by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract
In order to enhance the convenience of registration of research results arising from the implementation of national R&D projects, this paper presented the case of the establishment of an integrated authentication system between NTIS and research outcomes management institutions. Based on the ID Federation(IDF) solution established and operated by KISTI, NTIS ID Provider(IDP) was formed and established by linked each research outcomes management institution as a Service Provider(SP). Through the application of the integrated authentication system established through the analysis of the status of the previous research outcomes registration system, it was possible to avoid duplicate registration of users when registering or depositing research results to individual research outcomes management institution in the research outcomes registration system, and to register or donate research results with the same ID to each research outcomes management institution using the user ID registered with the NTIS ID provider(IDP), enabling the operation of the research outcomes registration system more efficiently.
초록
본 논문은 국가연구개발 사업 수행을 통해 발생하는 연구성과의 등록 편의성을 제고하기 위해 NTIS와 연구성과전담기관 간 통합인증체계 구축 사례를 제시하였다. 통합인증체계 구축방법은 KISTI에서 구축 및 운영 중인 연합인증체계 솔루션을 기반으로 NTIS ID 프로바이더(IDP)를 구성하고, 각 연구성과전담기관을 서비스 제공자(SP)로 설정하여 연동하는 방식으로 구축하였다. 이전의 연구성과 등록시스템의 현황 분석을 통해 구축된 통합인증체계 적용을 통해, 연구성과등록 시스템에서 개별 연구성과 전담기관에 연구성과 등록 또는 기탁 시 이용자 중복 등록을 피할 수 있고, NTIS ID 프로바이더(IDP)에 등록된 사용자 ID를 이용해 각 연구성과 전담기관에 동일 ID로 연구성과를 등록 또는 기탁 할 수 있게 함으로써 효율적인 연구성과 등록 시스템 운영이 가능하도록 하였다.
Keywords:
NTIS, National Science and Technology Knowledge Information, Research Outcome, Integrated Authentication System, ID Federation키워드:
NTIS, 국가과학기술지식정보, 연구성과, 통합인증체계, IDFⅠ. Introduction
The National Science and Technology Information Service(NTIS) is strengthening research productivity and efficiency by comprehensively collecting, managing and distributing research results calculated through the implementation of national Research and Development(R&D) projects. The research results, which are the results of the national R&D project, are collected through the information linkage of 17 representative institutions, the collection of outcomes information(papers, patents), the collection through the task and outcomes input system, or the connection of research results to the dedicated institutions, or the registration of research results using the registration service.
In general, the Web requires users to sign up for various services through the website. In other words, offline member services, which were registered through face-to-face, provided online member services that were registered through non-face-to-face. Therefore, user authentication is required for membership registration [1].
There are three typical uses for user authentication. The first is the password infrastructure, the second is the attempt-response system using symmetric key passwords, and the third is the digital signature using personal/public keys [2].
The National Science and Technology Information Service(NTIS) needs to register members and certify research results according to the member authentication system of each research outcomes management institutes. In addition, it is inconvenient to register individual IDs and authentications for each institution, so it is necessary to implement the application of the combined authentication system that can register research results to each research outcomes management institution through integrated authentication using one ID.
To this end, this study examines the research trends related to the authentication system, analyzes the current system, and presents the details of the establishment of an integrated authentication system that can be used efficiently when registering or depositing NTIS research results.
Ⅱ. Research Trends and Analysis of Current System
2-1 Technical Background
ID Federation(IDF) is a system that uses Web-based e-Resource(such as compute resources, storage, DB, e-journal, etc.) provided by other domestic and foreign research institutes or educational institutions using the ID and password of their affiliated organizations [3].
About 70 countries around the world have ID associations such as Korean Access Federation(KAFE) and are continuing to expand. Major ID associations include InCommon Federation of the United States, GakuNin Federation of Japan, UK Access Management Federation of the United Kingdom, and SWAMID Federation of Sweden.
The Korea Institute of Science and Technology Information (KISTI) has been registered as Korea's leading ID federation operator and has established and operated the first ID federation Korean Access Federation(KAFE) system in Korea since 2016 to jointly utilize domestic research/education resources and promote collaboration among students, professors and researchers [4].
ID federation(IDF) refers to an association of agencies that use technologies and standards that provide multiple services to users through the authentication of single account information and ease the burden of managing user account information to service providers [5].
In ID Federation, the user authentication and authorization procedures are shown in Figure 1 below [6].
ID Federation Accreditation,Accreditation Procedure
The web browser will request Single sign on(SSO) services from the selected identity provider and the user will be authenticated by entering the credentials(e.g., user ID and password) from the identity provider. Attribute information of a user who has succeeded in authentication is included in the assertion and passed to the service provider, which grants the right to use the digital resources provided using the authentication and attribute information received. That is, the identity provider and the service provider are each responsible for user authentication and authorization. There is no need to create accounts for each service because the identity provider manages user credit [7].
Considerations include SSO tokens that contain the user's login session information, which should be encrypted so that the attacker cannot verify the contents when sent/received [8].
KAFE provides an integrated solution to log in to online resources and application services in the field of research/education, and when research and educational institutions join the KAFE, they can use research among research institutes such as universities and research institutes, link and co-use educational resources, utilize various professional education and services provided by service providers, share and link academic information at each university library, and utilize collaborative tools and application services provided by the national science and technology research network.
2-2 Analysis of Current System
The nine major research results generated as a result of the implementation of the national R&D project are registered or donated to an institution dedicated to research achievements. The method of registering and depositing research results is either by using the registration system of each dedicated institution or through the NTIS research outcomes registration system linked to the registration system of each research outcomes management institution. NTIS collects and manages registered research achievements in each research outcomes management by automatic linkage and provides services.
The previous research outcomes registration system has a system to register research results by accessing the outcomes registration system of the nine major research outcomes management institution individually. The system required members to sign up for each registration system of the research outcomes management institution for registration of research results, and there was an inconvenience of having to search for assignments several times to register multiple research results for the same project.
In order to solve this problem, the research outcomes registration portal was established and changed from the method of registering individually with each research outcomes institution to the method of registering research results collectively using the new research result registration portal system.
However, the research outcomes registration portal system provided a basic common standardization page of the registration system when registering research results, but there was a problem with registering research results after performing user registration and authentication procedures in accordance with the user registration system of individual research outcomes management institution due to the different user registration and management systems of each research outcome management institution.
Therefore, in research outcomes registration system, a method was required to resolve the inconvenience of users having to sign up for duplicate membership and log in separately when registering research results, and the need for the establishment of an integrated authentication system was raised to facilitate user authentication between NTIS and each research outcomes management institution.
Ⅲ. Integrated Authentication System for R&D Outcomes Registration
In this chapter, we would like to examine the system for establishing an integrated authentication system based on ID Federation, which is implemented in the National Science and Technology Information Service(NTIS).
3-1 NTIS Service Overview
The National Science and Technology Information Service(NTIS), which has been providing services to the public since 2008, systematically collects, manages, and distributes national R&D information such as projects, tasks, manpower, achievements, and research facility equipment that occur at each stage of conducting national R&D projects. The main purpose of the project is to share and jointly utilize information on national R&D projects and information on science and technology, which are individually managed by ministries(by agencies), to enhance the efficiency of national R&D investment and to contribute to the improvement of research productivity[9]. The National R&D outcomes Information provides services by establishing about 6.24 million information collected through the nine major research outcomes agencies and task management institutions. Research outcomes information includes papers, patents, research reports, research facilities equipment, life resources, compounds, technical summary information, software and new varieties information. The paper and patent outcomes are submitted as task-inducing outcomes of the investigation analysis, and the remaining research outcomes information is collected through the research outcomes management institution. The collected information is managed comprehensively by NTIS, providing R&D information.
3-2 Overview of implementation methods
Based on the ID Federation(IDF) solution established and operated by KISTI, NTIS ID Provider(IDP) was formed and established by linked each research outcomes management institution as a service provider. The ID provider has configured two instances to provide NTIS membership information, and is designed to provide basic information by applying a token-style configuration that can provide basic NTIS membership through an instance for research outcomes registration among the two instances. The service provider is designed to register the research results by setting the member ID and the scientific technician registration number as the member's unique key for registering research results among the member information provided through the member ID login and consent procedure provided by the ID provider. The composition of the service provider was carried out in the pilot stage to establish a system linked to research facility equipment and research report research outcomes management institution, and in the next stage, the system was constructed so that it could be linked to research outcomes management institution of papers, biological resources, and technology detail software.
3-3 Establishment of Integrated Authentication System
An integrated authentication system typically consists of an ID Provider(IDP) that provides identity information and a service provider(SP) that provides services. In NTIS, the NTIS ID Provider(NTIS IDP) system is applied to enable NTIS member account information authentication and login. NTIS IDP consists of two instances: an instance for interlinking research results and registration services and an instance for interlinking KAFE. IDP for research outcomes registration service is intended for application of integrated authentication system between research outcomes registration system and research outcomes management institution, and KAFE-linked IDP is composed of members registered with NTIS for joint use of education and research resources through KAFE linkage. The concept diagram of the composition of the combined authentication system is shown in Figure 2 below.
Conceptual Diagram of ID Provider(IDP)
In the picture, the first instance is linked so that NTIS's Science Data Utilization Support Service can utilize the Collaboration and Research Environment(COREEN) provided by the National Science and Technology Research Network through the utilization platform menu.
The second instance establishes and operates an IDP for the establishment of an integrated authentication system for NTIS research and registration services and institutions dedicated to research and outcomes. The basic procedure will allow NTIS users to register their research results by logging in to the research outcomes registration service and performing the integrated authentication procedure.
The data linkage flow composition according to the application of the integrated authentication system at the time of registration of NTIS research outcomes is as shown in Figure 3 below.
Data Link Flow Configuration
First, it is carried out through the method of requesting and providing user information through a web token method between research outcome registration system and NTIS IDP. NTIS Research and Registration Service records user login session information on web token and delivers it to IDP for research and registration, and NTIS IDP for research and registration will secure attribute information of logged-in user.
Users logged in to NTIS go through the process of consent to provide information when registering research outcomes in an research outcomes management institution, and an example of the screen composition of consent to information provision is shown in Figure 4 below.
The Consent for the Provision of Information
The basic information provided on the consent screen for providing information is ID, name, e-mail, affiliated agency, telephone number, and science and technology registration number, and the login user must confirm and agree to the information. The approval process for authentication allows the relevant attribute information to be passed to the research outcomes management institution, the service provider, to be given the right to use the service necessary for the registration of research results for authorized users who have been identified to perform the membership registration procedure or to be matched with the scientific technology registration number by the service provider.
For the establishment and application of an integrated authentication system between NTIS and research outcomes management institution, the configuration work is necessary in the research outcomes management institute. The main contents of the configuration work are the application of the integrated authentication system through the service provider(SP) setup Security Assertion Markup Language(SAML) application setting, etc., IDP setup (login, logout path setting, etc.) and the registration of the service provider(SP) metadata to IDP and verification of the access procedure.
Generally, the setup process can vary depending on the web server and Web Application Server(WAS) server environment. Depending on the system environment, it is divided into shibboleth, Spring Security SAML, and NodeJs SAML. If IDF is applied to the system where the web server is using Apache, the shibboleth method is applied, and non-web server Spring environment requires Spring Security SAML, and NodeJs SAML configuration is required in NODE JS environment. Shibboleth is a web-based technology that implements the HTTP/POST artifact and attribute push profiles of SAML, including both Identity Provider (IdP) and Service Provider (SP) components.
The following are the contents of the SP configuration. The shibboleth method performs the shibboleth SP setup and Apache setup, which includes adding metadata settings, SSO/Discovery settings, Secure Sockets Layer(SSL) settings, and SAML message encryption/signing key setup. Subsequently, the user's attribute name and property policy setting are performed. After setting up the SP, the shibboleth needs to set the path for the shibboleth access restriction through Apache configuration. SP entity ID setup work is required in Spring Security SAML-style SP setup, the service provider that will be finally implemented must support https, and SAML needs to install and set up a self-signed certificate. Once the service provider SAML setting is completed, the metadata of the ID provider(IDP) to be logged in must be registered with the service provider, and the identification provider must cross-register the metadata of the service provider(SP) to perform the interlinking verification of the ID provider and the service provider.
As shown above, an integrated authentication system was established with NTIS and an institution dedicated to research results through the configuration necessary for the application of the integrated authentication system, metadata registration, and authentication tests.
Currently, the establishment of an integrated authentication system between NTIS and the research outcomes management institute is applied to five research achievements, including papers, research reports, research facility equipment, software and biological resources, to support them to be carried out more conveniently and efficiently when registering research results.
Ⅳ. Conclusion
Based on the ID Federation(IDF) system established and operated by KISTI, this paper carried out the case study of application of the integrated authentication system established between NTIS and the research outcomes management institution.
To this end, research trends related to the ID Federation(IDF) were identified and current system analysis was conducted. The results of the research presented details of the establishment of the integrated authentication system applied to the research outcomes registration system, such as methods of construction, authentication procedures, consent to personal information provision, and system settings.
The research outcomes registration system has been improved so that research results can be registered in the research outcomes management institution registered as a service provider through a single ID provided through NTIS IDP in order to relieve constraints such as membership redundancy and individual log-in performance. As such, it is expected that the establishment of an integrated authentication system based on ID Federation will allow efficient operation of the system for registration or donation of research results generated through national R&D in the future.
At present, the status of establishment of integrated authentication system between NTIS and research outcomes management institution is applied to five research outcomes, including thesis, research report, research facility equipment, software and biological resources, and will be continuously expanded and established in the future.
The establishment of an integrated log-in system carried out to enhance the efficiency of research outcomes registration is a part that requires continuous cooperation of the institution in charge of research outcomes, and continuous research is required to derive and improve problems in the future.
Acknowledgments
This research was supported by Korea Institute of Science and Technology Information(KISTI)(NTIS No. 1711120559).
References
-
S. S. Shin, K. H. Han, “A Study on Integrated ID Authentication Protocol for Web User”, Journal of Digital Convergence, Vol.13, No.7, pp. 197-205, 2015.
[https://doi.org/10.14400/JDC.2015.13.7.197]
- S. J. Lee, S. C. Bae, “A Study on the development Process of User Authentication Software”, The Journal of Society for e-Business Studies, Vol. 9, No.1, pp. 255-268, 2004.
- Y. J. Shin, J. H. Seok, T. H. Kim, K. N. Choi, W. S. Jo, “Improvement of Authetification System in Research outcomes Registration Portal”, Proceedings of the 2019 International Conference on Digital Contents: Smart Media, Art & Culture Technology, Daegu(Korea), pp. 24-25, 2019.
- KAFE Service. KAFE information introduction. Available: http://www.kafe.or.kr/about
-
G. C. Wang, “A Federation Policy Development Method for Generating Domestic ID Federation”, Journal of the Institute of Electronics and Information Engineers, Vol.53, No.8, pp. 28-36, 2016.
[https://doi.org/10.5573/ieie.2016.53.8.028]
- KAFE Service. KAFE authentication and authorization flow information. Available: http://www.kafe.or.kr/kafe
-
J. Y. Jo, H. J. Jang, J. U. Kong, Y. Y. Chae, “Federated IAM Service of KAFE Identity Federation”, The Journal of Korean Institute of Communications and Information Sciences, Vol.43, No.12, pp. 2200-2214, 2018.
[https://doi.org/10.7840/kics.2018.43.12.2200]
- Y. J. Maeng, D. H. Nyang, “An Analysis of Replay Attack Vulnerability on Single Sign-On Solutions”, Journal of the Korea Institute of Information Security and Cryptology, Vol.18, No.1, pp. 103-114, 2008.
- NTIS Service. Introduction to NTIS / NTIS summary. Available: http://www.ntis.go.kr/ThAbout.do
1988 : Chung-Ang University (Master of Science in Computer Science)
1991~2000: Researcher at Korea Institute of Industry & Technology Information
2001~now : Principal Researcher at Korea Institute of Science and Technology Information
※Research Interests:Big Data, Statistical Analysis, Database, Information Management
2001년 : Chungnam National University (Master of Science in Computer Science)
2001.3~2001.11 : Researcher of Enquest.Technology
2002.3~2004. 2 : Researcher at Electronics and Telecommunications Research institute
2004.3∼ now : Senior Researcher at Korea Institute of Science and Technology Information
※Research Interests:Information Retrieval, Information Analysis and Curation, Building a Dictionary of Professional Terminology
2012 : Hannam University (Master of Science in Library and Information Science)
1986. 3~2006. 3 : Librarian at Korea Advanced Institute of Science and Technology
2006. 4~now : Principal Researcher at Korea Institute of Science and Technology Information
※Research Interests:Information Literacy Education, Information Resource Management and Services, Data Science
2018 : Chungnam National University (Master of Science in Library and Information Science)
2020 : Chungnam National University (Ph.D. Candidate in Library and Information Science)
2003~2015 : Researcher at Korea Institute of Science and Technology Information
2015~now : Technical Staff at Korea Institute of Science and Technology Information
※Research Interests:Relational Model, Architecture Design, Service Design
1994 : Chungnam National University (Master of Science in Computer Engineering)
2017 : Pai Chai University (Ph.D in Computer Engineering)
1994.7∼ now : Principal Researcher at Korea Institute of Science and Technology Information
※Research Interests:Information Retrieval, Information Analysis, Big Data