Authentication and authorization

為了改善數位資源存取管理問題，美國Internet2發展的Shibboleth存取管理系統，已漸漸被很多已開發國家使用。Shibboleth是一個依據標準的開放源碼套裝軟體，提供機關內或跨機關間的網頁單一登入（Single Sign-On，簡稱SSO）及屬性交換的架構，容許網站對個人存取線上數位資源時，使用單一以及機關所控制的辨識方法，並且以保護隱私的方式作確認性的授權決定， 讓使用者無接縫的存取機關內部與外部的資源，減少現行使用者在使用不同領域的多種資源時，必須局限在一個校園或要去維護多個密碼；並且為身分提供者及服務提供者簡化了身分管理及存取許可。本研究分析比較英國、美國、澳洲、以及瑞士四個國家的聯盟組織以及採用的技術與政策，進而分析探討就規劃臺灣的數位資源存取管理聯盟提出建議。

In order to solve the electronic access problems, Shibboleth has been developed by Internet2 in U.S.A., and has become an emerging solution for access management of electronic resources in a growing number of developed countries. The Shibboleth system is a standard based, open source software package for web Single Sign-On (SSO) across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner, for Identify Providers (IdPs) and Service Providers (SPs) simplify identity management and access permission. This study compares the organization structures, technologies and policies adopted by four federations: InCommon (USA), UK Federation, Australian Federation, and SWITCHaai (Switzerland). The comparison leads to further analysis and suggestion for a federation system model for future development of digital archives in Taiwan.