Web applications are an increasingly popular vehicle for the delivery of content and tools to students, staff, and faculty at Columbia. A standard centralized method of authenticating users of web applications was needed. Legacy systems which provided a form of web authentication were proving difficult to incorporate into current web applications, and were growing increasingly difficult to maintain.
The goals of the project were to:
- Provide a reasonably secure authentication mechanism.
- Use the existing UNI (Kerberos-based) infrastructure which AcIS manages.
- Create a system easy for developers to implement using current programming technologies.
- Create a system that AcIS staff would understand how to maintain.
After discussion with colleagues at Yale, WIND was closely modeled after Yale's Central Authentication System. The initial pilot WIND client was an application which allowed for simple web-based configuration of e-mail forwarding. This went live in August of 2001.
After the initial rollout, users of legacy systems were targeted for conversion to WIND. AcIS consulted with other departments including AIS, Teachers College, and Columbia College to guide new project development toward using WIND for authentication needs. Improvements in the user interface, documentation, and scalability of the system were developed as needs became apparent. Currently, there are a dozen clients of the sytem, and up to 3500 authentications a day are handled.
Single-sign-on and proxying of authentication are features that some current WIND clients are interested in using. Further research and scalability planning is ongoing. WIND is also being discussed as a potential means of authentication for Columbia's secure server.