{"updated":"2025-01-23T03:18:38.755960+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00009623","sets":["581:586:596"]},"path":["596"],"owner":"1","recid":"9623","title":["大阪大学における全学IT 認証基盤の構築"],"pubdate":{"attribute_name":"公開日","attribute_value":"2008-03-15"},"_buckets":{"deposit":"776137bc-5570-45be-9af4-235a5faf42a4"},"_deposit":{"id":"9623","pid":{"type":"depid","value":"9623","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"大阪大学における全学IT 認証基盤の構築","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"大阪大学における全学IT 認証基盤の構築"},{"subitem_title":"Campus-wide IT Authentication Infrastructure Development in Osaka University","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集：新しいパラダイムの中での分散システム/インターネット運用・管理","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2008-03-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学大学院情報科学研究科"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学サイバーメディアセンター"},{"subitem_text_value":"大阪大学情報基盤デザイン機構"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Information Science and Technology,Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Cybermedia Center, Osaka University","subitem_text_language":"en"},{"subitem_text_value":"Organization for Information Infrastructure Design,Osaka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/9623/files/IPSJ-JNL4903021.pdf"},"date":[{"dateType":"Available","dateValue":"2010-03-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL4903021.pdf","filesize":[{"value":"1.9 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"9af64c8b-73c4-4c9b-8b8f-3023b3742860","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2008 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"秋山, 豊和"},{"creatorName":"寺西, 裕一"},{"creatorName":"岡村, 真吾"},{"creatorName":"坂根, 栄作"},{"creatorName":"長谷川, 剛"},{"creatorName":"馬場, 健一"},{"creatorName":"中野, 博隆"},{"creatorName":"下條, 真司"},{"creatorName":"長岡, 亨"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Toyokazu, Akiyama","creatorNameLang":"en"},{"creatorName":"Yuuichi, Teranishi","creatorNameLang":"en"},{"creatorName":"Shingo, Okamura","creatorNameLang":"en"},{"creatorName":"Eisaku, Sakane","creatorNameLang":"en"},{"creatorName":"Go, Hasegawa","creatorNameLang":"en"},{"creatorName":"Ken-ichi, Baba","creatorNameLang":"en"},{"creatorName":"Hirotaka, Nakano","creatorNameLang":"en"},{"creatorName":"Shinji, Shimojo","creatorNameLang":"en"},{"creatorName":"Toru, Nagaoka","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"大阪大学では，高いセキュリティレベルと標準的なインタフェースを兼ね備えた認証技術として注目されている公開鍵基盤（PKI: Public Key Infrastructure）に基づく全学IT 認証基盤を導入した．本学で導入した全学IT 認証基盤システムでは，署名・暗号化，学内認証，グリッドシステム認証，という異なるポリシに対応する複数のCA を導入・共存させている．これら複数のCA 向けの証明書発行を自動化することにより，安全性と利便性を両立した証明書発行サービスを実現している．また，PKI に対応したシングルサインオン（SSO）機能を導入し，学内ユーザが各システム間で統一的なインタフェースにより認証を行えるようにした．アプリケーションWeb サーバに認証機能を組み込むエージェント型のSSO 機能の導入により，1 度アプリケーションをSSO 対応させてしまえば，アプリケーションを変更することなくシームレスにパスワード認証からPKI 認証へ移行・共存することが可能となった．さらに，ユーザID 体系として，公開用に変更を許容するユーザID と，システム間連携用に1 人に1 つ決まる不変のユーザID とを設け，それらの対応付けを内部的に行うことにより，安全性・柔軟性ある運用を可能とした．本稿では，本認証基盤の設計と実装について述べるとともに，システムの導入により得られた技術的ノウハウや今後の展開についても述べる．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In Osaka University, a campus-wide IT authentication infrastructure based on Public Key Infrastructure (PKI), which is regarded as a technology providing high security and standard interface to many applications, has been adopted. In this authentication infrastructure, multiple CAs for the different purposes such as signing and encryption, intra-campus authentication and grid system authentication coexist. To realize security and convenience, we developed an online certificate issuance service for those multiple CAs. We also introduced PKI enabled Single Sign-On (SSO) system to provide unified authentication interface. Since the SSO system supports ‘SSO agent’, which provides SSO functionality for web applications by installing a web server module, it is possible to migrate from password authentication to PKI authentication without modifying applications. Furthermore, we established secure and flexible identity management by separating changeable, public user ID and static, internal system ID. Internal system ID is used for managing and federating user profiles among the systems. The mapping between those two IDs is done by the SSO system. In this paper, we describe design and implementation of our authentication infrastructure, know-how of system establishment and future works.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1264","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"1249","bibliographicIssueDates":{"bibliographicIssueDate":"2008-03-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"3","bibliographicVolumeNumber":"49"}]},"relation_version_is_last":true,"item_2_alternative_title_2":{"attribute_name":"その他タイトル","attribute_value_mlt":[{"subitem_alternative_title":"分散システム構築運用技術"}]},"weko_creator_id":"1"},"created":"2025-01-18T22:44:47.390827+00:00","id":9623,"links":{}}