What is CAMS?
CAMS is the Collaboration Accounts Management System component of MIT Touchstone.
What is an accounts management system?
At its most basic, an account management system simply associates an identifier, such as a username or email address, with a password. It also provides several other common functions such as creating new accounts, resetting passwords, deleting accounts, and holding other data about an account such as a the user's first and last names.
What is a "Collaboration Account"?
A "collaboration account" refers to an account that exists outside of the core MIT identity management system. A collaboration account is referenced by an extermal email address, or in other words, an email address that doesn't end in "@mit.edu". Typically a collaboration account doesn't have an MIT ID number associated with it. Nor is the account associated with an MIT Kerberos account name, nor can a collaboration account be used to obtain an MIT certificate.
We provide collaboration accounts so that people who have a need, can authenticate to our systems. The primary reason for granting these accounts is so that people at MIT can collaborate with others outside of MIT, using MIT hosted applications and services.
If we're already using Shibboleth, why do we need to manage collaboration accounts?
Although Shibboleth was designed to support federated authentication, the technology is not yet ubiquitous. People at MIT collaborate with people from thousands of locations around the globe. Most of those people are not yet using Shibboleth at their own site, and so we still need to provide them with a way to interact with our servers.
Why don't we just use OpenID?
Like Shibboleth, OpenID also supports federated authentication, and once again the technology is not yet ubiquitous. OpenID and Shibboleth are not the only competing technologies in the market. New approaches appear all the time. We don't want MIT systems to have to directly support every federated technology that comes along. Instead we have chosen Shibboleth, and we can then act as a gateway to other systems. The CAMS login server will support OpenID as an authentication technology, and then it will act as a gateway to Shibboleth web servers.
We feel this will let us support a broad range of authentication technologies, while still keeping things simple for individual web developers and system administrators.
How is CAMS a component of MIT Touchstone?
In addition to providing basic account management, the CAMS component also functions as a web login server for users that have an account in the CAMS system. That login server is able to communicate with all of the MIT Touchstone enabled applications and indicate to the application servers information about the user and assert to the application servers if the user has successfully authenticated. It uses the same architecture and technologies as the rest of MIT Touchstone.
What problems does CAMS solve?
CAMS lets web application developers concentrate on delivering their core functionality, and relieves them from the burden of managing user accounts and securing authentications. In addition, CAMS means that users from outside of MIT can also have a single sign-on experience when using MIT Touchstone enabled applications.
Why should my application use CAMS?
By using CAMS you will be able to support a large user population, and even the external users, aka collaborators, will be able to use your web application as well as others at MIT without having to manage an ever increasing number of user identities and passwords for each system.
What technologies does CAMS use?
CAMS consists of a relational database with a web front end for all administrative functions and user self-service functions. It also has a login server using multiple Apache modules. And it functions as a Shibboleth IdP which can make SAML attribute assertions to all of the MIT Touchstone enabled applications.
What applications use CAMS?
The initial pilot of CAMS will occur at the end of IAP 2008. We expect that Jira will be the first application to use CAMS, soon followed by Wiki.mit.edu. Stellar will likely start using CAMS during the summer of 2008. Other applications will be added to the list as plans develop.