The information in this web page and its related pages has been designed to assist system developers who want to use I2A2. Consequently there is no overview or general description of I2A2 in the normal flow of the information presented.
However, here are two articles that give some general descriptions..
I2A2 is a support system that helps Purdue data systems control resources. It enables them to identify who is asking for resources, prove the declared identity, and determine what access rights the identity has.
The PUID The identity key used by I2A2 is a ten digit number called the Purdue University IDentifier (PUID). A permanent PUID is assigned to each person having a relationship with Purdue. The PUID contains ten characters, has a Luhn check digit, and is displayed as 12345-67890.
The Alias Some PUIDs may have an alias as an alternate way to identify them, Aliases are currently borrowed for PUIDs from Coordinated Purdue Career Account Logins, assigned to all West Lafayette staff and students. An alias is usually more mnemonic and thus easier to remember than a ten digit number.
The I2A2 infrastructure has an Oracle database for creating and storing PUID information, and Internet access to three fast database managers (DBMs) with text-based, LDAP, RADIUS, and secure (SSL) network interfaces. One DBM serves identification requests; a second, authentication challenges; a third, authorization queries.
Apache web server modules, libraries, and code samples are offered to help developers enable I2A2 access from their systems
Effective November 1, 2005, access to I2A2 services will become regulated through firewall restrictions. Departments within Purdue wishing to use I2A2 services should contact ITaP's Identity and Access Management (IAM) office to execute a Service Level Agreement (SLA) or Memorandum Of Understanding (MOU) regarding their access to I2A2 services.Purdue departments who are already using I2A2 services will continue to have access to I2A2 services after this change. However, at some future time those departments may be contacted by the IAM office and asked to execute an SLA.
There are several reasons for restricting access:
You may contact the IAM office to request access to I2A2 services by sending electronic mail to i2a2-admin@purdue.edu.
Web servers and applications which receive authentication credentials for forwarding in I2A2 authentication requests should handle the credentials carefully and responsibly.
Those servers and applications should provide a secure channel over which the credentials are entered -- e.g., web servers should use SSL|TLS. (I2A2 requires that the credentials be forwarded to it over a channel secured by SSL|TLS.)
Operational monitoring of I2A2 operations includes accumulation of statistics about authentication requests and patterns in their use. When the I2A2 administrative staff detects an unusual pattern it will investigate.
Apache Web Server Package Authentication Authorization
Glossary of Terms Identification LDAP Protocol RADIUS
Credits I2A2 was developed by the Purdue Academic Computing Environment (PACE) group with help from the Management Information Department and the Purdue University Computing Center (PUCC) These people contributed to the documentaton.