Implementation of an Accounting Database and a Data Visualization Prototype for a Shibboleth-based AAI System

A Shibboleth-based Authentication and Authorization Infrastructure (AAI) enables users to access different web resources in a common manner by providing a single-sign-on interface for login. The AAI makes use of the Federated Identity Management concept that allows the use of a single user identity for different services also across provider domains. Such a Shibboleth-based AAI is also deployed by the Swiss Educational and Research Network (SWITCH), enabling students and employees to access services at different universities by using a single username and password. However, the current version of Shibboleth does not support accounting and monitoring functionality, except some local logging, which makes the management of the system more difficult. Therefore, the goal of the AMAAIS project (Accounting and Monitoring of AAI Services) – a collaboration between CSG@IFI-UZH, SWITCH, and ETH – is to extend the current AAI with accounting and monitoring support, enabling inter-domain accounting and the management of the AAI and the services running on top of it. This study project is placed within the context of the AMAAIS project.

The goal of this work is to design and implement a database structure for accounting and monitoring data used by the accounting server and to investigate data visualization schemes. The design shall consider in a flexible and configurable manner the storage of AAI-specific data (e.g., authentication and authorization events) as well as service-specific data (e.g., printing jobs). Additionally, the design shall enable future extensions if new services are added to the system. A Java API to access the database shall be specified and implemented. Furthermore, this work shall investigate existing visualization tools, libraries, and techniques to evaluate which one can meet an operator’s requirements in order to highlight details in the AAI monitoring process. Possible visualization schemes (using visualization tools and techniques) for accounting and monitoring data shall be designed and implemented in a visualization prototype using the accounting database as data source.