Open Portal Guard

SourceForge page
Wiki (most technical information is here)
Developers Mailing List (Archive)
Review Mailing List (Archive)
Sponsors and Observers

Overview

Open Portal Guard protects the sensitive services of your portal through a

single-sign-on authentication system that can use

username/password (for legacy reasons)
SSL client authentication with X.509 certificates and keys on file or various types of smartcards

centralized declarative access control

In support of manageability, it further

off-loads the CPU-intensive SSL-processing from the application servers to a massively scalable, parallel array of stateless gate keeper hosts
maps the logical URLs visible to users to physical URLs on a protected internal network to facilitate to:

integrate multiple (potentially parallel) application servers behind a single portal address
hide implementation choices behind long-term stable, technology-neutral URLs
allow for transparent physical changes such as hardware upgrades, addition of hosts for increased traffic, migration of implementation technologies.

For more detail, visit the Planned Features page or the Wiki that contains technical information.

A paper ( and proceedings) and presentation (and local copy) written for the IDABC Conference 2005 describes how OpenPortalGuard is meant to be the server-side component of a strategy to achieve interoperability in the international eID domain. Progress of this work was presented at the Porvoo7 meeting and has resulted in point 6 of the Porvoo7 Resolution.

A discussion paper of the URL programming interface that we propose for Identification and Signature functionality can be found here.

Development Philosophy

Open Portal Guard uses existing and proven standards as much as possible. This includes:

SSL/TLS for channel security and authentication of both client and server
the API (but not mechanism) of HTTP Basic authentication towards application servers and applications

The implementation reuses as much existing and proven open source software as possible. This includes:

Apache or Twisted with lots of existing functionality
OpenLDAP for managing user and token data

Origin and Open Source for Public Administrations

The Open Portal Guard project was initiated by the Town of Grosseto, Tuscany, Italy, to provide secure e-government services for citizens using one of the official national smartcards for authentication:

the Electronic ID Card (Carta d'Identità Elettronica or CIE) by the Ministry of the Interior and issued by Towns
the National Service Card (Carta Nazionale dei Servizi or CNS) by the Ministry of Innovation and Technology that is issued by regional governments (including Lombardia, Lazio, Tuscany) and others.

Starting from January 2007, access control based on these cards will be mandatory for all Public Administrations in Italy.

We realized, however, that a local-only solution is unlikely to achieve top quality and long-term sustainability. We believe that the problem needs to be solved in a much larger context--at least a national one, but preferably an international one that attempts to achieve large-scale interoperability of national eID cards and initiatives.

Such an objective calls for collaboration of all stakeholders involved. We believe that the open source approach is the best suited vehicle for such collaboration since it permits to share vision, expertise, and code, while guaranteeing full autonomy of the various contributors (such as national eID initiatives).

We therefore invite the following kind of stakeholders to join the project:

international coordination and standardization efforts in the eID domain
national eID initiatives
national IT policy makers who include eID cards and according access control in their e-government strategies
public administration who can use OpenPortalGuard for the delivery of secure, internationally interoperable services
private service providers who can use OpenPortalGuard to protect their services
SMEs and national technology providers who can economically exploit the project and contribute to its long-term sustainability
academia active in the eID domain

We also hope that this project can help to experiment and demonstrate the approach of open source in support of efficient e-government.

For further information on open source at the Town of Grosseto, please contact Bud P Bruegger or Ezio Paglia.

How to contribute / get involved

The Open Portal Guard invites collaboration in various forms from public administrations, companies, policy makers, academia, and interested individuals. We currently provide various forms of involvement:

Development: We welcome contributions to/participation in the development, testing, documentation, and disemination of the Open Portal Guard software. The main collaboration tools for development are the Developers Mailing List, the project's Wiki, and the other SourceForge development tools.
Peer-Review and Steering: If you lack the resources to take part in actual development but would like to contribute at a lower level of commitment, you can join the Review Mailing List. This list will discuss digested requirements and design documents and potentially discuss major decisions of the project. Your collaboration can help us improve the quality of the project though peer-review, and provides you the possibility to give your input on the direction the project takes. It will also help you evaluate whether Open Portal Guard can solve your problem and can be used in your organization.
Observers and Sponsors: Both organizations and individuals can support the project by either becoming a Sponsor who supports the project in various ways or become an official Observer who expresses a strong interest in the project. Both Sponsors and Observers are listed on the Supporters page .

Contacts

For further information on the project, please contact one of the following persons or use one of the mailing lists.

This project is hosted by: