Federation technology and Virtual Worlds for Learning:

Research trends and opportunities towards identity federation

Gonalo Cruz, Antnio Costa
School of Science and Technology University of Trs-os-Montes e Alto Douro (UTAD) Vila Real, Portugal goncaloc@utad.pt, acosta@utad.pt

Paulo Martins, Ramiro Gonalves, Joo Barroso

INESC TEC (formerly INESC Porto) and School of Science and Technology University of Trs-os-Montes e Alto Douro (UTAD) Vila Real, Portugal pmartins@utad.pt, ramiro@utad.pt, jbarroso@utad.pt highlight future directions towards the development of identity federation technologies for Virtual Worlds, based on a need for consensus to connect users digital identities with physical identities. II. IDENTITY FEDERATION AND FEDERATION
TECHNOLOGY

Abstract Currently, Virtual Worlds technology is used for educational purposes in a cross-disciplinary way. However, particularly in formal learning institutions, its widespread adoption is far from being a reality due a broad range of technological challenges. This paper addresses identity federation systems as possible solutions to some of the interoperability, security and user management problems. Our major goal is to present what systems, architectures and standards are standing out, how the research area is moving toward identity federation, and why educational institutions need to address it. We consider identity, privacy, security-assurance, and interoperability as main concerns within our analysis, in order to interconnect digital identities with physical identities, and create a unique federated identity system that can act independently from the service in use. Thus, VWs technologies will be able to scale and evolve independently without compromising user's identity. Keywords Federation technology; Standards; Virtual Worlds; Learning; Identity federation;

I. INTRODUCTION A growing number of universities and academic institutions are immersing themselves in Virtual Worlds (VWs), exploring the ways in which education and learning can be achieved through virtual interactions. The focus of this paper is the identification and development of identity federation technologies, when dealing with VWs adoption for educational purposes. We present the concept of identity federation and lay out what systems, architectures, and standards are standing out, to describe and explain how it can support widespread use of VWs in formal learning contexts. For further elucidation we consider identity, privacy, security-assurance, and interoperability as main concerns within our analysis on how currently VWs projects and technological developments are meeting these challenges. We discuss a set of cases in which identity federation can serve as a tool that provides several advantages to institutions, faculty, and students, when running and managing educational activities in these environments. Finally, VWs technology is moving upon standardization but most of the standard-setting efforts have neglected the field of identity federation, which can also have an impact on the widespread adoption by educational institutions. We

In the future, the Internet will be available in the form of services. Currently, the concepts in the form of licensing models and/or purchasing goods are being transformed into concepts of electronic services (e-services) in which the payment is intrinsically linked with the on-demand use. The paradigms of cloud computing, with the provision of platforms as a service (PaaS) or Software as a Service (SaaS), are currently a reality, where these concepts are broadly applied. The emerging number of terminals supporting IPv4 (Internet Protocol) complemented with the increasing penetration of IPv6, improved geographical coverage and higher bandwidth availability will bring the ability to treat even physical products as e-services. This allows the emergence of new eservice paradigms that can share services or even combine eservices to create new ones. The capability of customization and the flexibility of eservices will be predominant attributes. In this sense the traditional classification of e-services will not apply. The customization and personalization capabilities will increase the use of e-services, but the attitudes of the users will take into account considerations of privacy, security and trust on the e-services and in the service providers. These attributes will have to be taken into account in the design usability and implementation of their information systems and services. Shared services will also bring profound changes on how personal data will be saved and used. Finally, accountability principles will bring changes not only to service composition and delivery, but also to e-service design. The shared control of the user data and the users of services should also be taken into account [1]. To ensure the security, confidentiality, accountability, and reliability of data, the identities of users and information systems is currently a theme on debate. The proliferation of

digital identities is also a concern. It is no longer possible the strict interconnection of a user with a digital identity [1]. Federated systems and identity federation systems have been identified as a solution to the problems described. The concept of identity federation can be understood as a group of organizations or service providers which have built trust relationships among themselves in order to enable sharing of information about the identity of its users. This concept thus allows the possibility of integration and sharing of resources in a secure and reliable way [2]. Federated identity system includes various standards, technologies, and solutions that enable users to access multiple services in the Internet with only a single user identity. This model of identity management can benet both users and service providers, since users only need to remember the credentials for one account, and service providers can reduce the costs related to the management of identity information. In addition, a number of other benets can be achieved with federated identity, such as increasing the collaboration and interoperability between organizations and improving security, privacy and usability of the services [3] The main advantage of a federated identity system is that it allows organizations full control over centralized access to all applications, whether internal or external. Organizations also control how validating users, regardless of which credentials that may be required. Other advantages related to these concepts relate to users provisioning, making it much safer and easier to perform. The concept of "federated identity" parsed into its two constituent words reveals the power of this approach in terms of security. Identity is an individual user, which is the basis for authentication (credentials to establish the user is that he/she claims to be) and authorization (applications allowed for use by specific users.). The word association involves a set of rules that allow that information related to the identity can be shared securely between the parties. There are currently a large set of systems of identity federation. From systems based on open standards to those based on proprietary solutions, developed by private companies. Nearly all have similar features, ranging in scope and applicability of the solution. However, two architectures stand out. The Security Assertion Markup Language (SAML) is a standard created to exchange security related information between organizations. The Shibboleth specification is an extension of the standard SAML addition to being an example of an identity federation system uses web based implementation methodology of SAML. The WS-Federation, stands out as a specification whose base rests on standards of Web Services framework Security (WSS). III. FEDERATION AND V IRTUAL WORLDS

Extensive research agenda can be found addressing Virtual Worlds technology issues and concerns [4][5][6][7]. Here we point out some of them that are particularly related to identity, security, privacy-assurance, and interoperability, where federation systems can have a major role: Identity - How we can merge real and virtual identities? How we can manage multiple roles and permissions? Security and privacy assurance - How we can manage digital rights and intellectual property? Interoperability - How we can merge Virtual Worlds and Websites? How we can cross through heterogeneous Virtual Worlds? If anyone can create a website, it makes sense for anyone to create a virtual world. Furthermore, it also makes sense that an end user's avatar is able to travel from one virtual world to another. However, Virtual Worlds implementations are heterogeneous, and most still don't interoperate. There is a need to develop and find solutions to simplify this user experience, making possible the access between virtual worlds, with users coming and going like on websites. With user-centric identity management, we could establish our identity once and be able to use the full range of services in a virtual world, and even more, establish one unique identity in one virtual world that could be transferable (transparently) to another. Unfortunately, there are no currently effective means for managing identity and security for that purpose. As a result, it's difficult to prevent disruptive behavior or inappropriate postings by anonymous users who may appear and quickly disappear. Moreover, to assure intellectual property rights of 3D content, and prevent the occurrence of situations like CopyBot [8] (a modified Second Life client which is able to copy copyrighted elements). User-centric identity management could also provide an effective way to build trusted communities in Virtual Worlds, allowing us to attribute different kind of roles and permissions, under a digital rights and intellectual property policy basis. Under the prior possibilities, there is some work already being done. For example, Hypergrid: an architecture and protocol for securely decentralizing multiuser virtual environments. It establishes an open federation of multiuser applications that can exchange user agents and assets, and can generally interoperate on several basic services. It supports the teleporting of user agents between worlds in different administrative domains while preserving user identity, as well as the user's 3D virtual representation and connections to certain home-world services [9]. Another promising technology, called Medulla, created by the Federation of American Scientists (FAS) and is also still in progress, uses web single sign-on access control with Shibboleth and DSpace databases manager for identity management, team building, information sharing, project management, peer review, data versioning, data archiving, intellectual property management, and learning management in virtual worlds [10]. Similarly, a project called Moonshot, from Janet-led in partnership with the GANT project and others, is developing a single unifying technology for

Virtual Worlds (VWs) are proprietary environments that run on the owning companies' servers. However, free open source projects are multiplying as the Metaverse Open Source Project, Croquet Project, Open Cobalt, Open Simulator, among others, by developing free servers, tools and applications.

extending the benefits of SAML-based federated identity to a broad range of non-web services, including cloud infrastructures, high performance computing & grid infrastructures and other commonly deployed services including mail, file store, remote access and instant messaging [11]. Virtual Worlds typically use a client-side viewer that renders content stored remotely on servers, but it also makes sense to integrate virtual world viewers into Web browsers. This is already possible, plugging the Unity 3D viewer into Web browsers, or using WebGL techniques. The aim is to remove the roadblock of having separate applications for Web browsing and virtual world interaction [12]. A practical example of that is Jibe [13], an extensible architecture created by ReactionGrid, that uses a middleware abstraction layer to communicate with multiple backend systems (currently SmartFox & Photon) and frontends (currently Unity3D, ready for WebGL). The Jibe platform also includes detailed logging of in-world events and user tracking, and the ability to integrate with existing user databases like LDAP, Facebook Connect, LMS and CMS. Another well-known project that merges Virtual Worlds and websites, with a great emphasis in the educational community, is SLOODLE [14] - a free and open source project which integrates the multi-user virtual environments of Second Life and/or Open Simulator with the Moodle learning management system. One of the most fundamental affordances of SLOODLE is to pair Moodle users to their virtual world avatars. When a user clicks on the Second Life registration booth, while logged in with their avatar, they are prompted to visit a Moodle registration page. This allows Moodle to verify the Second Life identity of the Moodle user, and this data is then stored in Moodle. Alternatively, a 'Login Zone' object in Second Life allows avatar registration to be driven from Moodle, followed by logging into Second Life. However, there are fairly strict limitations on the amounts of data that can be sent in a single request and received in a response and additional issues relating to authentication and checking permissions still missing. This simply outlines how it is possible to integrate Second Life virtual world and Moodle. IV. E DUCATIONAL L ANDSCAPE The use of Virtual Worlds for educational purposes is well documented within several studies, and has been increasingly adopted in a cross-disciplinary way. However, running and managing educational activities in these environments is a hard task yet, particularly in formal learning contexts, where institutions face a wide range of technological challenges. Therefore, we are moving toward a Virtual Worlds technology maturity process, and identity federation will have a critical impact on its widespread adoption by educational community. Firstly, the fluidity and playfulness inherent in virtual worlds identity construction can be disconcerting and confusing. Building social relations can be problematic and fraught when identities are never fixed and the freedom to play with identity and manage reputation can become an issue of concern, and accountability for actions becomes displaced. Identity federation provides the identity and trust needed to be

certain that the students and instructors participating are who they say they are. For instance, parents could ensure that when their children went to an online virtual world for kids, every other person there had been properly authenticated and was really a kid. Secondly, designing and running teaching activities requires time and multiple skills to address issues such as intellectual object permissions, property rights, and accessibility. Identity management provide access-control mechanisms, similar to digital rights management, that could limit the rights to user or control smart devices to the owner or others who have been granted that right. In practice, it makes possible that a teacher of one school or institution uses 3D resources and spaces from teachers of other schools or institutions, thus increasing time-efficiency and reusability. Similarly, a student from one school or institution can participate in virtual classes from teachers of other schools or institutions. Besides this, another important concern within Virtual Worlds technology, for it to be successfully adopted by mainstream educators, is the need to be able to share data and interoperate with existing web-based information systems in a federative way. The lack of course management and learning support tools, available on web but missing in virtual worlds, is wasting opportunities to enrich the learning experience. Class lists, access controls, quizzes, grade books, asynchronous forums for discussion, e-portfolios, video conferencing, etc., are traditional well known tools that educators and institutions are already comfortable and willing to use. As we saw before, SLOODLE was a first step toward this kind of possibility. Thus, we need solutions on how to integrate 2D and 3D environments (especially social networks like Facebook, Twitter, etc. - in order to migrate our currently relationships and social connections), in a way that assure one unique user identity regardless the side in which we find ourselves. Finally, we are one step behind to achieve Massive Online Open Courses (MOOCs) in Virtual Worlds. For instance, identity federation can help educational politics to lead, globally, a joint network of 3D schools and universities. With the agreement between different organizations and systems for shared identity information beyond internal boundaries, controlling and monitoring (through authentication and authorization processes) the access to protected resources based on users attributes (can be staff, faculty or student), it will be possible to bridge the gap between Virtual Worlds and formal learning. This would allow educational institutions to create their own Virtual Worlds in a secure, sustainable and costefficiency way. It raises the possibility to cooperate between other organizations, in the development of federated environments and/or serious applications, tracking students learning performance and results. This will bring us huge amounts of data, related to the learning and teaching processes in Virtual Worlds. We will be able to take a deepen understand on how we interact with our students and resources in Virtual Worlds, what are the most used tools, visited spaces, which students are scattering from the course focus, etc.,

during the learning process. If identity federation occurs, Learning analytics and Virtual Worlds will be other research trend in the near future. V. FUTURE DIRECTIONS Many areas of virtual world technology need further exploration, but we are moving toward standardization that help insure interoperability: Collada is recognized as the standard for graphical content; the IETF Virtual World Region Agent Protocol effort focused on interoperability, but has been abandoned; the Web 3D Consortium is also developing 3D standards; and the IEEE Metaverse Standards working group is developing a glossary and a reference architecture for virtual worlds [5]. However, most of the standards efforts have concentrated on virtual worlds' graphical aspects, neglecting other important areas that can impact the widespread adoption of Virtual Worlds by formal education institutions, as identity federation (with the ISO/IEC effort known as MPEG-V being a notable exception but still lacking depth). There is a need for consensus in order to connect digital identities with physical identities, thus creating a unique federated identity system that can act independently from the service in use. Instead of the need to adapt virtual worlds to the federation systems, we need an open agreement that allows virtual worlds with basic federated and interoperable standards capable to adapt within the broad range of available services on the Internet. This way, Virtual Worlds technologies are able to scale and evolve independently within the different research areas, without compromising the users identity. For instance, if a student have an identity in their educational institution to access their learning management system, e-mail service, etc., the same student have to be also recognized as it when access to the virtual world (even with different kind of roles and permissions). This kind of approach allows federated worlds, services and identities to evolve towards user-centric management, where the focus is on the physical identity and not on the services or infrastructures. That must allow the user to determine which information should be revealed to which parties and for what purposes, how dependable those parties are, how they will deal with the information, and what are the consequences of sharing their information. This can change the paradigm of identity management - not only a business process, but a user activity [15].

ACKNOWLEDGMENT This work is funded (or part-funded) by the ERDF European Regional Development Fund through the COMPETE Programme (operational programme for competitiveness) and by National Funds through the FCT Fundao para a Cincia e a Tecnologia (Portuguese Foundation for Science and Technology) within project FCOMP - 01-0124-FEDER-022701. REFERENCES
[1] C. Castelluccia, P. Druschel, S. Fischer Hbner, A. Pasic, B. Preneel, and H. Tschofenig, "Privacy, Accountability and Trust - Challenges and Opportunities", Technical report, ENISA, 2011. A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino, "Trust Negotiation in Identity Management", IEEE Security & Privacy, vol. 5, no. 2, 2007, pp. 55-63. J. Kallela, "Federated Identity Management Solutions", Technical report, Helsinki University of Technology, 2008. A. Hendaoui, M. Limayem, and C. W. Thompson, "3D Social Virtual Worlds: Research Issues and Challenges", IEEE Internet Computing, Vol. 12, No. 1, 2008, pp. 88-92. D. Burden, "A Semantic Approach to Virtual World Standards," IEEE Internet Computing, Vol. 15, No. 6, Nov.-Dec. 2011, pp. 40- 43. C. W. Thompson, "Next-Generation Virtual Worlds: Architecture, Status, and Directions", IEEE Internet Computing, Vol. 15, No.1, Nov.Dec. 2011, pp. 60-15. C. W. Thompson, "Virtual World Architectures", IEEE Internet Computing, vol. 15, no. 5, 2011, pp. 1114. K. Hunt, "This land is not your land: Second Life, Copybot and the looking question of virtual property rights", Texas Review of Entertainment & Sports Law, vol. 9, 2007, pp. 141-172. C. Lopes, Hypergrid: Architecture and Protocol for Virtual World Interoperability, IEEE Internet Computing, vol. 15, no. 5, 2011, pp. 2229. M. R. Fox, H. Kelly and S. Patil, "Medulla: A cyberinfrastructureenabled framework for research, teaching, and learning with virtual worlds", Online Worlds: Convergence of the Real and the Virtual, Human-Computer Interaction Series, 2010, pp. 87100, SpringerVerlag. J. Howlett, Project Moonshot", IETF 77 Meetings, 21-26 March, 2010, Anaheim, CA, USA. Available on: http://www.painlesssecurity.com/wp/wp-content/uploads/2010/03/moonshot-ietf-77briefing-paper.pdf N. Katz, T. Cook and R. Smart, "Extending Web Browsers with a Unity 3D-Based Virtual Worlds Viewer", IEEE Internet Computing, vol. 15, 2011, no. 5, pp.15-21. J. Floyd and I. Frank, New Immersive Worlds for Educators and Librarians: Beyond Second Life, Library Hi Tech News, vol. 29, no. 6, 2012, pp. 1115. Livingstone, D., Kemp, J.: Integrating Web-Based and 3D Learning Environments: Second Life Meets Moodle, The European Journal for the Informatics Professional, vol. 9, no. 3, 2008, pp. 8-14. A. Cavoukian, "Privacy in the clouds". Identity in the Information Society, 2008, vol. 1, no. 1, pp. 87100, Springer-Verlag.

[2]

[3] [4]

[5] [6]

[7] [8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]