7/27/2019 Vs-Games'13 Final Version

1/4

Federation technology and Virtual Worlds forLearning:

Research trends and opportunities towards identity federation

Gonalo Cruz, Antnio CostaSchool of Science and Technology

University of Trs-os-Montes e Alto Douro (UTAD)Vila Real, Portugal

goncaloc@utad.pt, acosta@utad.pt

Paulo Martins, Ramiro Gonalves, Joo BarrosoINESC TEC (formerly INESC Porto) and School of Science

and TechnologyUniversity of Trs-os-Montes e Alto Douro (UTAD)

Vila Real, Portugalpmartins@utad.pt, ramiro@utad.pt,jbarroso@utad.pt

Abstract Currently, Virtual Worlds technology is used for

educational purposes in a cross-disciplinary way. However,particularly in formal learning institutions, its widespreadadoption is far from being a reality due a broad range of

technological challenges. This paper addresses identity federationsystems as possible solutions to some of the interoperability,security and user management problems. Our major goal is topresent what systems, architectures and standards are standingout, how the research area is moving toward identity federation,

and why educational institutions need to address it. We consider

identity, privacy, security-assurance, and interoperability asmain concerns within our analysis, in order to interconnectdigital identities with physical identities, and create a uniquefederated identity system that can act independently from the

service in use. Thus, VWs technologies will be able to scale andevolve independently without compromising user's identity.

Keywords Federation technology; Identity federation;Standards; Virtual Worlds; Learning;

I. INTRODUCTIONA growing number of universities and academic

institutions are immersing themselves in Virtual Worlds(VWs), exploring the ways in which education and learningcan be achieved through virtual interactions. The focus of thispaper is the identification and development of identityfederation technologies, when dealing with VWs adoption foreducational purposes. We present the concept of identityfederation and lay out what systems, architectures, andstandards are standing out, to describe and explain how it cansupport widespread use of VWs in formal learning contexts.

For further elucidation we consider identity, privacy,

security-assurance, and interoperability as main concernswithin our analysis on how currently VWs projects andtechnological developments are meeting these challenges. Wediscuss a set of cases in which identity federation can serve asa tool that provides several advantages to institutions, faculty,and students, when running and managing educationalactivities in these environments.

Finally, VWs technology is moving upon standardizationbut most of the standard-setting efforts have neglected thefield of identity federation, which can also have an impact onthe widespread adoption by educational institutions. We

highlight future directions towards the development of identityfederation technologies for Virtual Worlds, based on a needfor consensus to connect users digital identities with physicalidentities.

II. IDENTITY FEDERATION AND FEDERATIONTECHNOLOGY

In the future, the Internet will be available in the form ofservices. Currently, the concepts in the form of licensingmodels and/or purchasing goods are being transformed intoconcepts of electronic services (e-services) in which thepayment is intrinsically linked with the on-demand use. Theparadigms of cloud computing, with the provision of platformsas a service (PaaS) or Software as a Service (SaaS), arecurrently a reality, where these concepts are broadly applied.The emerging number of terminals supporting IPv4 (InternetProtocol) complemented with the increasing penetration ofIPv6, improved geographical coverage and higher bandwidthavailability will bring the ability to treat even physicalproducts as e-services. This allows the emergence of new e-service paradigms that can share services or even combine e-services to create new ones.

The capability of customization and the flexibility of e-services will be predominant attributes. In this sense thetraditional classification of e-services will not apply. Thecustomization and personalization capabilities will increasethe use of e-services, but the attitudes of the users will takeinto account considerations of privacy, security and trust onthe e-services and in the service providers. These attributeswill have to be taken into account in the design usability andimplementation of their information systems and services.

Shared services will also bring profound changes on howpersonal data will be saved and used. Finally, accountabilityprinciples will bring changes not only to service compositionand delivery, but also to e-service design. The shared controlof the user data and the users of services should also be takeninto account [1].

To ensure the security, confidentiality, accountability, andreliability of data, the identities of users and informationsystems is currently a theme on debate. The proliferation of

7/27/2019 Vs-Games'13 Final Version

2/4

digital identities is also a concern. It is no longer possible thestrict interconnection of a user with a digital identity [1].

Federated systems and identity federation systems havebeen identified as a solution to the problems described. Theconcept of identity federation can be understood as a group oforganizations or service providers which have built trustrelationships among themselves in order to enable sharing ofinformation about the identity of its users. This concept thusallows the possibility of integration and sharing of resources ina secure and reliable way [2].

Federated identity system includes various standards,technologies, and solutions that enable users to access multipleservices in the Internet with only a single user identity. Thismodel of identity management can benefit both users andservice providers, since users only need to remember thecredentials for one account, and service providers can reducethe costs related to the management of identity information. Inaddition, a number of other benefits can be achieved withfederated identity, such as increasing the collaboration andinteroperability between organizations and improving security,privacy and usability of the services [3]

The main advantage of a federated identity system is that itallows organizations full control over centralized access to allapplications, whether internal or external. Organizations alsocontrol how validating users, regardless of which credentialsthat may be required. Other advantages related to theseconcepts relate to users provisioning, making it much saferand easier to perform.

The concept of "federated identity" parsed into its twoconstituent words reveals the power of this approach in termsof security. Identity is an individual user, which is the basis forauthentication (credentials to establish the user is that he/sheclaims to be) and authorization (applications allowed for use

by specific users.). The word association involves a set ofrules that allow that information related to the identity can beshared securely between the parties.

There are currently a large set of systems of identityfederation. From systems based on open standards to thosebased on proprietary solutions, developed by privatecompanies. Nearly all have similar features, ranging in scopeand applicability of the solution. However, two architecturesstand out. The Security Assertion Markup Language (SAML)is a standard created to exchange security related informationbetween organizations. The Shibboleth specification is anextension of the standard SAML addition to being an exampleof an identity federation system uses web based

implementation methodology of SAML. The WS-Federation,stands out as a specification whose base rests on standards ofWeb Services framework Security (WSS).

III. FEDERATION AND VIRTUAL WORLDSVirtual Worlds (VWs) are proprietary environments that

run on the owning companies' servers. However, free opensource projects are multiplying as the Metaverse Open SourceProject, Croquet Project, Open Cobalt, Open Simulator,among others, by developing free servers, tools andapplications.

Extensive research agenda can be found addressing VirtualWorlds technology issues and concerns [4][5][6][7]. Here wepoint out some of them that are particularly related to identity,security, privacy-assurance, and interoperability, wherefederation systems can have a major role:

Identity - How we can merge real and virtual identities?How we can manage multiple roles and permissions?

Security and privacy assurance - How we can managedigital rights and intellectual property?

Interoperability - How we can merge Virtual Worlds andWebsites? How we can cross through heterogeneous VirtualWorlds?

If anyone can create a website, it makes sense for anyoneto create a virtual world. Furthermore, it also makes sense thatan end user's avatar is able to travel from one virtual world toanother. However, Virtual Worlds implementations areheterogeneous, and most still don't interoperate. There is aneed to develop and find solutions to simplify this userexperience, making possible the access between virtualworlds, with users coming and going like on websites. Withuser-centric identity management, we could establish ouridentity once and be able to use the full range of services in avirtual world, and even more, establish one unique identity inone virtual world that could be transferable (transparently) toanother.

Unfortunately, there are no currently effective means formanaging identity and security for that purpose. As a result,it's difficult to prevent disruptive behavior or inappropriatepostings by anonymous users who may appear and quicklydisappear. Moreover, to assure intellectual property rights of3D content, and prevent the occurrence of situations likeCopyBot [8] (a modified Second Life client which is able tocopy copyrighted elements). User-centric identitymanagement could also provide an effective way to buildtrusted communities in Virtual Worlds, allowing us to attributedifferent kind of roles and permissions, under a digital rightsand intellectual property policy basis.

Under the prior possibilities, there is some work alreadybeing done. For example, Hypergrid: an architecture andprotocol for securely decentralizing multiuser virtualenvironments. It establishes an open federation of multiuserapplications that can exchange user agents and assets, and cangenerally interoperate on several basic services. It supports theteleporting of user agents between worlds in differentadministrative domains while preserving user identity, as wellas the user's 3D virtual representation and connections tocertain home-world services [9].

Another promising technology, called Medulla, created bythe Federation of American Scientists (FAS) and is also still inprogress, uses web single sign-on access control withShibboleth and DSpace databases manager for identitymanagement, team building, information sharing, projectmanagement, peer review, data versioning, data archiving,intellectual property management, and learning managementin virtual worlds [10]. Similarly, a project called Moonshot,from Janet-led in partnership with the GANT project andothers, is developing a single unifying technology for

7/27/2019 Vs-Games'13 Final Version

3/4

extending the benefits of SAML-based federated identity to abroad range of non-web services, including cloudinfrastructures, high performance computing & gridinfrastructures and other commonly deployed servicesincluding mail, file store, remote access and instant messaging[11].

Virtual Worlds typically use a client-side viewer thatrenders content stored remotely on servers, but it also makessense to integrate virtual world viewers into Web browsers.This is already possible, plugging the Unity 3D viewer intoWeb browsers, or using WebGL techniques. The aim is toremove the roadblock of having separate applications for Webbrowsing and virtual world interaction [12].

A practical example of that is Jibe [13], an extensiblearchitecture created by ReactionGrid, that uses a middlewareabstraction layer to communicate with multiple backendsystems (currently SmartFox & Photon) and frontends(currently Unity3D, ready for WebGL). The Jibe platform alsoincludes detailed logging of in-world events and user tracking,and the ability to integrate with existing user databases likeLDAP, Facebook Connect, LMS and CMS.

Another well-known project that merges Virtual Worldsand websites, with a great emphasis in the educationalcommunity, is SLOODLE [14] - a free and open sourceproject which integrates the multi-user virtual environments ofSecond Life and/or Open Simulator with the Moodle learningmanagement system. One of the most fundamentalaffordances of SLOODLE is to pair Moodle users to theirvirtual world avatars. When a user clicks on the Second Liferegistration booth, while logged in with their avatar, they areprompted to visit a Moodle registration page. This allowsMoodle to verify the Second Life identity of the Moodle user,and this data is then stored in Moodle. Alternatively, a 'LoginZone' object in Second Life allows avatar registration to bedriven from Moodle, followed by logging into Second Life.However, there are fairly strict limitations on the amounts ofdata that can be sent in a single request and received in aresponse and additional issues relating to authentication andchecking permissions still missing. This simply outlines how itis possible to integrate Second Life virtual world and Moodle.

IV. EDUCATIONAL LANDSCAPEThe use of Virtual Worlds for educational purposes is well

documented within several studies, and has been increasinglyadopted in a cross-disciplinary way. However, running andmanaging educational activities in these environments is ahard task yet, particularly in formal learning contexts, where

institutions face a wide range of technological challenges.Therefore, we are moving toward a Virtual Worlds technologymaturity process, and identity federation will have a criticalimpact on its widespread adoption by educational community.

Firstly, the fluidity and playfulness inherent in virtualworlds identity construction can be disconcerting andconfusing. Building social relations can be problematic andfraught when identities are never fixed and the freedom toplay with identity and manage reputation can become an issueof concern, and accountability for actions becomes displaced.Identity federation provides the identity and trust needed to be

certain that the students and instructors participating are whothey say they are. For instance, parents could ensure that whentheir children went to an online virtual world for kids, everyother person there had been properly authenticated and wasreally a kid.

Secondly, designing and running teaching activitiesrequires time and multiple skills to address issues such asintellectual object permissions, property rights, andaccessibility. Identity management provide access-controlmechanisms, similar to digital rights management, that couldlimit the rights to user or control smart devices to the owner orothers who have been granted that right. In practice, it makespossible that a teacher of one school or institution uses 3Dresources and spaces from teachers of other schools orinstitutions, thus increasing time-efficiency and reusability.Similarly, a student from one school or institution canparticipate in virtual classes from teachers of other schools orinstitutions.

Besides this, another important concern within VirtualWorlds technology, for it to be successfully adopted bymainstream educators, is the need to be able to share data andinteroperate with existing web-based information systems in afederative way. The lack of course management and learningsupport tools, available on web but missing in virtual worlds,is wasting opportunities to enrich the learning experience.Class lists, access controls, quizzes, grade books,asynchronous forums for discussion, e-portfolios, videoconferencing, etc., are traditional well known tools thateducators and institutions are already comfortable and willingto use. As we saw before, SLOODLE was a first step towardthis kind of possibility. Thus, we need solutions on how tointegrate 2D and 3D environments (especially social networkslike Facebook, Twitter, etc. - in order to migrate our currentlyrelationships and social connections), in a way that assure one

unique user identity regardless the side in which we findourselves.

Finally, we are one step behind to achieve Massive OnlineOpen Courses (MOOCs) in Virtual Worlds. For instance,identity federation can help educational politics to lead,globally, a joint network of 3D schools and universities. Withthe agreement between different organizations and systems forshared identity information beyond internal boundaries,controlling and monitoring (through authentication andauthorization processes) the access to protected resourcesbased on users attributes (can be staff, faculty or student), itwill be possible to bridge the gap between Virtual Worlds andformal learning.

This would allow educational institutions to create theirown Virtual Worlds in a secure, sustainable and cost-efficiency way. It raises the possibility to cooperate betweenother organizations, in the development of federatedenvironments and/or serious applications, tracking studentslearning performance and results. This will bring us hugeamounts of data, related to the learning and teaching processesin Virtual Worlds. We will be able to take a deepenunderstand on how we interact with our students and resourcesin Virtual Worlds, what are the most used tools, visited spaces,which students are scattering from the course focus, etc.,

7/27/2019 Vs-Games'13 Final Version

4/4

during the learning process. If identity federation occurs,Learning analytics and Virtual Worlds will be other researchtrend in the near future.

V. FUTURE DIRECTIONSMany areas of virtual world technology need further

exploration, but we are moving toward standardization thathelp insure interoperability: Collada is recognized as the

standard for graphical content; the IETF Virtual World RegionAgent Protocol effort focused on interoperability, but has beenabandoned; the Web 3D Consortium is also developing 3Dstandards; and the IEEE Metaverse Standards working groupis developing a glossary and a reference architecture forvirtual worlds [5]. However, most of the standards efforts haveconcentrated on virtual worlds' graphical aspects, neglectingother important areas that can impact the widespread adoptionof Virtual Worlds by formal education institutions, as identityfederation (with the ISO/IEC effort known as MPEG-V beinga notable exception but still lacking depth).

There is a need for consensus in order to connect digitalidentities with physical identities, thus creating a unique

federated identity system that can act independently from theservice in use. Instead of the need to adapt virtual worlds tothe federation systems, we need an open agreement that allowsvirtual worlds with basic federated and interoperable standardscapable to adapt within the broad range of available serviceson the Internet. This way, Virtual Worlds technologies areable to scale and evolve independently within the differentresearch areas, without compromising the users identity. Forinstance, if a student have an identity in their educationalinstitution to access their learning management system, e-mailservice, etc., the same student have to be also recognized as itwhen access to the virtual world (even with different kind ofroles and permissions).

This kind of approach allows federated worlds, servicesand identities to evolve towards user-centric management,where the focus is on the physical identity and not on theservices or infrastructures. That must allow the user todetermine which information should be revealed to whichparties and for what purposes, how dependable those partiesare, how they will deal with the information, and what are theconsequences of sharing their information. This can changethe paradigm of identity management - not only a businessprocess, but a user activity [15].

ACKNOWLEDGMENT

This work is funded (or part-funded) by the ERDF European Regional Development Fund through theCOMPETE Programme (operational programme forcompetitiveness) and by National Funds through the FCT Fundao para a Cincia e a Tecnologia (PortugueseFoundation for Science and Technology) within projectFCOMP - 01-0124-FEDER-022701.

REFERENCES

[1] C. Castelluccia, P. Druschel, S. Fischer Hbner, A. Pasic, B. Preneel,and H. Tschofenig, "Privacy, Accountability and Trust - Challenges andOpportunities", Technical report, ENISA, 2011.

[2] A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino, "Trust Negotiationin Identity Management", IEEE Security & Privacy, vol. 5, no. 2, 2007,pp. 55-63.

[3] J. Kallela, "Federated Identity Management Solutions", Technical report,Helsinki University of Technology, 2008.

[4] A. Hendaoui, M. Limayem, and C. W. Thompson, "3D Social VirtualWorlds: Research Issues and Challenges", IEEE Internet Computing,Vol. 12, No. 1, 2008, pp. 88-92.

[5] D. Burden, "A Semantic Approach to Virtual World Standards," IEEEInternet Computing, Vol. 15, No. 6, Nov.-Dec. 2011, pp. 40- 43.

[6] C. W. Thompson, "Next-Generation Virtual Worlds: Architecture,Status, and Directions", IEEE Internet Computing, Vol. 15, No.1, Nov.-Dec. 2011, pp. 60-15.

[7] C. W. Thompson, "Virtual World Architectures", IEEE InternetComputing, vol. 15, no. 5, 2011, pp. 1114.

[8] K. Hunt, "This land is not your land: Second Life, Copybot and thelooking question of virtual property rights", Texas Review ofEntertainment & Sports Law, vol. 9, 2007, pp. 141-172.

[9] C. Lopes, Hypergrid: Architecture and Protocol for Virtual WorldInteroperability, IEEE Internet Computing, vol. 15, no. 5, 2011, pp. 22-29.

[10] M. R. Fox, H. Kelly and S. Patil, "Medulla: A cyberinfrastructure-enabled framework for research, teaching, and learning with virtualworlds", Online Worlds: Convergence of the Real and the Virtual,Human-Computer Interaction Series, 2010, pp. 87100, Springer-Verlag.

[11] J. Howlett, Project Moonshot", IETF 77 Meetings, 21-26 March, 2010,Anaheim, CA, USA. Available on: http://www.painless-security.com/wp/wp-content/uploads/2010/03/moonshot-ietf-77-briefing-paper.pdf

[12]N. Katz, T. Cook and R. Smart, "Extending Web Browsers with a Unity3D-Based Virtual Worlds Viewer", IEEE Internet Computing, vol. 15,2011, no. 5, pp.15-21.

[13] J. Floyd and I. Frank, New Immersive Worlds for Educators andLibrarians: Beyond Second Life, Library Hi Tech News, vol. 29, no. 6,2012, pp. 1115.

[14] Livingstone, D., Kemp, J.: Integrating Web-Based and 3D LearningEnvironments: Second Life Meets Moodle, The European Journal forthe Informatics Professional, vol. 9, no. 3, 2008, pp. 8-14.

[15] A. Cavoukian, "Privacy in the clouds". Identity in the InformationSociety, 2008, vol. 1, no. 1, pp. 87100, Springer-Verlag.