News & Upcoming Events:

7/10/2007 Ryan Matthew was born

9/18/2006 I started my new job as an Identity Management Consultant with Entology Inc.

6/30/2006 Jen and I closed on our new house

5/27/2006 Jennifer Schell and I were married. Look for pictures to be posted here.

3/27/2006 I presented a talk entitled "Authentication, Authorization, and Identity Management" at the 2006 PSU Security Day

Links:

• Entology Inc.
• PSU Emerging Technologies
• Centre County Sheriff's Office Search & Rescue
• Slashdot
• Google News
• Digg
• Wikipedia

About Mark

This is my website, there are many like it but this one is mine.

New Section

This page is clearly about two years out of date. I am still with Entology, still married, and now have a one year old baby boy (pictures in the gallery). I really need to revamp all of this but in the mean time here is a new page detailing my latest obsession with Guitar Effects Building.

Career Change

In September of 2006 I said a difficult farewell to Penn State to accept a job working as an identity management consultant with Entology Inc.. Obviously the list of current projects below is no longer totally applicable (I do still intend to be involved with the cLog and TwoFactor open source projects I started). Please hold while I settle in at Entology and update this with NEW projects.

Current Projects

Shibboleth: I serve as the technical lead on PSU's Shibboleth project. Starting in 2002, we began running a Shibboleth Origin (now called Identity Provider) site used to provide authentication and authorization data for WebAssign. Shortly after we pioneered the use of Shibboleth as a method of allowing PSU students to create Napster accounts while protecting their privacy and identity. Recently I have developed a plugin for Shibboleth to allow users to request their own SAML assertions with a holder of key confirmation method, initially used for Lionshare. My current work is keeping up with SAML 2 and continuing to find new uses for the Shibboleth Technology

SlashET: Anyone who knows me that the surest way of getting me to do something is to tell me I can't. On a dare, I wrote a functional weblog system entirely in C (using only standard libraries) that I call cLog. While not as full featured as some, it does have the distinction of being one of the few to support external authentication systems (allowing the web server to handle authentication like all good web applications should) and featuring a robust, group-based authorization and permission system. It is currently used by my department at PSU (Emerging Technologies) as the "official" weblog.
I am currently working on rewriting this as a Java servlet. No particular reason why, I just want to write something in Java.

Cosign: Or as it is better known at PSU WebAccess. I was tasked with evaluating several different web single sign on products several years ago and after several months of evaluation and prototyping, CoSign emerged as the clear winner given it's security-centric design and native support of Kerberos credentials. Not to mention the great support community at UMich. I was able to make several modifications for PSU, primarily integrating it with DCE Kerberos and helping to add Kerberos support on the Windows IIS filter to bring it in line with the Apache Filter. It has since been turned over to PSU's AIT department for production support, but I am still involved in testing and implementing at various sites

Lionshare: Derek Morr and I developed a way to add PKI based identity management to Gnutella and have integrated that with the Lionshare project at PSU. This allows for a p2p filesharing network that has cryptographically backed accountability for anything being shared, primarily in an academic environment. We further developed an architecture that builds off of OASIS's SAML (Using Internet2's Shibboleth IdP software) to allow for access controls to be placed on the files themselves. My work was (and is) primarily in designing the architecture and developing the plugin for Shibboleth to handle the "special" assertions and requests needed to make this work.

TwoFactor Java Class: This is a continuation of work I started when I used to work for PSU's Administrative Information Services department. All of Penn State's web based mainframe data updates need to be done with a second factor of authentication, which in our case is an RSA SecurID token. We use PassGO's NCPASS software running on our IBM zSeries mainframe to actually authenticate the token, so I wrote the library (.DLL and Unix .so) to allow the web apps to communicate with NCPASS's non-standard protocol and authenticate people. Recently I was asked to port this C code over to Java to support the new batch of web applications AIS is developing, so I did and even got permission from PassGO to release it as open source (source code is here and accessable via Subversion). There might be a small handful of people who would actually need this, but if you are one of them, shoot me an email and I will be happy to help you.