Authentication and authorisation: AAF and ARCS


Date and time

Monday 9 November, 13:30 - 17:00.

This workshop is offered at 50% of the normal workshop rate, as ARCS and AAF are meeting 50% of the cost for participants.

Description

The Australian Access Federation (AAF) brings together cutting edge technologies as a framework for trusted electronic communications and collaboration within and between universities and research institutions in Australia and overseas. The AAF promotes seamless researcher, teacher and student mobility and inter-university collaboration via automatic identification services, that allow authentication of people and resources between participating institutions. Similar federations are operational in the international community and the framework is rapidly becoming the common approach for managing and sharing resources.

This workshop has the following objectives for helping the participant find out more about the AAF:

  1. To provide a high-level overview of the AAF and how to get started in the home organisation.
  2. To provide the participant with an idea of the research and collaboration services that are available (and planned) for participants of the AAF.
  3. To allow the participant to provide feedback as to what key services would provide the most value to the research, teaching and student community.

The Australian Research Collaboration Service (ARCS) is providing federated access to Australian grid services, data services, and collaboration tools and services. ARCS has integrated Shibboleth with Grid Services, which rely on X.509 certificates, by implementation of the Short Lived Credential Service (SLCS) profile of the International Grid Trust Federation (IGTF). ARCS will make use of the Identity Level of Assurance attribute in order to determine whether a "Level-1" or "Level-2" SLCS certificate is issued to the end-user. ARCS is seeking accreditation by the IGTF for trust in the "Level-2" SLCS certificate.

ARCS is also integrating Shibboleth with non-web-based services. Mechanisms and security aspects of solutions will be presented. Management of authorisation rights for ARCS services, and role of the ARCS Access Service for registration with ARCS Services and authorisation rights issuance, will be demonstrated.

Participants will be asked to contribute ‘research group service scenarios’ prior to the workshop. This will allow the workshop to focus on how the AAF may be applied to access and provision of research services.

The workshop will conclude with a discussion of the Pilot AAF MiniGrant programme, the impact of the deployment of an Australian PKI infrastructure as part of the AAF, and recent and planned advances in Shibboleth and implications for the AAF.

AAF Background: The establishment of the production AAF, targeted for 1Q10, is the culmination of a number of sector wide federal government funded projects. Previous work has seen the establishment and trial use of a testbed Federation with 'mini-grant' projects funded to contribute services to the Federation and foster sector experience in use of Shibboleth. The current phase of work leading to the production AAF is the CAUDIT Pilot AAF project. This project, with significant funding support from the Department of Innovation, Industry, Science and Research (DIISR), is a transition between the testbed projects and the production AAF. The AAF is expected to significantly grow in utilisation of federation services across both the research and higher education sectors in the next 12 months.

Outline

  1. Introduction to the Pilot AAF. This introductory session will discuss:
    • What is a federation?
    • What is the AAF and its role in enabling research and collaboration?
    • A brief background to the AAF Pilot project and its current status.
    • How the AAF provides a high level of trust between its participants, both technically and at a governance level.
    • How to find out more about the federation and the available services.
    30 minutes
     
  2. Australian Research Collaboration Service. ARCS Services overview: Grid, data fabric, collaboration tools, and authorisation services. Reliance on the AAF and strategy for unified authorisation. Use of the ARCS IdP and the associated registration process and identity proofing. Use of the ARCS SLCS Service for generation of short-lived X.509 Grid Certificates, provision of delegated authentication, and path to IGTF accreditation. SLCS CAs and use of eduPersonAssurance to convey identity level of assurance. Role of ARCS access service, including authorisation rights management. ARCS support processes. Includes a demonstration of ARCS tools and services.
    60 minutes

  3. Proposed Research Services. Analysis of proposed research services, and solutions made possible by the AAF. A review of the research group service scenarios provided.
    60 minutes

  4. So what’s next? AAF MiniGrants, the AAF PKI, and Shibboleth future. Pilot AAF minigrant program status. Future roadmap for the AAF and Shibboleth. Plan for transition from the Pilot AAF to the production AAF. Roadmap for Shibboleth to Research Services. Final Q&A and resources available for further information.
    30 minutes

Questions and discussion are invited during each part, however with appropriate consideration of time.

Who should attend

People who will benefit from attending the workshop include eResearch analysts, other eResearch intermediaries who advise researchers on technology tools and services, and researchers interested in authentication or authorisation solutions.

What to bring

Attendees do not need to bring a laptop, however if available they may be able to view and explore web-pages referenced during the workshop. Participants should have general IT knowledge and a conceptual understanding of federated identity and access management.

About the presenters

Terry Smith has worked in the ITS and networking group of QUT for 22 years. He has been involved in QUT's embracement of SAML to deliver effective and efficient access to resources internal to the QUT with linkage to the broader Shibboleth Federation. He managed the development of QUT's Enterprise Sign-On Engine prior to it's spin-off to Intient. Terry is the AAF Technical Program Manager, and his team has been responsible for setting up the AAF federation infrastructure components for use by the Pilot AAF and for migrating Australian institutions to the latest version of Shibboleth.

Neil Witheridge has broad experience in software engineering, working for both government and commercial research organisations. He was involved in management of the MAMS and AAF projects contributing to the deployment of Shibboleth for Australian Higher Education use. He is currently Manager Authorisation Services, for the Australian Research Collaboration Service (ARCS). His team's role is to provide a unified authorisation infrastructure to deliver effective and efficient protection of eResearch Services provided by ARCS and Australian research groups. The AAF is key to ARCS' authorisation services strategy.

Heath Marks has over 11 years experience in the delivery of Information Technology in the tertiary sector. His recent achievement was Project Manager of the Mobile Staff Productivity Project. A $1.36 million DEEWR funded collaborative project between Griffith University and QUT. The project successfully increased and measured workplace productivity through the use of mobile, technologies, processes and work practices. Heath is currently appointed by CAUDIT as Project Manager of the Australian Access Federation Project.
 
Copyright 2010 The University of Queensland
Authorised by: eResearch Committee
Maintained by: eresearch2010@eresearch.edu.au
Updated: Sep 3, 2009