australian access federation and other middleware initiatives presented at tf-emc2, prague 4 sep...
TRANSCRIPT
Australian Access FederationAustralian Access Federationand other Middleware Initiativesand other Middleware Initiatives
Presented at TF-EMC2, Prague4 Sep 2007
Patty McMillan, The University of Queensland
Copyright © 2007 AusCERT 2
ContentContent
• Context and drivers• Pre-federation projects• AAF current status and issues
– Operation and governance
– Attributes
– Communications and outreach
• AAF roadmap• Other middleware initiatives in Australia
Copyright © 2007 AusCERT 3
Australian environmentAustralian environment
• 38 publicly funded universities
• CAUDIT: Very strong coordination among Aus/NZ CIOs for higher ed and research
• Government policy encouraging more:– Collaboration and shared infrastructure
– Diversification and specialisation
– Global engagement
– Research quality metrics
– Operational efficiency
Copyright © 2007 AusCERT 4
NCRISNCRIS
• NCRIS = National Collaborative Research Infrastructure Strategy
• AUD 550M over 5 years for shared research infrastructure –physical facilities, instruments, technology
• Includes AUD 75M over 5 years for collaboration technology infrastructure: access management, data management, middleware, collaboration tools
• Australian Access Federation (AAF) seen as critical piece in enabling shared research infrastructure and research collaboration
Copyright © 2007 AusCERT 5
Pre-federation projectsPre-federation projects
• MAMS Project– Runs testbed Shibboleth federation
– Contributes tools such as ShARPE: Shibboleth Attribute Release Policy Editor
• CAUDIT PKI Pilot Project– Investigated PKI architecture model for HE & Research
– Deployed pilot infrastructure
• eSecurity Framework Project– Brought Shibboleth and PKI components together into a
common trust infrastructure for the higher education and research sector.
Copyright © 2007 AusCERT 6
AAF implementation projectAAF implementation project
• AUD 4.8 M funded by Department of Education, Science, and Training
• Introduce production federation early 2008 building on work done by previous projects
• University of Queensland leads project, partnered by AusCERT and Macquarie University (MAMS)
• Steering Committee with representation across sector
• Transition from implementation project to ongoing production federation service in 2008
Copyright © 2007 AusCERT 7
AAF current statusAAF current status
• Draft policies: https://wiki.esecurity.edu.au/display/esecurity/Draft+Policy+Framework
• MAMS Testbed Fed now has Level 2 with 21 IdPs, 21 SPs as pre-production to be transitioned to AAF
• Popular hands-on Shibboleth and PKI workshops
• Working groups for attributes, grid, and LoA
• Very good awareness among CIOs and nearly all report undertaking major identity management projects
• Less awareness among other parts of the community
Copyright © 2007 AusCERT 8
AAF operation and governanceAAF operation and governance
ShibbolethOperator
PKIOperator
Evolving Technology
Eval., Pilot, Integration
High Availability Support
VHO &Gateways
Inst. SupportTest Env., Guides, Level X helpdesk
AAF OperationalFabric
MissionPolicies
Agreements
Identity Providers
ServiceProviders
Member & AffiliateInstitutions
Governance & Leadership
Contracting Entity
Management
Organisational(AAF Organisation)
Copyright © 2007 AusCERT 9
Attributes!Attributes!
• Working group to recommend schemas and attributes for AAF.
• Have canvassed community on core attributes from– eduPerson, person, organizationalPerson,
inetOrgPerson– Recommendations at: http://www.aaf.edu.au/casp
• Recent workshop looked at further attribute needs– SCHAC: including several as recommended attributes– auEduPerson: deprecating several attributes from 2002
schema; creating a few more – for IDs and LoAs– DISCLAIMER: Still to be canvassed with community
and approved by AAF Steering Committee
Copyright © 2007 AusCERT 10
AAF communications and outreachAAF communications and outreach
• Draft communications plan to reach:– DVCs-Research and other senior management
– CIOs
– Librarians
– Technical staff
– e-Research support providers
– Service providers
– HR and student admin staff
– End-users
• Developing communication and outreach roles
Copyright © 2007 AusCERT 11
AAF roadmap highlightsAAF roadmap highlights
PKI• Pre-Release Activities
– Implementing architecture and finalising certificate profiles
• Release 1– Core Infrastructure deployment
• Release 2– WebTrust audit
– Vendors to process the AusCERT Root Certificate to be included in Browsers and release update
– Additional Services• Hosted CA/RA
• Virtual Home Organisation (VHO)
Copyright © 2007 AusCERT 12
AAF roadmap highlightsAAF roadmap highlights
Shibboleth• Pre-release activities
– MAMS testbed federations (Levels 1 and 2)
• Release 1– Federation Manager & Federation Website– WAYF agent– Shared Services (Federated Directory Search)– Integration with AusCERT PKI– MAMS Shib-based “IAMSuite” for VOs and collaboration
• Wiki eg. Confluence, Action tracking eg. JIRA, Repository eg. Fedora/DSpace
• Release 2– Integration of IAMSuite and VOMS– Shibboleth Identity Provider (IdP) Member Audits
Information provided by MAMS
Copyright © 2007 AusCERT 13
Diagram
develop
ed b
y MA
MS
AAF roadmap highlightsAAF roadmap highlights
Copyright © 2007 AusCERT 14
Other middleware initiativesOther middleware initiatives
• MAPS Project: Middleware Action Plan & Strategy– Report and action plan:
http://www.middleware.edu.au/roadmap
– Developing reference architectures for institutions on:• Identity and access management
• Data management
• VO management and collaboration tools
• Real-time communications
• Secure campus network design
• Grid services
Copyright © 2007 AusCERT 15
Other middleware initiativesOther middleware initiatives
• ICI: Interoperability and Collaboration Infrastructure– AUD 20 M funded as part of NCRIS
– Focus will be on Grid interoperability
– Joint venture of service providers led by VPAC (Victorian Partnership for Advanced Computing)
Copyright © 2007 AusCERT 16
Thank you!