Australian Access FederationAustralian Access Federationand other Middleware Initiativesand other Middleware Initiatives

Presented at TF-EMC2, Prague4 Sep 2007

Patty McMillan, The University of Queensland

Copyright © 2007 AusCERT 2

ContentContent

• Context and drivers• Pre-federation projects• AAF current status and issues

– Operation and governance

– Attributes

– Communications and outreach

• AAF roadmap• Other middleware initiatives in Australia

Copyright © 2007 AusCERT 3

Australian environmentAustralian environment

• 38 publicly funded universities

• CAUDIT: Very strong coordination among Aus/NZ CIOs for higher ed and research

• Government policy encouraging more:– Collaboration and shared infrastructure

– Diversification and specialisation

– Global engagement

– Research quality metrics

– Operational efficiency

Copyright © 2007 AusCERT 4

NCRISNCRIS

• NCRIS = National Collaborative Research Infrastructure Strategy

• AUD 550M over 5 years for shared research infrastructure –physical facilities, instruments, technology

• Includes AUD 75M over 5 years for collaboration technology infrastructure: access management, data management, middleware, collaboration tools

• Australian Access Federation (AAF) seen as critical piece in enabling shared research infrastructure and research collaboration

Copyright © 2007 AusCERT 5

Pre-federation projectsPre-federation projects

• MAMS Project– Runs testbed Shibboleth federation

– Contributes tools such as ShARPE: Shibboleth Attribute Release Policy Editor

• CAUDIT PKI Pilot Project– Investigated PKI architecture model for HE & Research

– Deployed pilot infrastructure

• eSecurity Framework Project– Brought Shibboleth and PKI components together into a

common trust infrastructure for the higher education and research sector.

Copyright © 2007 AusCERT 6

AAF implementation projectAAF implementation project

• AUD 4.8 M funded by Department of Education, Science, and Training

• Introduce production federation early 2008 building on work done by previous projects

• University of Queensland leads project, partnered by AusCERT and Macquarie University (MAMS)

• Steering Committee with representation across sector

• Transition from implementation project to ongoing production federation service in 2008

Copyright © 2007 AusCERT 7

AAF current statusAAF current status

• Draft policies: https://wiki.esecurity.edu.au/display/esecurity/Draft+Policy+Framework

• MAMS Testbed Fed now has Level 2 with 21 IdPs, 21 SPs as pre-production to be transitioned to AAF

• Popular hands-on Shibboleth and PKI workshops

• Working groups for attributes, grid, and LoA

• Very good awareness among CIOs and nearly all report undertaking major identity management projects

• Less awareness among other parts of the community

Copyright © 2007 AusCERT 8

AAF operation and governanceAAF operation and governance

ShibbolethOperator

PKIOperator

Evolving Technology

Eval., Pilot, Integration

High Availability Support

VHO &Gateways

Inst. SupportTest Env., Guides, Level X helpdesk

AAF OperationalFabric

MissionPolicies

Agreements

Identity Providers

ServiceProviders

Member & AffiliateInstitutions

Governance & Leadership

Contracting Entity

Management

Organisational(AAF Organisation)

Copyright © 2007 AusCERT 9

Attributes!Attributes!

• Working group to recommend schemas and attributes for AAF.

• Have canvassed community on core attributes from– eduPerson, person, organizationalPerson,

inetOrgPerson– Recommendations at: http://www.aaf.edu.au/casp

• Recent workshop looked at further attribute needs– SCHAC: including several as recommended attributes– auEduPerson: deprecating several attributes from 2002

schema; creating a few more – for IDs and LoAs– DISCLAIMER: Still to be canvassed with community

and approved by AAF Steering Committee

Copyright © 2007 AusCERT 10

AAF communications and outreachAAF communications and outreach

• Draft communications plan to reach:– DVCs-Research and other senior management

– CIOs

– Librarians

– Technical staff

– e-Research support providers

– Service providers

– HR and student admin staff

– End-users

• Developing communication and outreach roles

Copyright © 2007 AusCERT 11

AAF roadmap highlightsAAF roadmap highlights

PKI• Pre-Release Activities

– Implementing architecture and finalising certificate profiles

• Release 1– Core Infrastructure deployment

• Release 2– WebTrust audit

– Vendors to process the AusCERT Root Certificate to be included in Browsers and release update

– Additional Services• Hosted CA/RA

• Virtual Home Organisation (VHO)

Copyright © 2007 AusCERT 12

AAF roadmap highlightsAAF roadmap highlights

Shibboleth• Pre-release activities

– MAMS testbed federations (Levels 1 and 2)

• Release 1– Federation Manager & Federation Website– WAYF agent– Shared Services (Federated Directory Search)– Integration with AusCERT PKI– MAMS Shib-based “IAMSuite” for VOs and collaboration

• Wiki eg. Confluence, Action tracking eg. JIRA, Repository eg. Fedora/DSpace

• Release 2– Integration of IAMSuite and VOMS– Shibboleth Identity Provider (IdP) Member Audits

Information provided by MAMS

Copyright © 2007 AusCERT 13

Diagram

develop

ed b

y MA

MS

AAF roadmap highlightsAAF roadmap highlights

Copyright © 2007 AusCERT 14

Other middleware initiativesOther middleware initiatives

• MAPS Project: Middleware Action Plan & Strategy– Report and action plan:

http://www.middleware.edu.au/roadmap

– Developing reference architectures for institutions on:• Identity and access management

• Data management

• VO management and collaboration tools

• Real-time communications

• Secure campus network design

• Grid services

Copyright © 2007 AusCERT 15

Other middleware initiativesOther middleware initiatives

• ICI: Interoperability and Collaboration Infrastructure– AUD 20 M funded as part of NCRIS

– Focus will be on Grid interoperability

– Joint venture of service providers led by VPAC (Victorian Partnership for Advanced Computing)

Copyright © 2007 AusCERT 16

Thank you!