SPUSC 2008 SOUTH PACIFIC USER SERVICES CONFERENCE The AAF - Supporting Greener Collaboration Stuart Allen MAMS MELCOE Macquarie University sallen@melcoe.mq.edu.au
What is the AAF? The Australian Access Federation is a Trust Federation: Trust Federations are an alternative to the traditional approach of application-managed accounts Comprised of a collection of trusted higher education and research institutions each user has a home institution login for access to federated services (can also be used for local web SSO) other members of the federation trust the user's home institution to assert information about that user
What is the AAF? AAF Shibboleth Federation Overview Identity Providers: organisations that can authenticate their users and share their attribute values (eg, role) Service Providers: services (ie, applications) that are accessible by users from Identity Providers Trust Federation: a trust framework (policy and technical) that connects Identity Providers and Services Providers
What is the AAF? The Australian Access Federation is: Australian Access Federation Operator governed by the Rules of Membership infrastructure to facilitate trusted electronic communications and collaboration a set of operational requirements and recommendations a set of agreed end-user attributes the common language of the federation t f t l i d t d d ( t i d a set of tools, services, and standards (e.g. customised metadata, shared services, etc)
AAF Overview AAF Shibboleth Federation Overview: Shibboleth is an open-source implementation of the SAML standard d Rollout of Shibboleth trust federations in the USA, UK, Australia, Switzerland, Finland, France, Germany, etc MAMS Level 2 Testbed Federation currently has 27 IdPs (approximately 900, 000 identies) and 28 SPs. MAMS Software to assist with deployment (e.g. Federation Manager, Autograph, ShARPE, etc)
Benefits of the AAF Single Sign On intra- and inter-institutions Improved collaboration Unification Greater accuracy of information Reduced administration
User wants to access SP Service Provider Identity Provider
User is redirected and selects IdP: Where Are You From Service Provider Identity Provider
User is redirected to IdP and logs in Service Provider Identity Provider
IdP uses Attribute Release Policy for SAML assertion Service Provider Identity Provider
User is redirected to SP with SAML handle Service Provider Identity Provider
SP uses SAML handle to retrieve user attributes Service Provider Identity Provider
AAF Shibboleth Use Cases Research data and facilities Institutional repositories Cross-institutional course delivery Collaboration tools and shared services Scholarly and information resource licensing
Sharing Services Vendor Services (e.g. Microsoft Dreamspark, Elsevier, etc) Research Domain Services (e.g. Atlas, Medical Images, etc) Federation Services (e.g. Wiki, Forum, e-learning, White Pages, repositories, etc) Your Institutional Services (e.g. Wiki, repositories, i multi-users applications, etc)
Greener Collaboration Federation to provide the middleware Reduce manual processes Encourage collaboration Increase business value and competitiveness ii (e.g. inter institutional course delivery) Increase research activities (easier to share/ access data) Improve internal organisation processes (secure access to organisation s resources, e.g. Room booking application)
Joining the Federation Join MAMS Federation as IdP and/or SP: http://federation.org.au AAF goes live in 2009, full transitional support provided Technical readiness for requirements http://federation.org.au/requirementsfinaldraft.pdf Shibboleth Federation Rollout workshop in Sydney, Shibboleth Federation Rollout workshop in Sydney, 16-17 Feb 2009 (free): http://federation.org.au/rollout