270 likes | 291 Views
Australian Access Federation. Robert Hazeltine Identity and Access Management Enterprise Systems Office. Extending our reach. UWS staff and students now belong to two networks - since 6 October 2009 UWS network Web sites and applications, and enterprise applications AAF network
E N D
Australian Access Federation • Robert Hazeltine • Identity and Access Management • Enterprise Systems Office
Extending our reach • UWS staff and students now belong to two networks - since 6 October 2009 • UWS network • Web sites and applications, and enterprise applications • AAF network • participating universities and research institutions and other national federations
Services • data collections and data grids • scientific instruments, modelling and visualisation tools and computing resources • collaboration environments and workspaces for virtual teams • scholarly resources and publications • e-learning resources and learning object collections • national higher education and research administration schemes
How does it work ... • Single sign on • local credentials • Role based access control • Uses attributes and record keeping curtailed • Pubic Key Infrastructure • Electronic passport
Identity Provider • the software run by an organisation with users wishing to access a restricted service • Service Provider • the software run by the provider managing the restricted service • Federation • Where are you from = “WAYF” • Public key infrastructure • Privacy a key consideration
Shibboleth • Federated Single Sign On software • The Shibboleth system is a standards based, open source software package for web single sign-on across or within organisational boundaries. It allows sites to make informed authorisation decisions for individual access of protected online resources in a privacy-preserving manner • Shibboleth leverages the organisation’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on and off campus
AAF site about the AAF • http://www.aaf.edu.au/ • UWS site about the AAF • http://www.uws.edu.au/campuses_structure/cas/services_facilities/it/single_sign-on • US Shibboleth site • http://shibboleth.internet2.edu/about.html • Swiss equivalent of the AAF • http://www.switch.ch/aai/demo/easy.html
Your role in this • Maybe no direct involvement yourself • Finding uses for it • Identifying your users as a group • Telling your ITS contact your needs • Giving us a little time to organise it • Becoming an advocate
AAF core attributes • authenticationMethod • o (organisation) • eduPersonAffiliation • eduPersonScopedAffiliation • eduPersonEntitlement • eduPersonAssurance • eduPersonTargettedID • auEduPersonSharedToken • displayName • cn (common name) • mail
Identity Provider (Origin) • Log on to a web site or application • Shibboleth • Use the AAF “WAYF” for federation sites • Use the AAF “WAYF” for local only sites • Use the technology for local sites only • No password is exchanged with SP • Attributes are encrypted • Anonymous, pseudo-anonymous, identifier • Uses your UWS password
Service Providers (Target) • Australian Access Federation itself • AAF member as service provider • Confluence • Library services • On line learning • No portal required
Enterprise Directory • Repository of attributes for various uses: • Australian Access Federation • White and green pages • Online voting • Authentication and authorization • Course Approval and Publication System • VoIP (new phone system) • Faster on boarding