1 / 22

AARNet Middleware Activities in Network Engineering: Enhancing Middleware Framework & Services

Learn about AARNet's middleware developments for secure, scalable access management. Explore findings, goals, and projects in national and global initiatives.

wilfredor
Download Presentation

AARNet Middleware Activities in Network Engineering: Enhancing Middleware Framework & Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AARNet Middleware Activities 2005 APAN 2005 James.Sankar@aarnet.edu.au Network Engineer – Middleware AARNet

  2. About this talk Background • AARNet • Why Middleware? • Overview of AARNet current middleware activities • IAM survey background Results • Key Findings • Barriers • Opportunities

  3. AARNet – Core Activity Roll out of the AARNet 3 Dark Fibre “Dense Wave-Division Multiplexing” (DWDM) providing: • 32 wavelengths of 10Gbps capacity initially • Supports growth to 64 or more wavelengths of 40Gbps over life of the network

  4. AARNET goals • To complete the AARNet 3 roll out and develop outreach programmes to extend access to rural areas. • To participate in national and regional activities • Engage with the community – e.g. Astronomers, Physicists etc • Engage with research and education stakeholders to develop a national middleware framework • To develop applications and services for AARNet customers • To develop international links and actively participate in international projects.

  5. Why Middleware? On the Internet – nobody knows who you are! More content and access to scarce physical systems requires user authentication and authorisation in a secure, scalable way

  6. Why Middleware? Identity and Access Management should support user requests to resources regardless of location, to do so requires integration, loosely coupled federations and clever, intuitive systems that are and able to support general requests or ask for authentication when required.

  7. AARNet middleware In-house developments • Develop a middleware architecture framework for development activities. • Roll out eduroam to AARNet offices and staff. • Gain practical experience of Shibboleth by • Creating an AARNet Identity Provider system for AARNet staff and join MAMS federation. • Assessing the feasibility of shibbolising AARNet applications and services. • Further development AARNet’s middleware website to generate awareness;

  8. AARNet middleware Joint activities • Involvement in national middleware initiatives involving education and research communities. • CAUDIT Identity and Access Management survey 2005. • Participation and assistance in eduroam Australia roll out, development and policy. • Participation in • global eduroam development and policy. • CAUDIT PKI Technical Working Group in developing a national PKI. • Global middleware policy.

  9. What is a CAMPUS Identity & Access Management System? “…Identity and access management isn’t really a system that you go out and buy. It must become a pervasive, federated infrastructure that integrates companies internally while simultaneously allow them to interoperate with other companies. It must support both centralized and decentralized scenarios. It must accommodate integration where practical, and more loosely coupled federation models where necessary.” Burton Group (July 2002)

  10. What is a CAMPUS Identity & Access Management System? “…an integrated system of business processes, policies and technologies that enable organizations to facilitate and control their users' access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems.” Wikipedia 2005

  11. The Survey – why now? The Survey instrument was designed to assess progress of Identity and Access Management systems to act on • Any barriers to integration (same/single sign on) that need to be removed (resourcing, technical, political, etc.) • Any opportunities to • Promote campus infrastructure integration best practice • Assess the need for a federated authn infrastructure • Identify authz components for services / resources.

  12. Survey Results Authentication • Username/Passwords & IP based authentication. Authorisation • Ezproxy, proxy caches in use. Differences exist in support to access local and remote resources. Directory services • LDAP preferred service System integration • in house developments (PERL, Visual Basic, JAVA, C++, SQL to process data from student, HR and other databases).

  13. Resources / Application support

  14. Survey Results - continued Current focus – Campus infrastructure integration • Unify Authentication, Authorisation, Access; • Automate the transfer of data to feed into Directories, meta data, and so forth. • Develop simplified user interfaces (e.g. Same/Single Sign on portals). • Visitor guest network access (http, https, VPN) via • Creating temporary accounts. • eduroam (802.1X/EAP-TTLS & RADIUS backend).

  15. Identity and Access Management Today

  16. Survey Results - continued Public Key Infrastructures Use • Limited use of digital certificates (due to No national PKI) • 30% claim their Directory Services support PKI Next Project developments • Web portal & Account self service = 14/25 • Same Sign On = 4/25 & Single Sign On = 13/25 • CAUDIT /Staff/Student/Web/Service certs = 7/25

  17. Survey Results – Barriers identified • Limited resources / funds available. • Limited key stakeholders involvement to create integration and federation infrastructures. • High risks/impact to develop critical IAM systems. • Lack of coordinated middleware effort in IAM space • Minimal dissemination of standards, policies and technical guidelines. • Limited Training (eduperson, same/single sign on).

  18. Survey Results – Recommendations 1 (1) Develop IAM content on • Gather and exchange recommended Authentication and Authorisation methods/products, guidelines for use, transmission, storage of credentials and IAM best practice • Identify / develop ways to can leverage from same/single sign on environments. • Track CAUDIT PKI developments and make use of PKI to develop secure access. (2) Engage with service providers • Identify requirements to enable users to gain access to remote resources and agree on standards/rules to operate via a federation.

  19. Survey Results – Recommendations 2 (3) Develop a middleware framework • An inclusive process for stakeholders (identity providers and service providers) to align to in a cost effective, low risk, secure, user-friendly way within Australia. • Identify Australian strengths to contribute in partnership with the global middleware effort. • Identify international middleware activities that Australia can make learn and develop from.

  20. Useful links • AARNet Middleware web pages - http://www.aarnet.edu.au/engineering/middleware/ • Identity & Access Management Survey 2005 – http://www.aarnet.edu.au/engineering/middleware/id_access_mgt_survey.html • Eduroam - www.eduroam.org • Eduroam Australia – www.eduroam.edu.au • Shibboleth – http://shibboleth.internet2.edu/ • MAMS - http://www.melcoe.mq.edu.au/projects/MAMS/

  21. Thank You

More Related