Identity & Access Management Working Group
The APAN Middleware Working Group was established on the 27th January 2006 for a period of 2 years. The Working Group Chair is Professor Yasuo Okabe (Kyoto University), the secretary is Nate Klingenstein (Internet2). It was later renamed as Identity and Access Management Working Group.
This group provides APAN members with the opportunity to discuss and participate in the latest middleware developments on topics such as :
- Identity Access Management (same and single sign on authentication and authorization infrastructures)
- Federation frameworks (for scalable anywhere secure easy access to online resources)
- Middleware solutions (Shibboleth, A-Select, Edugain, eduroam etc.)
- Application integration to middleware (frameworks for common reusable components and tools to deliver specific middleware services)
- Middleware policy
This working group is concerned about generating awareness and understanding about middleware and in time hopes to develop collaborative activities with APAN members once middleware activities start to mature. This group has also worked in conjunction with the Grid Committee to cover topics on (1) Middleware (2) Middleware for Higher Education (Identity Access Management) and (3) Grid Middleware (Grid application access and work flow).
The objectives of the APAN Identity and Access Management Working group are as follows :
- Share best practice of middleware solutions and document use case scenarios to better understand middleware scope and use within the APAN region through the IAM working group mailing list.
- Assist APAN members with middleware issues.
- Develop a picture of middleware deployments in the APAN region and assess the feasibility and timeliness of a regional federation test bed for middleware.
The current status of the working group milestones are as follows :
|1.||Add members to the APAN IAM mailing list||Completed|
|2.||Collect information on middleware developments from each APAN member and place on the APAN IAM working group webpage||Completed|
|3.||Develop a workshop for Identity Access Management in GRID environments for the next APAN meeting||Completed|
|4.||Identify and assess current middleware solutions||Ongoing|
|5.||Identify and assess the “federation” model and make recommendations||Ongoing|
|6.||Work in partnership with the APAN Grid Committee to deliver workshops on Grid Middleware||Ongoing|
Identity Management Primer 3: Middleware Activities in Australia
AARNet with support from NMI-EDIT (Internet2 and EDUCAUSE) and the Asia Pacific Advanced Network (APAN) Identity and Access Management Working Group will hold an Ozeconference/information primer for the APAN community on identity management in Australia.
This Ozeconference was recorded and is available online :
- Embedded HTML (344 Mb)
- Viviani Paz Presentation (PDF) (738 Kb)
- Neil Witheridge Presentation (PPT) (296 Kb)
Australian Access Federation: Grass Roots and Beyond
Sharing data, systems and research infrastructure, in a secure way, between different Australian Research Organisations, such as universities and research agencies presents a difficult problem, both technically and from a policy perspective. There is a lack of technical methods and little or no policy framework to support sharing between organisations, even once technical challenges are overcome. In order to facilitate the trusted electronic communications and collaboration within and between institutions of higher education and research in Australia, and between these institutions and other organizations worldwide the development of a trust federation in which its members agree to abide by a common set of rules, policies and agreements is necessary.
The Australian Government Department of Education, Science and Training in order to address this requirement is funding a project called the Australian Access Federation (AAF), which will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The AAF will support a range of services, including authentication and authorization, and builds substantially on the work undertaken by two existing DEST funded projects. These are the e-Security Framework project, based at the University of Queensland, and the MAMS (Meta Access Management System project), based at Macquarie University. This presentation will provide the background history of the Australian Access Federation (AAF), the progress of the current testbed federation and will discuss the approach to be taken in establishing the AAF.
About the Speakers
Viviani Paz is the Security Assurance Manager for AusCERT (The Australian National Computer Emergency Response Team) based at The University of Queensland. Prior to joining AusCERT in 1995, Viviani worked in a range of IT areas including: system and network security; system programming and administration; and software testing and verification in the Commercial and Academic sectors for over a decade. Viviani is the Policy Designer and Project Manager for the eSecurity Framework Project, in which a PKI environment is being developed to assist Australian Universities' collaboration and interoperation. She is also the Project Manager for the Australian Access Federation Project (AAF). The AAF project will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The Australian Computer Emergency Response Team (AusCERT) provides a single, trusted point of contact in Australia for the Internet community to deal with computer security incidents and their prevention. AusCERT's mission is to support and improve community awareness, representation and communication regarding computer security, both locally and internationally, by being the leading source of impartial and reliable computer security information and expertise for its members. AusCERT is a full member of the international Forum of Incident Response and Security Teams, FIRST and Asia Pacific Computer Emergency Response Team (APCERT).
Neil Witheridge holds a Masters of Engineering Science degree from University of Sydney, Australia, and has 20+ years experience working in software engineering for government and commercial R&D organisations. Neil joined Macquarie University in 2004 as Project Manager for the MAMS Project, a national identity and access infrastructure project for the Australian higher education sector. Neil is currently the Program Manager for the MAMS Project.
Identity Management Primer 2: US Case Studies
The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the second talk took place on June 22, 2007. The talk covered aspects related to the deployment and integration of middleware in University campus environments taking into account business processes and policy.
Case Studies in Identity Management 2: The University of Texas System
The University of Texas System began building their federation in 2004 with the establishment of a statement of direction to '...pursue a common inter-institutional identity management trust fabric throughout the UT System.' A substantial project was then begun to develop and/or re-engineer the identity management infrastructures of many of the campus members to support this emerging federation. Paul Caskey, Technology Architect at the University of Texas System, traveled around the state, educating institutions about identity management, providing technical and process support, and helping install the Shibboleth federating software. Paul will provide a view into Texas' experience in building a federation from the policy, politics, and architecture points of view. He'll also discuss the roadblocks they've encountered and how they were addressed.
About the speaker: Paul Caskey is a Technology Architect in The University of Texas System Administration's Office of System-Wide Information Services and is the lead technologist for the U.T. System's Identity Management Initiative. He has primary responsibility for the development and operation of the U.T. System Identity Management Federation. Paul is active in a variety of identity management areas, including registries, directories, provisioning, credentialing, federation, PKI, and application integration. Paul has a Master of Science degree in Management Information Systems from Texas A & M University. About the speaker: Jon Giltner Director of IT Architecture and Security will discuss the timeline and evolution of their architecture, business processes, and policies and provide insight into the business drivers that led this development.
The presentation is available as a web stream at http://mirror.aarnet.edu.au/pub/aarnet/ozeconf/IdM2_Ozeconf_22Jun07.htm
Identity Management Primer 1: Introduction
The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the first talk took place on May 30, 2007. The talk covered :
- What is Identity Mgt & what does it do?
- What are the business drivers?
- What are the components?
- What does the architecture look like?
The speaker was Mr. Michael Berman, Senior Vice President and Chief Technology Officer of the Art Center College of Design. Mr. Berman has spoken at EDUCAUSE events in the management/introductory context a number of times and is well versed on identity Management.
The presentation is available as a web stream at http://mirror.aarnet.edu.au/pub/aarnet/ozeconf/OzeConference_IdM_30May07...
2017 Dec 22