Identity & Access Management Working Group

Chair : Terry Smith [ t.smith AT aaf.edu.au ]

Co-Chair : Toby Chan [ toby.chan AT polyu.edu.hk ]

Co-Chair : William Wan [ wanl AT cernet.com ]

Mailing List:

iam AT apan.net

IAM Home
Work Plan
IDM Tutorials
Past Talks

The APAN Middleware Working Group was established on the 27th January 2006 for a period of 2 years. The Working Group Chair is Professor Yasuo Okabe (Kyoto University), the secretary is Nate Klingenstein (Internet2). It was later renamed as Identity and Access Management Working Group.

This group provides APAN members with the opportunity to discuss and participate in the latest middleware developments on topics such as :

Identity Access Management (same and single sign on authentication and authorization infrastructures)
Federation frameworks (for scalable anywhere secure easy access to online resources)
Middleware solutions (Shibboleth, A-Select, Edugain, eduroam etc.)
Application integration to middleware (frameworks for common reusable components and tools to deliver specific middleware services)
Middleware policy

This working group is concerned about generating awareness and understanding about middleware and in time hopes to develop collaborative activities with APAN members once middleware activities start to mature. This group has also worked in conjunction with the Grid Committee to cover topics on (1) Middleware (2) Middleware for Higher Education (Identity Access Management) and (3) Grid Middleware (Grid application access and work flow).

The objectives of the APAN Identity and Access Management Working group are as follows :

Share best practice of middleware solutions and document use case scenarios to better understand middleware scope and use within the APAN region through the IAM working group mailing list.
Assist APAN members with middleware issues.
Develop a picture of middleware deployments in the APAN region and assess the feasibility and timeliness of a regional federation test bed for middleware.

The current status of the working group milestones are as follows :

No.	Milestones/Actions	Deadline
1.	Add members to the APAN IAM mailing list	Completed
2.	Collect information on middleware developments from each APAN member and place on the APAN IAM working group webpage	Completed
3.	Develop a workshop for Identity Access Management in GRID environments for the next APAN meeting	Completed
4.	Identify and assess current middleware solutions	Ongoing
5.	Identify and assess the “federation” model and make recommendations	Ongoing
6.	Work in partnership with the APAN Grid Committee to deliver workshops on Grid Middleware	Ongoing

Identity Management Primer 3: Middleware Activities in Australia

AARNet with support from NMI-EDIT (Internet2 and EDUCAUSE) and the Asia Pacific Advanced Network (APAN) Identity and Access Management Working Group will hold an Ozeconference/information primer for the APAN community on identity management in Australia.

This Ozeconference was recorded and is available online :

Embedded HTML (344 Mb)
Viviani Paz Presentation (PDF) (738 Kb)
Neil Witheridge Presentation (PPT) (296 Kb)

Australian Access Federation: Grass Roots and Beyond

Sharing data, systems and research infrastructure, in a secure way, between different Australian Research Organisations, such as universities and research agencies presents a difficult problem, both technically and from a policy perspective. There is a lack of technical methods and little or no policy framework to support sharing between organisations, even once technical challenges are overcome. In order to facilitate the trusted electronic communications and collaboration within and between institutions of higher education and research in Australia, and between these institutions and other organizations worldwide the development of a trust federation in which its members agree to abide by a common set of rules, policies and agreements is necessary.

The Australian Government Department of Education, Science and Training in order to address this requirement is funding a project called the Australian Access Federation (AAF), which will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The AAF will support a range of services, including authentication and authorization, and builds substantially on the work undertaken by two existing DEST funded projects. These are the e-Security Framework project, based at the University of Queensland, and the MAMS (Meta Access Management System project), based at Macquarie University. This presentation will provide the background history of the Australian Access Federation (AAF), the progress of the current testbed federation and will discuss the approach to be taken in establishing the AAF.

About the Speakers

Viviani Paz is the Security Assurance Manager for AusCERT (The Australian National Computer Emergency Response Team) based at The University of Queensland. Prior to joining AusCERT in 1995, Viviani worked in a range of IT areas including: system and network security; system programming and administration; and software testing and verification in the Commercial and Academic sectors for over a decade. Viviani is the Policy Designer and Project Manager for the eSecurity Framework Project, in which a PKI environment is being developed to assist Australian Universities' collaboration and interoperation. She is also the Project Manager for the Australian Access Federation Project (AAF). The AAF project will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The Australian Computer Emergency Response Team (AusCERT) provides a single, trusted point of contact in Australia for the Internet community to deal with computer security incidents and their prevention. AusCERT's mission is to support and improve community awareness, representation and communication regarding computer security, both locally and internationally, by being the leading source of impartial and reliable computer security information and expertise for its members. AusCERT is a full member of the international Forum of Incident Response and Security Teams, FIRST and Asia Pacific Computer Emergency Response Team (APCERT).

Neil Witheridge holds a Masters of Engineering Science degree from University of Sydney, Australia, and has 20+ years experience working in software engineering for government and commercial R&D organisations. Neil joined Macquarie University in 2004 as Project Manager for the MAMS Project, a national identity and access infrastructure project for the Australian higher education sector. Neil is currently the Program Manager for the MAMS Project.

IDM Tutorials

Identity Management Primer 2: US Case Studies

The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the second talk took place on June 22, 2007. The talk covered aspects related to the deployment and integration of middleware in University campus environments taking into account business processes and policy.

Case Studies in Identity Management 2: The University of Texas System

The University of Texas System began building their federation in 2004 with the establishment of a statement of direction to '...pursue a common inter-institutional identity management trust fabric throughout the UT System.' A substantial project was then begun to develop and/or re-engineer the identity management infrastructures of many of the campus members to support this emerging federation. Paul Caskey, Technology Architect at the University of Texas System, traveled around the state, educating institutions about identity management, providing technical and process support, and helping install the Shibboleth federating software. Paul will provide a view into Texas' experience in building a federation from the policy, politics, and architecture points of view. He'll also discuss the roadblocks they've encountered and how they were addressed.

About the speaker: Paul Caskey is a Technology Architect in The University of Texas System Administration's Office of System-Wide Information Services and is the lead technologist for the U.T. System's Identity Management Initiative. He has primary responsibility for the development and operation of the U.T. System Identity Management Federation. Paul is active in a variety of identity management areas, including registries, directories, provisioning, credentialing, federation, PKI, and application integration. Paul has a Master of Science degree in Management Information Systems from Texas A & M University. About the speaker: Jon Giltner Director of IT Architecture and Security will discuss the timeline and evolution of their architecture, business processes, and policies and provide insight into the business drivers that led this development.

The presentation is available as a web stream at http://mirror.aarnet.edu.au/pub/aarnet/ozeconf/IdM2_Ozeconf_22Jun07.htm

Identity Management Primer 1: Introduction

The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the first talk took place on May 30, 2007. The talk covered :

What is Identity Mgt & what does it do?
What are the business drivers?
What are the components?
What does the architecture look like?

The speaker was Mr. Michael Berman, Senior Vice President and Chief Technology Officer of the Art Center College of Design. Mr. Berman has spoken at EDUCAUSE events in the management/introductory context a number of times and is well versed on identity Management.

The presentation is available as a web stream at http://mirror.aarnet.edu.au/pub/aarnet/ozeconf/OzeConference_IdM_30May07...

Conference	MIDDLEWARE INFRASTRUCTURE	GRID MIDDLEWARE
APAN 25	Taking Care of Our Core Business: Managing Community Collaboration AAI Federations in Europe CARSI: Federated Identity and Resource Sharing over CERNET	Community SSL/TLS Server Certificates
APAN 24	The Australian Access Federation Update on eduroam.jp Cross-Campus WLAN Roaming Environment in Taiwan An idea of China eduroam development steps and structure design Advances in eduroam authentication and authorisation: RadSec and DAMe MIAKO Network Service in Kyoto Fast Authentication for Secure Wireless Services	Federation of Campus PKI and Grid PKI for Academic GOC (Grid Operation Center) management conformable to APGrid PMA Japanese University PKI (UPKI) Update
APAN 23	An overview of current issues in Shibboleth/Grid integration and an analysis of attribute aggregation techniques (USA) Privacy Oriented Attribute Exchange in Shibboleth (JAPAN) Eduroam Japan Update (JAPAN)	Medical Grid System in Thailand (THAILAND) Parametric modeling on Grid with NIMROD (AUS) Philippine e-science Grid initiatives (PH)
APAN 22	Federated access to Grid resources: SAML using Shibboleth (USA) European Efforts towards a global AAI infrastructure (SPAIN)	Introduction of NAREGI-CA (JAPAN) Grid Security in NAREGI project (JAPAN) Using OGRO to implement OCSP certificate validation in the Globus Toolkit 4 (SPAIN) K* Grid Middleware package KM1-R1 (KOREA)
APAN 21	Identity and access Management for Federated Resource Sharing Shibboleth Stories (USA) Federated Authentication/Authorization for Higher Education (AUS) Single Sign on and Authorization infrastructure using CAS2 (JAPAN) The CAUDIT PKI Project (AUS) Internet2 middleware initiative (past, present, future) (USA) EuroCAMP summary and introduction to Geant2 JRA5 (NETHERLANDS) Switch AAI framework (SWITZERLAND) The MAPS Project (AUS)	Recent activities on building a production grid (JAPAN) Developments in Virtual Organization Management: GridShib and other approaches (USA) NAREGI Update (JAPAN)

Last Updated:

2017 Dec 22

You are here