View
223
Download
2
Category
Preview:
Citation preview
Australian Access Federation
Robert Hazeltine
Identity and Access Management
Enterprise Systems Office
Extending our reach• UWS staff and students now belong to
two networks - since 6 October 2009• UWS network
– Web sites and applications, and enterprise applications
• AAF network– participating universities and research
institutions and other national federations
Services• data collections and data grids
• scientific instruments, modelling and visualisation tools and computing resources
• collaboration environments and workspaces for virtual teams
• scholarly resources and publications
• e-learning resources and learning object collections
• national higher education and research administration schemes
How does it work ...
• Single sign on– local credentials
• Role based access control– Uses attributes and record keeping curtailed
• Pubic Key Infrastructure– Electronic passport
• Identity Provider– the software run by an organisation with users
wishing to access a restricted service
• Service Provider– the software run by the provider managing the
restricted service
• Federation– Where are you from = “WAYF”– Public key infrastructure– Privacy a key consideration
Shibboleth• Federated Single Sign On software
– The Shibboleth system is a standards based, open source software package for web single sign-on across or within organisational boundaries. It allows sites to make informed authorisation decisions for individual access of protected online resources in a privacy-preserving manner
• Shibboleth leverages the organisation’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on and off campus
• AAF site about the AAF– http://www.aaf.edu.au/
•UWS site about the AAF– http://www.uws.edu.au/
campuses_structure/cas/services_facilities/it/single_sign-on
• US Shibboleth site– http://shibboleth.internet2.edu/about.html
• Swiss equivalent of the AAF– http://www.switch.ch/aai/demo/easy.html
Your role in this
• Maybe no direct involvement yourself• Finding uses for it• Identifying your users as a group• Telling your ITS contact your needs• Giving us a little time to organise it• Becoming an advocate
How does UWS turn the technology to its advantage?
Thank you
AAF core attributes
• authenticationMethod
• o (organisation)
• eduPersonAffiliation
• eduPersonScopedAffiliation
• eduPersonEntitlement
• eduPersonAssurance
• eduPersonTargettedID
• auEduPersonSharedToken
• displayName
• cn (common name)
Identity Provider (Origin)• Log on to a web site or application• Shibboleth
– Use the AAF “WAYF” for federation sites– Use the AAF “WAYF” for local only sites– Use the technology for local sites only
• No password is exchanged with SP– Attributes are encrypted– Anonymous, pseudo-anonymous, identifier– Uses your UWS password
Service Providers (Target)
• Australian Access Federation itself• AAF member as service provider• Confluence• Library services• On line learning• No portal required
Enterprise Directory• Repository of attributes for various uses:
– Australian Access Federation– White and green pages– Online voting– Authentication and authorization– Course Approval and Publication System– VoIP (new phone system)– Faster on boarding
Recommended