The AAF project comprises of 3 parts described below.

1. The development of overarching governance and policies for the Trust Federation

This part of the project will build upon the extensive work undertaken by the existing eSecurity Framework and MAMS projects to develop an Australian Higher Education and Trust Federation, which will encompass the two principal technologies in use today, Shibboleth and PKI, but the development of the specific policies and technical standards for these two technologies will be undertaken in parts 2 and 3. Part 1 will focus on the overarching governance, policies and procedures that will be needed to form the federation independent of specific technologies.

The project outcomes for part 1 include:

• Review and consolidation of existing policy and governance recommendations from prior work (especially MAMS and e-Security).
• Development of policy and governance for Trust Federation management entity
• Legal review of Trust Federation requirements
• Review of type of entity for management of the Trust Federation
• Review of business model requirements for ongoing support (staffing requirements and costs for users of the Trust Federation)
• Developed training and compliance audit for the federation
• Wide consultation on the policy, governance and organisation of the Trust Federation
• Establishment of the Trust Federation

2. The development of specific policies, technical implementation and rollout of PKI

This part of the project will develop and implement the processes, procedures, policies and technical specifications which are needed for a production Public Key Infrastructure (PKI) for the Australian Higher Education and Research Sector and will align them to the greatest extent possible with international equivalents and international best practice. A production PKI, including relevant secure infrastructure, will then be implemented and a Web Trust audit of the infrastructure, together with the processes, procedures, policies and technical specifications will be undertaken. It should be noted that although a web trust audit must be undertaken each year, the initial audit is very significantly more onerous than subsequent ones. he

The project outcomes for part 2 include:

• Development and implementation of the processes, procedures, policies and technical specifications which are needed for a production Public Key Infrastructure (PKI) for the Australian Higher Education and Research Federation
• The Implementation of a secure infrastructure to support a production PKI for the sector, using appropriate international standards
• The successful conclusion of a web trust audit of the infrastructure and the procedures, policies and technical specifications of the PKI
• The integration of a “root” certificate into a number of web browsers
• Bridging with a number of overseas CAs
• The development of training courses for implementing PKI in universities and research institutions
• Development of a Virtual CA infrastructure for institutions unable or unwilling to implement their own CA
• Development of a CA for the grid community
• Support for adoption of PKI among Australian universities

3. The development of specific policies, technical implementation and rollout of Shibboleth

The MAMS project has developed a Shibboleth Testbed Trust Federation, which is already used for production services by 9 universities, and 8 other universities are expected to join within the next six months. However, in order to implement the Shibboleth Trust Federation as a fully-fledged production service, there is significant implementation work to be completed. This can be divided into three areas: Identity Providers (enabling members of universities and related research organisations to access shared resources within the federation); Service Providers (enabling research data and systems to be securely shared into the federation); and International Shibboleth Federation Peering (ensuring that Australian researchers are able to seamlessly access international resources and collaborate with international colleagues).

The project outcomes for part 3 include:

• Development of technical polices for Shibboleth Trust Federation
• Technical development/implementation/testing of technology required for joining the Shibboleth Trust Federation as an Identity Provider
• Technical development/implementation/testing of technology required for joining the Shibboleth Trust Federation as a Service Provider
• Support for adoption of Shibboleth among Australian universities (including continuation of MAMS mini-grant program – 8 grants for this project)
• Technical development/implementation/testing of technology to support collaboration services within the Shibboleth Trust Federation (e.g eResearch Toolkit, Open Standards Repositories, and Collaborative Workflow Software)
• Bridging with a number of overseas federations, e.g. in the US, UK, and other EU countries who are Shibboleth compatible
• The development of training courses for implementing Shibboleth in universities and research institutions
• Development of a Virtual Identity Provider infrastructure for institutions unable to implement their own IdP, with appropriate vetting by federation members
• Maintaining and further developing a conversion service, which converts Shibboleth assertions to PKI certificates, in order to provide seamless Single Sign-On access for the grid community
• Support for adoption of Shibboleth among Australian universities
• Evolving of Federation infrastructure to accommodate new technological developments