Australian Access Federation » Strategic Initiatives

Strategic Initiatives

The Department of Industry, Innovation, Science, Research and Tertiary Education (DIISRTE) has announced that CAUDIT is to receive project funding to enhance the AAF’s utility and hence drive broader research sector participation in the Federation. The following activities to be undertaken have been identified as part of the project plan:

AAF Virtual Home (AAF VH)

CAUDIT will expand the AAF infrastructure by developing an AAF hosted Virtual Home (AAF VH) solution. The solution will enable small organisations, including collaborative research facilities, to manage user identities for international, government and industry based researchers. The AAF VH will comply with existing AAF interface and policy requirements.

Background
There exists a community of researchers that are unable to take advantage of the services provided by the AAF because they are not a member of, or associated with, an organisation that is a subscriber to the AAF. They are thus unable to obtain an identity and credentials that would enable their use of the federation services and resources. These researchers can be from small research organisations, work with government departments or commercial organisations or may be citizen researchers.

The current AAF Virtual Home Organisation (VHO) software, taken from the Federation of Switzerland, is now legacy software. The VHO software does not support higher levels of assurance, provides little work flow for creating and managing end users, has no end user self-management features as well as supports a limited number of end users, making it inadequate for small research organisations wanting to use it as their identity provider. This means that researchers without a relationship with an IdP are unable to connect to the Federation.

The new AAF VH would solve this problem by allowing small research groups that are unable to, or would rather not, deploy an IdP to subscribe to the AAF and use the AAF VH as their identity provider. The AAF would offer this as an enhanced service to the sector.

Key Benefits

Increased functionality over that provided by the existing Virtual Home Organisation (VHO);
Removal of technical and financial barriers to on‐board research groups into the federation (eg. Bioplatforms Australia, Platforms for Collaboration);
Improved speed at which researchers will be able to gain access to federated services (removing technical barriers faced by smaller research groups and organisations wanting to gain access to federated services); and
Extended coverage of the AAF beyond the current subscriber base. The infrastructure will increase access to the following subscriber groups:
- Small cohorts of researchers that do not belong to organisations subscribed to the AAF (e.g. research bodies);
- Commercial researchers (that usually partner with AAF subscribers);
- Citizen researchers that are associated with an AAF subscribed organisation; and
- International researchers associated with an AAF subscribed organisation.

AAF Level of Identity Assurance Registry (LoIAR)

CAUDIT will undertake a review of a small number of eResearch service providers to
understand their requirements for higher levels of assurance. This will be followed by the
agile software development of an AAF LoA Identity Assurance Register (LoIAR) to enable the assertion of end users with recognised higher levels of Identity Assurance (as per the AAF Assurance Framework see: http://www.aaf.edu.au/technical/levels‐of‐assurance). This will allow service providers to define the trust levels they require independently of the different IdP implementation states of AAF’s subscribers.

Background
Existing identity providers are at varying levels of maturity with regards to their technology deployments and their own internal processes and procedures for identity assurance. Some IdPs will require a significant effort to move to a higher level of identity assurance. This will restrict access for researchers wishing to use services that require higher levels of assurance.

There also exists a community of service providers who are reluctant to join the AAF until
subscribers can provide a higher level of assurance.

Key Benefits
As part of the AAF infrastructure, the LoIAR will provide a web user interface that will allow researchers to register and request a higher level of identity assurance. Workflows built into the LoIAR will allow registration authorities (RA) to approve such requests based on personally identifiable information submitted by each researcher.

Services can then retrieve researcher’s approved Level of Identity Assurance from the LoIAR service using standard AAF interfaces to aid in access control decision‐making.

This approach will allow Identity Providers to concentrate their efforts on improving their
internal processes and technologies to provide a higher level of access (authentication)
assurance without restricting access to high cost or confidentiality restrained service
providers.

Identity Provider (IdP) improvement program

CAUDIT will undertake an Identity Provider (IdP) improvement program that will assist
confidentiality restrained or high cost service providers to have a higher level of trust in the information that is asserted.

In particular the program will identify a target sub group of AAF subscribers that require
assistance with maturing their identity provider to access confidentiality restrained or high cost service providers. CAUDIT will work with this targeted sub group of Identity Providers via workshops and develop a reusable package of content that will:

1. Provide advice on issuing higher‐levels of assurance 2 (LoA2) by using the LoIAR
developed above;
2. Provide advice on the role of the Registration Authority in identity proofing end
users in the LoIAR; and
3. Assist institutions to improve the quality and reliability of their IdP
configurations.

Background
A number of AAF service providers have reported that the varied maturity of identity
provider configurations is causing difficulties in easily providing their service to the
Federation.

Key Benefits

An increase in the number of confidentiality restrained or high cost service providers willing to add their services to the federation;
A reusable package of material which will assist with improved understanding of
compliance, federation management technologies, attribute release,
architecting an IdP for high‐availability, LoA2 and using the LoIAR; and
Improved quality of identity providers registered in the AAF.

Institutional service‐desk engagement program

CAUDIT will develop a reusable framework that will assist institutional service desks to
better support national eResearch services. The AAF will be used as the use case to develop the framework and the project funding will support the AAF use case only.

Background
Each institution’s service desk takes a different approach to supporting national eResearch services. Their staff have varied knowledge and experience in supporting these services, resulting in end users of AAF registered eResearch services experiencing difficulty and confusion when seeking support to engage with national eResearch services.

This activity will be led by CAUDIT using the AAF to develop a reusable framework that will leverage existing service desks within universities to provide improve coordination,
knowledge sharing and enhanced user experience across the sector.

Key Benefits

Better experience for the end users of national eResearch services through:

- Reduced end user confusion;
- Improved support from the subscribing institution and the AAF; and

A proven reusable framework on which to build user support for national
eResearch services.

Strategic Initiatives

AAF Virtual Home (AAF VH)

AAF Level of Identity Assurance Registry (LoIAR)

Identity Provider (IdP) improvement program

Institutional service‐desk engagement program

Sections

AAF Wiki

Information

Communication

Support

Knowledge Base

Keep In Touch

A.B.N.: 13 155 355 685