Title: Federations and MAMS James Dalziel Professor of Learning Technology, MAMS CI and Director, Macquarie E-Learning Centre Of Excellence (MELCOE) Macquarie University james@melcoe.mq.edu.au www.melcoe.mq.edu.au Presentation for NCRIS Platforms for
1Federations and MAMS James DalzielProfessor
of Learning Technology, MAMS CI and Director,
Macquarie E-Learning Centre Of Excellence
(MELCOE)Macquarie University james_at_melcoe.mq.edu
.auwww.melcoe.mq.edu.auPresentation for NCRIS
Platforms for Collaboration AAA Workshop,
Sydney,15th September, 2006
2Overview
- Background to MAMS
- MAMS Testbed Federation
- Aligning Shibboleth and PKI
- Towards a unified Australian Trust Federation for
Higher Education Research - Virtual Organisation toolkit for Federation
- Investment landscape
3MAMS
- MAMS (Meta Access Management System) funded by
DEST under SII (BAA) to develop identity access
solutions for HE - Main focus on federated approaches, and
institutional repositories - Led by Macquarie University (MELCOE)
- Major project activities from 2004-2007
- 2004 Requirements gathering, project start-up,
initial development - 2005 Core development, preparation for
federation testbed - 2006 Ongoing development, federation testbed,
mini-grants, PKI collaboration, repository
integration, workshops - 2007 Ongoing development, transition to
production federation, PKI collaboration,
collaboration suite (IAM Suite), workshops - Close liaison with related international groups
- Internet 2 (US), JISC (UK), MoE (NZ), SURF (NL),
etc
4MAMS Testbed Federation
- Builds on institutional Identity Management for
cross-organisational collaboration and sharing - Institutions trusting other institutions to
assert information on behalf of their members - December 2005 launch of 1st Australian Trust
Federation - www.federation.org.au
- Easy-install CD
- Attribute mapping attribute release control
- 3 levels (1) Test, (2) Technically sound, (3)
(Legally sound) - Currently over 700,000 identities
- Examples of federated services
- DSpace, Fedora, Zope/Plone, Wikis, Virtual
Librarian
5(No Transcript)
6MAMS Mini-Grant Program(40k per project)
- Round 1 (Feb 2006)
- AARNet
- IdP, ENUM SP
- QUT
- ATN IdP, eGrad School SP
- QU
- IdP, Fez (Fedora GUI) SP
- USYD
- IdP, Sensor data SP
- Griffith
- IdP, Wiki SP
- Round 2 (Jul 2006)
- Monash
- IdP, IAM suite SP
- Melbourne
- IdP, IAM suite (LIGO)
- JCU
- IdP, SRB Plone
- Deakin
- IdP, e-Lectures
- WAGUL
- 5 IdP, reciprocal borrowing
- Murdoch
- IdP, Online Librarian
7Aligning Shibboleth and PKI
- Shibboleth is typically used for large numbers of
users for low to medium security contexts - 100,000s of staff/students accessing e-journals,
workspaces - PKI is typically used for small numbers of users
for high security contexts - 100s of researchers accessing high performance
computing - However, both are about trusted access to secure
resources shared among different organisations - Significant recent progress of Shib/Grid projects
8Aligning Shibboleth and PKI
- Alignment of Shibboleth and PKI is key for
unified AAA (Authentication, Authorisation and
Accounting/Audit) - National AAA Roadmap being developed by
- MAMS
- E-Security Framework
- Middleware Action Plan and Strategy
- CAUDIT/AusCERT
- APAC
- Co-ordinating with NCRIS 5.16
- Basis for the Australian Higher Education and
Research Trust Federation (AHERTF)
9Towards an Australian Federation
- Where are we now?
- Fully functioning testbed with 700,000 identities
ready to use - Eight universities in Level 2, ready for real
trusted sharing - Range of services now available Repositories
(Fedora, DSpace, Plone), Team collaboration
wikis, Virtual Librarian real-time messaging
service, Gridsphere portal - Journal providers ready to work with Level 2
federation - Mini-grants and workshops have help build
understanding and technical capacity across
higher education sector - Widespread support for Federation among IT,
Library,E-Learning and E-Research directors - No legal agreements or sustainability plans
10Towards an Australian Federation
- What to do next National
- Continue the development needed for real world
implementation - Develop legal, policy and governance plan for
Federation - Provide further support for adoption and capacity
building - Examine business models for long-term
sustainability - Support National AAA Roadmap for Shibboleth/PKI
alignment - What to do next Institutional
- Create authoritative directory of institutional
identities - Designate IT and Library lead for Federation
initiatives - Shibbolise the identity directory, consider
possible services - Assistance from MAMS workshops and documentation
11Towards an Australian Federation
- Where are heading 2007
- Finalise legal, policy and governance for
Federation - Target of 20 Australian universities in
Federation - Shibboleth/PKI alignment ready for implementation
- Continue the development needed for real world
implementation - 2008-2010
- Implement Federation for relevant NCRIS projects
- Implement Federation for RQF repository access
- Growing range of Services (data, workspaces) in
Federation - Unified technical and policy infrastructure for
trust (Shib/PKI) - Implement secure collaborative workspaces for
researchers
12Virtual Organisation Toolkit
Federation Services
WAYF
ltltSPgtgt CA?
ltltSPgtgt MyProxy server
Federation Level
IdP1_at_UQ
IdP2_at_UTS
IdPn_at_MQ
ltltSPgtgt IR
Institutions Level
ltltSPgtgt CMS
ltltSPgtgt VO Portal
MyProxy Client
SP Forum
GTK Grid
Virtual Org. Level(intra-institution, eResearch
project)
VO IdP
SP Wiki
GTK HPC
SP CMS
GTK Store
13VO Toolkit(IAM Suite)
Federation
Login via IdP
Search
Receive assertions
Federation SP
VO-WAYF
AFS adaptor
GridSphere
VO-IdP
Fedora (internal or external, e.g. IR)
GroupModule
ShARPE
AuthN IM
Autograph
FedoraWeb
Receive assertions
MyProxy
Receiveproxy cert.
Presence
VO-SP
VO-SP
GTK
GTK
PeoplePicker
Forum
Wiki
Storage
Cluster
Calendar
AuthZ Mgnr
VO-SP
VO-SP
GTK
GTK
LMS
Etc.
Specific tools
Equipm.
14Investment landscape
Existing
NCRIS?
Early adoption
Mainstream adoption
RD
Demonstrators
Maintenance
Institutions?
Basic Shib Federation
Shib-enabled Repositories
Shib-enabled Datasets
Shib-enabled Grid services
Shib VO services
Shib-enabled Secure collab
XACML-based authorisation
15Investment landscape
Existing
NCRIS?
Early adoption
Mainstream adoption
RD
Demonstrators
Maintenance
Institutions?
Federation Policy
Shib/PKI alignment
Hosted IdP SP services
Accounting Finance in Shib
SP assistance service
Implement Shib Audit
Federation Peering (Int)
16Credits to the MAMS Team
- Carmen Boscolo
- Damien Chen
- Johnny Li
- Dr. Alan Lin
- Michael Lin
- Bruc Liong
- Chi Nguyen
- Peter Schendzielorz
- Dr. Yoichi Takayama
- Moritz Theile
- Markus Tröscher
- Dr. Erik Vullings
- Neil Witheridge