Middleware Initiatives in Australia

1
Middleware Initiatives in Australia

• Alex Reid
• Director, eResearch/Middleware, AARNet

2
Contents

• Australian Research Infrastructure
• Government Initiatives
• NREN
• Middleware
• Strategy
• MAMS
• PKI Project
• eduroam

3
National Research Infrastructure

• Backing Australias Ability An Innovation
  Action Plan for the Future 2001/2004
  http//backingaus.innovation.gov.au/
• 3 billion over 5 years from 2000-1
• 5.3 billion over 7 years from 2004-5
• Systemic Infrastructure Initiative (SII) to
  upgrade research infrastructure at Australian
  universities
• 246m over 5 years from 2000-1 to 2005-6
• 542m over 6 years from 2005-6 to 2010-11
• HEBAC (Higher Education Bandwidth Advisory
  Committee) 2002-3 http//www.dest.gov.au/highered/
  research/pdf/aren.pdf
• ARENAC (Australian Research and Education Network
  Advisory Committee) 2003 http//www.dest.gov.au/s
  ectors/research_sector/programmes_funding/programm
  e_categories/key_research_priorities/australian_re
  search_and_education_network/arenac.htm
• HEIIAC -gt ARIIC (Australian Research Information
  Infrastructure Committee) 2003
  http//www.dest.gov.au/highered/research/ariic.htm
  
• NRIT (National Research Infrastructure Task
  Force) 2003-4 http//www.dest.gov.au/sectors/resea
  rch_sector/policies_issues_reviews/reviews/previou
  s_reviews/national_research_infrastructure_taskfor
  ce_framework/default.htm
• NCRIS (National Collaborative Research
  Infrastructure Strategy) 2004-5
  http//www.dest.gov.au/sectors/research_sector/pol
  icies_issues_reviews/key_issues/ncris/default.htm
• eResearch Coordinating Committee 2005
  http//www.dest.gov.au/sectors/research_sector/pol
  icies_issues_reviews/key_issues/e_research_consult
  /default.htm/

4
Research Infrastructure Framework
5
AARNet3 Components

• APL Tender for v3 of AARNet mid-2004
• ARENAC 70m APL own reserves
• National Backbone own 2 fibre pairs across the
  country deployed since 2004 at 10Gbps
• Regional Network diverse routes, using DWDM, up
  to 320Gbps
• International Links IRU on 2x 10Gbps fibres
  across the Pacific (SCCN) PoPs in Seattle, LA
• Commodity connectivity in Australia USA
  (Seattle, Palo Alto)
• Participate in TEIN2 PoPs in Singapore
  Frankfurt

6
AARNet3 Infrastructure National
7
AARNet3 Infrastructure Comparison
8
AARNet3 Infrastructure Global
9
Place of Middleware
Users
Applications, Human Interfaces
Knowledge Management, Resource Management,
Collaboration Tools, Grid Services
Middleware Application-independent Resource-
Location-neutral
Authentication, Authorisation, Access,
Accounting PKI, Shibboleth, etc
Local, Regional, National International Network
Infrastructure
Facilities, Services, Resources Processing,
Data Storage, Instruments, Electronic Information
10
Draft Middleware Action Plan

• Following National Forum Dec-04, a Draft Plan was
  agreed
• Undertake an environmental scan.
• Establish a single PKI Certification Authority
  for RE.
• Establish a sound basis for federated security
  systems in Australia that will scale to
  international federations.
• Establish appropriate mechanisms to coordinate
  all RE Middleware initiatives in Australia.
• Agree to investigate adopting Shibboleth.
• Establish and sustain strong connections with
  relevant Australian initiatives/entities.
• Establish and strengthen overseas links.
• Promote the swift implementation of enterprise
  directory services at all Australian education
  and research institution.
• Develop strong visibility for and marketing of
  the Middleware agenda in Australia.

11
Survey of Identity Access Management

• Undertaken in May 2005
• Establish State-of-Play at Australian
  universities
• Identify best practice, barriers to rapid
  implementation, authorisation requirements
• Goal is
• pervasive, federated infrastructure that
  integrates organisations internally while
  simultaneously allowing them to interoperate with
  others Burton Group, 2002
• 49 response (low, due to complexity)
• Currently
• Usernames/passwords, Same Sign-on, EZProxy, VPNs,
  LDAP, in-house integration
• Moving to
• Single Sign-on, automated integration (data feeds
  from corporate systems), Portals, PKI
• Barriers
• Resources, high risk to critical systems, lack of
  standards/guidance training, coordinated
  middleware

12
ARIIC Projects

• 1st Round (FRODO) 22-Oct-03 (12m)
• (Federated Repositories of Digital Objects)
• MAMS (Meta Access Management System) 4.2m
• ARROW (Australian Research Repositories Online to
  the World)
• ADT (Australian Digital Theses Program Expansion)
• APSR (Australian Partnership for Sustainable
  Repositories)
• 2nd Round (MERRI) 22-Aug-05 (19m)
• (Managed Environment for Research Repository
  Infrastructure)
• MAPS
• PKI/Shibboleth (operationalise the CAUDIT PKI
  Standards Project)
• 18 Others (mostly specific collections
  development/access digitisation)

13
ARIIC MERRI Grant MAPS

• Announced by Minister 22-Aug-05
• 582,910 granted
• Lead site University of Queensland (Nick Tate)
• Supported by CAUDIT, CAUL, Monash, ANU,
  Macquarie, AARNet, GrangeNet
• From now till end 2006
• Purpose
• This project will identify the software and
  services (middleware) that are currently being
  used in Australia to link applications across a
  range of resources on networks and computer
  systems in Australian universities. The MAPS
  project will identify existing areas of activity
  in the university and research sectors, and use
  these results to tap into the expertise across
  the sector to build a strategic plan of
  activities and projects for an Australian
  collaborative middleware strategy. This is an
  important project whose outcomes will enable
  other projects to leverage off common
  infrastructure and focus on providing new
  services that can be shared across the education
  and research sectors.

14
MAPS Activities

• Goal Agreed Strategy for Middleware Deployment
  and Development (note the 2 strands)
• Project Manager
• Steering Committee, Reference Group, Kick-off
  Forum
• Wide consultation committees, forums, wikis,
  mailing lists, Website
• Environmental Scan/Stocktake (local and global)
• Analysis of findings, development of draft
  Strategy
• Expert Reports
• Round-Table
• Finalisation of Strategy
• Future Funding Proposals

15
Existing Middleware Activity

• APAC Grid (http//www.apac.edu.au/programs/GRID/in
  dex.html)
• Nimrod-G (http//www.csse.monash.edu.au/davida/ni
  mrod/)
• CAUDIT-PKI (http//www.aarnet.edu.au/engineering/m
  iddleware/archive/middle/2004/ref/CAUDIT20PKI20S
  tandards20Proposal20-20V5.doc)
• AARLIN (http//www.aarlin.edu.au/)
• DEST/JISC e-Framework
• eduroam
• Emerging developers, end users, identity
  providers, service providers
• MAMS (https//mams.melcoe.mq.edu.au/zope/mams)
• Developing hands-on technical/policy experience
  with Shibboleth within the community
• Test Shibboleth federation is being established,
  including a WAYF server
• Scouting for suitable test IdPs and SPs

16
MAMS Broad Goals

• Meta-Access Management System
• Addressing the Authentication, Authorisation,
  Identity, Single-Sign-On, Federation, Trust,
  Security, Digital Rights and Automated Access
  Policy Cluster of Problems!!
• Iterative demonstrations to help drive the
  gathering of user requirements
• Development of common services prototypes
• Intra-institutional multi-modal SSO
• Inter-institutional access management
• Attribute exchange (Shibboleth)
• Automation of policy
• Federated and extensible identity
• Other common services DRM, search, metadata
• Implementation advice and programs

17
MAMS Next Steps

• Shibbolise Fedora, Dspace repository systems
• Add Shib to test environments at NLA, APSR,
• Organise install-fests (SSO workshop) roadshows
• Offer support (CMS, forum, mailing-list, FAQs)
• Start an Australian Federation
• 3 levels Test-Fed (sand pit) OZFed (identity
  verification) Legal (technically OZFed, but
  formal agreement like InCommon)
• Integrate cross-domain SSO with institutional SSO
• Integrate with desktop SSO (Kerberos)
• Integrate XACML into SAML
• Develop plug-ins for legacy systems
• Develop ARP manager (Sharpe) provisioning tools
• Easy installation packages (ShibWebISO)
• Virtual Organisation (client server) packages
• Offer policy legal documents, etc

18
MAMS ARP Editor Sharpe
Manage SP - Add Delete SPs Manage Attribute
Mapping - Create, Edit, Copy (clone), Delete
Mapping Sets Manage SP Contracts - Create, Edit,
Delete SP Contracts Manage User Contracts -
Create, Edit, Delete User Contracts
19
CAUDIT PKI Project

• The CAUDIT PKI Project involves developing a
  single national PKI standards framework for HE
  Research, including
• Certification Authority (CA)
• Registration Authorities (RA) 50
• Certificate Policy (CP)
• Certification Practice Statement (CPS)
• Able to scale to 1 million clients
• Initially built purely for test/trial purposes
• not evolve into a production service model
• only survive until late 2005
• support 4 levels of assurance
• support cross-certification
• support embedding in web browsers (positive
  Microsoft discussions)
• support signed emails.

20
CAUDIT PKI Project Certification Levels
21
PKI Trust Model

• AusCERT Root CA is trust anchor for the CAUDIT
  PKI
• Old CAs continue to work
• Cross-certifies with national, international and
  global PKIs (eg HEBCA)
• AusCERT will provide
• PMA
• Directory of Directories
• Single point Certificate Dissemination.
• Single point CRL and OCSP.
• Virtual CA for institutions that cant deploy own
  PKI

PMA Policy Mgt Authority CMS Cert Mgt
System CRL Cert Revocation List OCSP
Online Cert Status Protocol
22
CAUDIT PKI Project Status

• Current Status
• The AusCERT Root CA and the 4-Certification-Level
  CA have been set up and are issuing certificates.
• UQ has set up its 4 Institution Level CAs and is
  issuing end-entity certificates.
• Monash and Victoria Universities have set up
  their Institution Level CAs and issuing
  end-entity certificates they are now heavily
  involved in client and CMS capability and
  interoperability studies with UQ and AusCERT.
• Certificate Policy/ Certification Practice
  Statement has been drafted and sent to
  participant universities for feedback.
• A few pilot sites have dropped out because they
  couldn't supply the necessary resources the
  others have also had resourcing issues but are
  soldiering on.
• Final Report submitted October 2005.
• Next Step is to turn it into a production system,
  and establish close ties with Shibboleth
  (authorisation elements)
• this has been funded as part of MERRI

23
eduroam

• Being undertaken jointly by AARNet GrangeNet
• 17 members signed up
• Deploy eduroam in AARNet offices staff
• Write and seek endorsement for national eduroam
  policies (ratification by CAUDIT imminent)
• Promote and participate in eduroam developments
  within the APAN region
• Participate in eduroam global working group
• See www.eduroam.edu.au

24
Global Middleware Involvement

• Europe
• Close co-operation with JISC, Terena and European
  NRENs on eduroam other Middleware activities
• Americas
• Working on eduroam and Shibboleth activities
• APAN (Asia-Pacific Area Network)
• Taking responsibility for advancing Middleware
  awareness/agenda within APAN
• APAN Middleware mailing list
• APAN Middleware stream for Jan 2006 Tokyo APAN
  meeting
• Global
• Convened eduroam global working group
• Involved in general Middleware policy (eg
  Slaughter meeting)
• Global Research Education Federations mailing
  list (Refeds)
• MACE/MICE participation

25
END
For further information about Australian
Middleware developments, see http//www.aarnet.ed
u.au/engineering/middleware/ Email Alex Reid
alex.reid_at_aarnet.edu.au James Sankar
james.sankar_at_aarnet.edu.au
QUESTIONS???