Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager.

Published byAngela Bond Modified over 8 years ago

Similar presentations

Presentation on theme: "AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager."— Presentation transcript:

1 AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager

2 Overview The AAF Federation Registry N ational Entitlements Service Other initiatives

3 Federation Registry Requirement Manages the federations metadata Support the AAF business model Introduces the Organisation 0..n IdPs and 0..n SPs Admins and Contacts Involved in workflow Builds on concepts from SWITCHaai Resource Registry an extensible, open source web application that provides a central point of registration, management and reporting for identity and service providers participating in a standards compliant SAML 2 identity federation.

4 Federation Registry Features Dashboard Access control Reporting / Compliance Workflow Integration Federated application Registration wizards Data validation Help bubbles Integrated with the AAF Support tool SAML 2

5 Federation Registry Behind the scenes 1 man year development effort 2 major code releases to date Groovy / Grails (Java) platform Extensible design Agile development Continuous integration testing and quality control Next release in Q2 2012

6 Federation Registry Utilization Reporting ARCS Data Fabric – January 2012 Utilisation Data recorded by AAF WAYFs and reported by the Federation Registry

7 Federation Registry Federation Integration engine The Federation Registry is the integration engine for AAF components, Identity providers and Service providers. It is central to the successful on-going operation of the Australian Access Federation.

8 Federation Registry AAF Wiki http://wiki.aaf.edu.au/federationregistry/ Try it, AAF Test Federation Registry https://manager.test.aaf.edu.au/federationregistry Source code, Issues tracking https://github.com/ausaccessfed/federationregistrymaster More Information

9 N ational Entitlements Service Provides attributes that are beyond the scope of individual organisations to manage and maintain as part of Authn. – A central source for entitlements – Delegation and assignment of entitlements; – Self assignment of entitlements – A web portal – A technical interface. The Solution must be cost effective have delivery aligned to Super Science initiatives

10 N ational Entitlements Service Why NES In support of Australian Super Science initiatives such as – Research Data Storage Infrastructure (RDSI) – National eResearch Collaboration Tools and Resources (NeCTAR) Improved Authz User’s home institution can not easily provide information – Not authoritative – Do not want the additional overhead

11 N ational Entitlements Service The Feasibility Study – in peer review Define the problem Analyse existing open source and commercial offerings Review international federation (SAML) practices Identify options to move forward, What interest is there in making the study public?

12 N ational Entitlements Service The options Do nothing Purchase and integration of vendor or open source solution Development of a custom solution by a software development partner Development of a custom solution by the AAF

13 N ational Entitlements Service What it will look like... A nationally operated attribute authority with a group management component and user interface providing delegated access approvals work flows user registration Extension to the Federation Registry

14 N ational Entitlements Service Timeframes Deliver in 2012 aligning with Super Science initiatives Rolled out progressively, 3 or 4 releases Agile development, collaborating with users

15 Other initiatives A number of other initiatives are on the AAF drawing board Cloud IdP, a fully managed service for our subscribers Automated monitoring service Improved data collection and reporting of utilisation New discovery service

16 Other initiatives A fully managed Identity provider service for our subscribers 1.New AAF VHO 2.Partially hosted, for organisations with an Identity store 3.Fully hosted Not currently resourced Cloud IdP

17 Other initiatives ICINGA open source monitoring (NAGIOS variant) Federated authentication Simple dashboard showing the overall health of the federation Reporting and alerting to subscribers Basic Monitors (March 2012) Ping Time Synchronisation SSL Certificate expiry Shibboleth Status Basic and Advanced Basic port security check Advanced Monitor (June 2012) End-to-end (RedIRIS monitoring tool) Automated monitoring service Integrated with the Federation Registry Hosts and Services to monitor Hosts and services groups Contacts, people involved in the notification process

18 Other initiatives Currently usage data collected from WAYFs Leads to some data loss Does not distinguish between successful and failed access Investigate improvements thru capturing sanitized logs from IdPs See all the traffic that by-passes the WAYF Identify hidden services – bi lateral agreements become obvious Can count successfully authentications Can assist in identifying brut force attacks Improved data collection and reporting of utilization

19 Other initiatives Currently utilizing the SWITCHaai WAYF Federation Registry Extend to populate MDUI elements into the metadata Investigate what options are available for the Discovery Service Multi-tiered Discovery Service – General access – Higher LOA New discovery service

20 Michel De La Villefromoy - Manager, University of Technology, Sydney “We see the AAF as an enabler for sharing all manner of fragile, dangerous, rare and geographically remote equipment between research organisations.”

Download ppt "AAF Middleware update February16 2012 Presented by Terry Smith Technical Manager and Heath Marks Manager."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Tom Lewis Director, Academic & Collaborative Applications University of Washington.

Tom Lewis Director, Academic & Collaborative Applications University of Washington.
Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.
Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.

Implementing Shibboleth-based Virtual Organisations and VO Federations using IAMSuite (including AAF update) James Dalziel & Alan Lin Professor of Learning.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Data Warehouse success depends on metadata

Data Warehouse success depends on metadata
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Accounts Payables Invoice Automation for SharePoint.

Accounts Payables Invoice Automation for SharePoint.
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,
Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.

Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office.
Geoff Payne ARROW Project Manager 1 April 2004. Genesis Monash University information management perspective Desire to integrate initiatives such as electronic.

Geoff Payne ARROW Project Manager 1 April Genesis Monash University information management perspective Desire to integrate initiatives such as electronic.
CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,

CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,
I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.

I2Q & WMnet Pilot Presented by Jason Rousell – i2Q Jay Neale - i2Q.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.

Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
1 NCHELP Update Common Record for FFELP & Alternative Loans Meteor The High Performance Channel.

1 NCHELP Update Common Record for FFELP & Alternative Loans Meteor The High Performance Channel.

Similar presentations

Ads by Google