australian access federation robert hazeltine identity and access management enterprise systems...
TRANSCRIPT
![Page 1: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/1.jpg)
Australian Access Federation
Robert Hazeltine
Identity and Access Management
Enterprise Systems Office
![Page 2: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/2.jpg)
Extending our reach• UWS staff and students now belong to
two networks - since 6 October 2009• UWS network
– Web sites and applications, and enterprise applications
• AAF network– participating universities and research
institutions and other national federations
![Page 3: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/3.jpg)
Services• data collections and data grids
• scientific instruments, modelling and visualisation tools and computing resources
• collaboration environments and workspaces for virtual teams
• scholarly resources and publications
• e-learning resources and learning object collections
• national higher education and research administration schemes
![Page 4: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/4.jpg)
How does it work ...
• Single sign on– local credentials
• Role based access control– Uses attributes and record keeping curtailed
• Pubic Key Infrastructure– Electronic passport
![Page 5: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/5.jpg)
• Identity Provider– the software run by an organisation with users
wishing to access a restricted service
• Service Provider– the software run by the provider managing the
restricted service
• Federation– Where are you from = “WAYF”– Public key infrastructure– Privacy a key consideration
![Page 6: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/6.jpg)
Shibboleth• Federated Single Sign On software
– The Shibboleth system is a standards based, open source software package for web single sign-on across or within organisational boundaries. It allows sites to make informed authorisation decisions for individual access of protected online resources in a privacy-preserving manner
• Shibboleth leverages the organisation’s identity and access management system, so that the individual’s relationship with the institution determines access rights to services that are hosted both on and off campus
![Page 7: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/7.jpg)
• AAF site about the AAF– http://www.aaf.edu.au/
•UWS site about the AAF– http://www.uws.edu.au/
campuses_structure/cas/services_facilities/it/single_sign-on
• US Shibboleth site– http://shibboleth.internet2.edu/about.html
• Swiss equivalent of the AAF– http://www.switch.ch/aai/demo/easy.html
![Page 8: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/8.jpg)
Your role in this
• Maybe no direct involvement yourself• Finding uses for it• Identifying your users as a group• Telling your ITS contact your needs• Giving us a little time to organise it• Becoming an advocate
![Page 9: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/9.jpg)
![Page 10: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/10.jpg)
![Page 11: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/11.jpg)
![Page 12: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/12.jpg)
![Page 13: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/13.jpg)
![Page 14: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/14.jpg)
![Page 15: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/15.jpg)
![Page 16: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/16.jpg)
![Page 17: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/17.jpg)
![Page 18: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/18.jpg)
![Page 19: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/19.jpg)
![Page 20: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/20.jpg)
![Page 21: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/21.jpg)
How does UWS turn the technology to its advantage?
![Page 22: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/22.jpg)
Thank you
![Page 23: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/23.jpg)
AAF core attributes
• authenticationMethod
• o (organisation)
• eduPersonAffiliation
• eduPersonScopedAffiliation
• eduPersonEntitlement
• eduPersonAssurance
• eduPersonTargettedID
• auEduPersonSharedToken
• displayName
• cn (common name)
![Page 24: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/24.jpg)
Identity Provider (Origin)• Log on to a web site or application• Shibboleth
– Use the AAF “WAYF” for federation sites– Use the AAF “WAYF” for local only sites– Use the technology for local sites only
• No password is exchanged with SP– Attributes are encrypted– Anonymous, pseudo-anonymous, identifier– Uses your UWS password
![Page 25: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/25.jpg)
Service Providers (Target)
• Australian Access Federation itself• AAF member as service provider• Confluence• Library services• On line learning• No portal required
![Page 26: Australian Access Federation Robert Hazeltine Identity and Access Management Enterprise Systems Office](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649e3b5503460f94b2cf62/html5/thumbnails/26.jpg)
Enterprise Directory• Repository of attributes for various uses:
– Australian Access Federation– White and green pages– Online voting– Authentication and authorization– Course Approval and Publication System– VoIP (new phone system)– Faster on boarding