1 / 22

AARNet Middleware Activities 2005 APAN 2005 - PowerPoint PPT Presentation

  • Uploaded on

AARNet Middleware Activities 2005 APAN 2005. [email protected] Network Engineer – Middleware AARNet. About this talk. Background AARNet Why Middleware? Overview of AARNet current middleware activities IAM survey background Results Key Findings Barriers Opportunities.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'AARNet Middleware Activities 2005 APAN 2005' - holleb

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

AARNet Middleware Activities 2005

APAN 2005

[email protected]

Network Engineer – Middleware


About this talk
About this talk


  • AARNet

  • Why Middleware?

  • Overview of AARNet current middleware activities

  • IAM survey background


  • Key Findings

  • Barriers

  • Opportunities

Aarnet core activity
AARNet – Core Activity

Roll out of the AARNet 3 Dark Fibre “Dense Wave-Division Multiplexing” (DWDM) providing:

  • 32 wavelengths of 10Gbps capacity initially

  • Supports growth to 64 or more wavelengths of 40Gbps over life of the network

Aarnet goals
AARNET goals

  • To complete the AARNet 3 roll out and develop outreach programmes to extend access to rural areas.

  • To participate in national and regional activities

    • Engage with the community – e.g. Astronomers, Physicists etc

    • Engage with research and education stakeholders to develop a national middleware framework

  • To develop applications and services for AARNet customers

  • To develop international links and actively participate in international projects.

Why middleware
Why Middleware?

On the Internet – nobody knows who you are!

More content and access to scarce physical systems requires user authentication and authorisation in a secure, scalable way

Why middleware1
Why Middleware?

Identity and Access Management should support user requests to resources regardless of location, to do so requires integration, loosely coupled federations and clever, intuitive systems that are and able to support general requests or ask for authentication when required.

Aarnet middleware
AARNet middleware

In-house developments

  • Develop a middleware architecture framework for development activities.

  • Roll out eduroam to AARNet offices and staff.

  • Gain practical experience of Shibboleth by

    • Creating an AARNet Identity Provider system for AARNet staff and join MAMS federation.

    • Assessing the feasibility of shibbolising AARNet applications and services.

  • Further development AARNet’s middleware website to generate awareness;

Aarnet middleware1
AARNet middleware

Joint activities

  • Involvement in national middleware initiatives involving education and research communities.

  • CAUDIT Identity and Access Management survey 2005.

  • Participation and assistance in eduroam Australia roll out, development and policy.

  • Participation in

    • global eduroam development and policy.

    • CAUDIT PKI Technical Working Group in developing a national PKI.

    • Global middleware policy.

What is a campus identity access management system
What is a CAMPUS Identity & Access Management System?

“…Identity and access management isn’t really a system that you go out and buy. It must become a pervasive, federated infrastructure that integrates companies internally while simultaneously allow them to interoperate with other companies. It must support both centralized and decentralized scenarios. It must accommodate integration where practical, and more loosely coupled federation models where necessary.”

Burton Group (July 2002)

What is a campus identity access management system1
What is a CAMPUS Identity & Access Management System?

“…an integrated system of business processes, policies and technologies that enable organizations to facilitate and control their users' access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users. It represents a category of interrelated solutions that are employed to administer user authentication, access rights, access restrictions, account profiles, passwords, and other attributes supportive of users' roles/profiles on one or more applications or systems.”

Wikipedia 2005

The survey why now
The Survey – why now?

The Survey instrument was designed to assess progress of Identity and Access Management systems to act on

  • Any barriers to integration (same/single sign on) that need to be removed (resourcing, technical, political, etc.)

  • Any opportunities to

    • Promote campus infrastructure integration best practice

    • Assess the need for a federated authn infrastructure

    • Identify authz components for services / resources.

Survey results
Survey Results


  • Username/Passwords & IP based authentication.


  • Ezproxy, proxy caches in use. Differences exist in support to access local and remote resources.

    Directory services

  • LDAP preferred service

    System integration

  • in house developments (PERL, Visual Basic, JAVA, C++, SQL to process data from student, HR and other databases).

Survey results continued
Survey Results - continued

Current focus – Campus infrastructure integration

  • Unify Authentication, Authorisation, Access;

    • Automate the transfer of data to feed into Directories, meta data, and so forth.

    • Develop simplified user interfaces (e.g. Same/Single Sign on portals).

  • Visitor guest network access (http, https, VPN) via

    • Creating temporary accounts.

    • eduroam (802.1X/EAP-TTLS & RADIUS backend).

Survey results continued1
Survey Results - continued

Public Key Infrastructures Use

  • Limited use of digital certificates (due to No national PKI)

  • 30% claim their Directory Services support PKI

    Next Project developments

  • Web portal & Account self service = 14/25

  • Same Sign On = 4/25 & Single Sign On = 13/25

  • CAUDIT /Staff/Student/Web/Service certs = 7/25

Survey results barriers identified
Survey Results – Barriers identified

  • Limited resources / funds available.

  • Limited key stakeholders involvement to create integration and federation infrastructures.

  • High risks/impact to develop critical IAM systems.

  • Lack of coordinated middleware effort in IAM space

  • Minimal dissemination of standards, policies and technical guidelines.

  • Limited Training (eduperson, same/single sign on).

Survey results recommendations 1
Survey Results – Recommendations 1

(1) Develop IAM content on

  • Gather and exchange recommended Authentication and Authorisation methods/products, guidelines for use, transmission, storage of credentials and IAM best practice

  • Identify / develop ways to can leverage from same/single sign on environments.

  • Track CAUDIT PKI developments and make use of PKI to develop secure access.

    (2) Engage with service providers

  • Identify requirements to enable users to gain access to remote resources and agree on standards/rules to operate via a federation.

Survey results recommendations 2
Survey Results – Recommendations 2

(3) Develop a middleware framework

  • An inclusive process for stakeholders (identity providers and service providers) to align to in a cost effective, low risk, secure, user-friendly way within Australia.

  • Identify Australian strengths to contribute in partnership with the global middleware effort.

  • Identify international middleware activities that Australia can make learn and develop from.

Useful links
Useful links

  • AARNet Middleware web pages -

  • Identity & Access Management Survey 2005 –

  • Eduroam -

  • Eduroam Australia –

  • Shibboleth –

  • MAMS -