As scientific activity, data and equipment is enabled by information technology such as high speed networks, video conferencing, grid computing and shared databases, the remoteness of New Zealand is no longer a barrier to participation for New Zealand scientists and students.
As types of scientific experiments performed and information captured become sensitive, the need for verified and managed identity to access then becomes important. Overseas research networks are actively establishing identity federations to address these issues and so are we here in New Zealand with formation of Tuakiri, New Zealand Access Federation.
In the educational and research sectors, the technical infrastructure of these identity federations is based on the SAML standard, and commonly the Shibboleth implementation of this standard. Components of this technology include:
- Identity providers which allow an institution’s users to be identified.
- Service providers which grant federation users access to online resources such as databases, applications, grids, library repositories and collaboration environments.
A core driver of federated identity and access management (IAM) in a NZ context is the fact that cross-institutional collaboration is a growing feature of the research sector. Therefore the vision behind the establishment of a New Zealand Access Federation is to allow member organisations’ scientists, students and staff to easily participate within national, Australasian and international activities in a seamless and secure manner.
IAM is concerned with making sure that approved users have appropriate access to online resources. Currently most organisations are moving towards providing their users with a single sign-on service that provides access to organisational resources, using a common authentication service and a set of user attributes for determining the level of access to these resources.
Tuakiri has been developed to allow authentication and passing user attributes across organisational boundaries. This greatly simplifies access for the user and provides an infrastructure that promotes better security of access to the resources.
Instead of having to set up individual access arrangements for each new resource or service, the services and resources are developed with a standard interface. In summary, the goals of Tuakiri are:
- Users will have a single account for all their services.
- Authentication will only be done at the user’s home organisation.
- User data will be maintained in only one place.
- The custodian of the data will have better management and control of the data.
- Collaboration between multiple organisations will be simplified.
Without federated access, the following issues will persist:
- Tedious user registration at all resources.
- Unreliable and outdated user data at resources.
- Different login processes.
- Many different passwords.
- Many resources not protected due to difficulties.
- Often IP-based authorisation.
- Costly implementation of inter-institutional access.
If you require or would like assistance with implementing an Identity Provider or Service Provider, then please contact us at firstname.lastname@example.org.
We also have resources that you can access to help progress your own IAM initiatives.