As scientific activity, data and equipment is enabled by information technology such as high speed networks, video conferencing, grid computing and shared databases, the remoteness of New Zealand is no longer a barrier to participation for New Zealand scientists and students.
As types of scientific experiments performed and information captured become sensitive, the need for verified and managed identity to access then becomes important. Overseas research networks are actively establishing Identity Federations to address these issues and so are we here in New Zealand with formation of Tuakiri, New Zealand Access Federation.
In the educational and research sectors these identity federations are based on technical infrastructure commonly known as Shibboleth. Components of this technology include:
- Identity providers which allow an institution's users to be identified.
- Service providers which grant federation users access to online resources such as databases, applications, grids, library repositories and collaboration environments.
A core driver of Federated IAM in an NZ context is the fact that cross-institutional collaboration is a growing feature of the research sector. Therefore the vision behind the establishment of a New Zealand Access Federation is to allow member organisations' scientists, students and staff to easily participate within national, Australasian and international activities in a seamless and secure manner.
Identity and Access Management is concerned with making sure that approved users have appropriate access to online resources. Currently most organisations are moving towards providing their users with a Single Sign-on Service that provides access to organisational resources, using a common authentication service and a set of user attributes for determining the level of access to these resources.
Tuakiri Pilot Federation Service has been developed to allow authentication, and user attributes to cross organisational boundaries. This greatly simplifies access for the user and provides an infrastructure that promotes better security of access to the resources.
Instead of having to set up individual access arrangements for each new resource or service, the services and resources are developed with a standard interface. In summary the goals of the Tuakiri Pilot Federation Service are:
- Users will have a single account for all their services.
- Authentication will be done only at the user's home organisation.
- User data will be maintained only in one place.
- The custodian of the data will have better management and control of the data.
- Collaboration between multiple organisations will be simplified.
Without federated access the following issues will persist:
- Tedious user registration at all resources.
- Unreliable and outdated user data at resources.
- Different login processes.
- Many different passwords.
- Many resources not protected due to difficulties.
- Often IP-based authorisation.
- Costly implementation of inter-institutional access.
Landcare Research has been contracted by the Ministry of Science and Innovation (MSI), as part of their Identity and Access Management initiative, to develop an Identity Provider (IdP) resource kit and technical support for New Zealand's universities, Crown Research Institutes and the National Library ('core KAREN members') in readiness to move to an Identity and Access Management federation for New Zealand's research community. This involves:
- Developing a toolkit of best practices and standard installation technology templates that New Zealand institutions can use to help them become an Identity Provider and join the NZ Access Federation
- Providing federation technical expertise and support to at least three core KAREN members to become best endeavours Identity Providers.
- To customise at least three exemplar identity consuming services across selected research and education domains to promote the federated approach to core KAREN members. The proposed initial services are:
- DSpace research publications repository
- Sakai collaboration platform
- SCENZ Grid geospatial portal
To progress this work we seek your input to identify potential research and education services which require federated access too. These will then be combined with a short list of other identified services from which three services with maximal cross sector demand will be selected, and development of appropriate federated interfaces for these will be implemented.
In addition if you require or would like assistance with implementing an Identity Provider or Service Provider, then please contact us at firstname.lastname@example.org.
We will also have resources posted on the Tuakiri website (http://www.tuakiri.ac.nz) that your staff can access to help progress your own IAM initiatives.