As scientific activity, data and equipment is enabled by information technology such as high speed networks, video conferencing, grid computing and shared databases, the remoteness of New Zealand is no longer a barrier to participation for New Zealand scientists and students.
As types of scientific experiments performed and information captured become sensitive, the need for verified and managed identity to access then becomes important. Overseas research networks are actively establishing Identity Federations to address these issues and so are we here in New Zealand with formation of Tuakiri, New Zealand Access Federation.
In the educational and research sectors these identity federations are based on technical infrastructure commonly known as Shibboleth. Components of this technology include:
- Identity providers which allow an institution's users to be identified.
- Service providers which grant federation users access to online resources such as databases, applications, grids, library repositories and collaboration environments.
A core driver of Federated IAM in an NZ context is the fact that cross-institutional collaboration is a growing feature of the research sector. Therefore the vision behind the establishment of a New Zealand Access Federation is to allow member organisations' scientists, students and staff to easily participate within national, Australasian and international activities in a seamless and secure manner.
Identity and Access Management is concerned with making sure that approved users have appropriate access to online resources. Currently most organisations are moving towards providing their users with a Single Sign-on Service that provides access to organisational resources, using a common authentication service and a set of user attributes for determining the level of access to these resources.
Tuakiri Federation Service has been developed to allow authentication, and user attributes to cross organisational boundaries. This greatly simplifies access for the user and provides an infrastructure that promotes better security of access to the resources.
Instead of having to set up individual access arrangements for each new resource or service, the services and resources are developed with a standard interface. In summary the goals of the Tuakiri Federation Service are:
- Users will have a single account for all their services.
- Authentication will be done only at the user's home organisation.
- User data will be maintained only in one place.
- The custodian of the data will have better management and control of the data.
- Collaboration between multiple organisations will be simplified.
Without federated access the following issues will persist:
- Tedious user registration at all resources.
- Unreliable and outdated user data at resources.
- Different login processes.
- Many different passwords.
- Many resources not protected due to difficulties.
- Often IP-based authorisation.
- Costly implementation of inter-institutional access.
In addition if you require or would like assistance with implementing an Identity Provider or Service Provider, then please contact us at email@example.com.
We will also have resources posted on the Tuakiri website (http://www.tuakiri.ac.nz) that your staff can access to help progress your own IAM initiatives.