The Middleware Forum and CAMP 2006 was held this week at Macquarie University in Sydney, Australia. This was a Higher Education (HE) conference focusing on the core middleware that would be needed by the HE sector. The 1 day forum was more about strategy and policy while the 2 day camp was more about technical architectures and implementations.The major theme for the conference was building federated trust networks: a set of core middleware that would enable unis to securely collaborate online nationally and globally.Although the focus was on the technicalities of core middleware, it was agreed that the major drivers for creating a federated trust network are:
- Single Sign-on: single sign on to inter-institutional applications
- E-research GRID: secure global access to high value GRID resources e.g. computing arrays
- Digital Resources and DRM: authorised online access to shared protected resources e.g. publishers’ e-journals such as Science-Direct
- Virtual Organisations (VO): creating virtual project teams across HE institutions (globally) to support collaborative research projects.
- Secure collaboration: secure cross-institutional applications to support collaboration (chat, wikis, forums, blogs, mail-lists etc)
The focus here is on federating Identity, Authentication and Authorisation (IAA) across institutions. That is your IAA is maintained in your home uni but the uni belongs to a trust federation where all unis trust each other. Inter-federations can be created e.g. where the Aust HE federation is joined to the US, UK HE federations. Other federations can be formed e.g. where the HE federations join with the FedGov federations or other education sector federations e.g. schools, VTE.
The main technologies used to build these trust federations are shibboleth (SAML, XACML) and PKI.
It’s interesting to see what is being done in building trust federations in the US and UK as well as here. So far the initiatives are building separate federations: PKI and shibboleth. They are now thinking how to combine them:
- In the US, the HE sector has built 2 HE PKI trust federations (USHER and HEBCA). They are linking HEBCA to the Fed Gov PKI federation. The US education sector has established a production-level HE shibboleth trust federation (InCommon) complete with polices and governance. They have also federated InCommon with the US FedGov EAuth shibboleth trust network.
- In the UK, there is a well-organised and funded national initiative (JISC and BECTA) that is building a national federated shibboleth trust network (to be operated by UKERNA) across all education sectors. It will spend $Aus9m over 2 years and replace the obsolete Athens trust network.
- In Europe the Bologna Process is supporting harmonised standards across European Unis.
- In Australia the MAMS project has established a testbed national HE shibboleth trust federation. MAMS is talking about this being a “production” federation but there is little policy or governance framework in place yet. Most of the applications are still at the demonstrator and proof-of-concept stage. The Caudit PKI initiative (AHERTF) is building an Australian HE PKI federation (operated by AusCERT) so that users at Uni-A with PKI certificates can be recognised at Uni-B.
There was little discussion about these trust networks being used for applications like national assessment and reporting, student mobility or truancy. However, with a middleware infrastructure in place that supports secure access to applications and resources, these types of applications would become quite practical to build. In order to do this we would also need to ensure that the trust federation included the other educational sectors and government departments.
So far, this has been all about federating institutional IAA.
It was also noted that there is a parallel bottom-up trend towards user-centric IAA as per Web 2.0 and Identity 2.0 initiatives. Microsoft’s Infocard is a promising initiative in the Web 2.0 user-centric IAA area. It will be part of Vista and looks like “Passport done right”.
Post a Comment