SLIDE 1
3 New Services Streamlining Access to eResearch Capabilities
John Scullen (john.scullen@aaf.edu.au) Manager, Strategic Initiatives & Managed Services
3 New Services Streamlining Access to eResearch Capabilities John - - PowerPoint PPT Presentation
3 New Services Streamlining Access to eResearch Capabilities John - - PowerPoint PPT Presentation
3 New Services Streamlining Access to eResearch Capabilities John Scullen (john.scullen@aaf.edu.au) Manager, Strategic Initiatives & Managed Services (EDUcation Global Authentication INfrastructure) Growing International Community 55
SLIDE 2
SLIDE 3
SLIDE 4
SLIDE 5
SLIDE 6
Growing International Community
55 federations
Identity Providers: 2883 Service Providers: 2195
- 195 Research & Scholarship
services already available
- Other services added by request
See technical.edugain.org/entities
SLIDE 7
eduGAIN Benefits
Service Providers
- One integration
- Thousands of potential
users
- Extend the reach of
research infrastructure
- Reduce cost and
complexity Identity Providers
- Easier access to
international services
- Simplifies international
collaboration
SLIDE 8
Connecting to eduGAIN
Use latest software Technical config
- metadata
- attribute
request / release
- discovery
Research & Scholarship Security
- SIRTFI
SLIDE 9
Find Out More
aaf.edu.au/edugain
SLIDE 10
SLIDE 11
Benefits
- Release your IdM staff for more important work
- Feature updates and security patches
- eduGAIN-ready
- High availability
- Reduce infrastructure
- Security designed in from the beginning
- Faster deployment of new IdPs
- Lowers entry barriers for smaller organisations
SLIDE 12
On-Premise Cost Factors
- Staffing
- Servers
- Storage
- Backup
- Load balancer costs
- Data centre costs
- Monitoring costs
- Governance
- Security
- Compliance
- Disaster recovery
- Testing
- Change management /
stakeholder comms
SLIDE 13
Find Out More
aaf.edu.au/rapid
Rapid
Identity Provider
Rapid
Identity Provider
powered by AAF
SLIDE 14
AAF CENTRAL
SLIDE 15
AAF Central
- A major step toward a multi-protocol federation
- Support for applications using Open ID Connect (OIDC)
- Design can accommodate other authentication protocols
SLIDE 16
Why OIDC?
- Developing with OIDC / OAuth2 is simpler than SAML
- Add your preferred OIDC library to your development environment
- No need to deploy servers or run Shibboleth service provider software
- Easier to find experienced developers
- OIDC / OAuth2 is widely used to integrate with Google, Facebook and cloud
services
- Not just web-based authentication
- API access
- Mobile applications
SLIDE 17
How does it work?
OpenID Connect Provider
rec res req rec
Identity Broker
req rec rec res
AAF Central
Application (OIDC RP)
SAML Federation Resolver
rec res req rec SAML Federation
SLIDE 18
Current State
- Available now as a pre-production service
- Passes OIDC conformance tests
- Peer-reviewed and load tested
- Manual connection for now
- No eduGAIN support – use SAML if you want to expose your service to international
partners
- Reasonable coverage of OIDC specification
- 3 services in production
- ecocloud.org.au
- Store.Monash
- TERN
- 13 services in test
SLIDE 19
OpenID Connect Provider
rec res req rec
Identity Broker
req rec rec res
AAF Central
Application (OIDC RP)
SAML Federation Resolver
rec res req rec SAML Federation
Rapid Connect Provider
rec res req rec Application (Rapid Connect)
eduGAIN Resolver
rec res req rec eduGAIN Federation
Social Identity Resolver
rec res req rec Google / Facebook etc
Utopia
SLIDE 20
Find Out More
Bradley Beddoes (bradleybeddoes@aaf.edu.au)