On top of the AAF’s operational Tools and Services we are also involved in various projects and initiatives. These projects all seek to enhance the functionality and services of the AAF for our current subscribers and also the eResearch community nationally.
As the projects progress more information will be released here.
Software-as-a-Service Identity Provider - Early Adopter Program
In response to customer demand, the AAF has undertaken a significant engineering project in 2016 to create a new software-as-a-service Identity Provider (SaaS IdP). This new service will:
- remove the requirement for AAF subscribers to deploy infrastructure and maintain software in order to participate in the federation
- reduce the time and effort associated with connecting organisations to the federation.
In 2017 AAF will launch an Early Adopter Program to work with a small group of participants to:
- deploy the service into production at their site
- prioritise and implement refinements based on user feedback
- create integrated business processes to support the solution.
Organisations participating in the Early Adopter Program will benefit through:
- Pre-release access to the SaaS IdP service in 2017
- The opportunity to shape the service before it is released
- Infrastructure hosting costs covered by the program in 2017
- Migration support to use the new SaaS IdP service in 2017
- No additional cost to use the service in 2017
- A discount to use the service in 2018
About the Early Adopter Program
The Early Adopter Program is a limited opportunity for subscribers to shape the new SaaS IdP solution before it is released to the sector.
The AAF seeks investment partners to operate a 12-month (2017) SaaS IdP Early Adopter Program. The program will be capped at a maximum of 12 participants. The offer closes at 5pm AEST on 15 October 2016.
Find out more
The prospectus contains more detail about the Early Adopter Program.
Download the prospectus.
Download the application form.
Contact John Scullen if you have any questions that are not addressed in the prospectus.
Software-as-a-Service Identity Provider FAQs
Will the service allow bilateral Service Provider connections?
We’re intending to have some basic support for direct / bilateral agreements with individual service providers, though the simplest option is to encourage service providers to join the federation where possible. Through the Early Adopter Program we’ll develop a better understanding of the extent and variety of bilateral agreements we need to support.
Will there be a limit on the number of bilateral Service Provider connections in the SaaS IdP?
There hasn’t been a decision made on this yet, but there will likely be a limit. We will use the Early Adopter Program to find out more about existing bilateral agreements and work with participants to establish reasonable operating parameters for the final product.
How configurable will the attribute resolver be?
When the hosted IdP is using LDAP for authentication / attribute resolution, the attribute resolver will be fully customisable.
Will the service allow the connection of databases hosted at my organisation? Or will we need to host them in the Amazon cloud?
We’ll have full support for authentication / attribute resolution from an external directory via LDAP. Any additional databases which the SaaS IdP uses will be hosted in the Amazon cloud and managed as an integrated part of the IdP.
We don’t allow access to our LDAP directory outside of our network. This is fine for an on-premise IdP, but how will it work for a SaaS service?
Organisations normally implement networking security to block access to directories from outside the organisation. This configuration can be changed but obviously carries an increased risk for the organisation.
We understand there are security risks associated with providing access to a corporate directory via LDAP to the outside world. This risk can be mittigated with the following measures:
- LDAP will only operate over a secured transport such as TLS. This is mandatory – the SaaS IdP will not accept an LDAP configuration using an insecure transport.
- Restrict permissions for the LDAP credentials. We recommended that the LDAP credentials given to the SaaS IdP only have access to the attributes required for AAF purposes. The account should only have rights to read (not update) data.
- Use point-to-point firewall rules to restrict connectivity to the corporate directory. We’ll provide a list of IP addresses so that access can be restricted to your SaaS IdP servers, rather than operating a public directory server.
You will not need to set up a public LDAP store, but you will need to modify your firewall rules to allow communication between your existing LDAP directory and your hosted IdP instance.
The AAF is now a registered Victorian Government eServices Panel supplier
As part of the growth initiatives for the Australian Access Federation Inc. (AAF), the AAF has now been included as a Victorian Government eServices Panel supplier.
Victorian Government Departments may now include AAF to their Victorian Government Procurement arrangements and invitations via the AAF business cloud profile enabled by Ariba sourcing.
Alternatively, please contact AAF Community Development Manager, Courtney Brown on 0467 000 449 or email email@example.com
This formal procurement activity and other similar initiatives to support AAF growth are expected to continue. Please check this page for progress and more information related to similar initiatives.
Did you know that the Australian Access Federation is GITC accredited?
The Australian Access Federation (AAF) is committed to quality and this is demonstrated through AAF’s continued participation within the Government Information Technology Contracting (GITC) accreditation which is an agreement by suppliers to use the Queensland Government GITC Framework terms and conditions. This is managed by the Department of Science, Information Technology and Innovation.
The Australian Access Federation will maintain GITC accreditation as an ICT supplier in order to supply services and software solutions throughout Queensland Government.
As a part of numerous Queensland Government procurement reforms, Queensland Government buyers will now preference the use of ICT suppliers that are accredited under the Government Information Technology Contracting (GITC) Framework.