About the Next Generation AAF Project
This project created the next generation Australian Access Federation (AAF) infrastructure and products to make national and international research collaboration easier and more accessible than ever. Major objectives were to:
- Enhance the AAF’s tools and services to facilitate collaborative research and enable improved connections between research groups and government organisations.
- Extend our existing software infrastructure to meet the expanding authentication requirements of Australia’s National Collaborative Research Infrastructure Strategy (NCRIS), and of research and education organisations connected to the AAF.
- Develop new solutions that will make joining the AAF simpler and reduce maintenance effort for current subscribers.
The project commenced in July 2015 and finished in January 2017.
Project work fell into three major activity streams:
Activity 1 – Government Requirements for AAF Participation
Many government departments and agencies must use suppliers who have implemented the Australian Signals Directorate’s (ASD) Protective Security Policy Framework (PSPF) and Information Security Manual (ISM) requirements. Under this activity the project team:
- Identified ASD-compliant infrastructure providers and migrated AAF’s core services to Amazon Web Services.
- Determined which PSPF and ISM requirements relate to AAF and developed a range of policies to begin working toward compliance.
- Reduced barriers which currently prevent broader groups of non-academic and government researchers from accessing eResearch infrastructure connected to the federation.
- Improved security through hardened infrastructure.
Activity 1 concluded in November 2016. Work will continue beyond the project to align policies and practices to the framework.
Activity 2 – Next Generation Software Extensions
Software extensions enhanced the AAF’s infrastructure underpinning the authentication needs of the NCRIS capabilities and the growing number of eResearch connected organisations. Under this activity the project team:
- Developed and released the next generation Discovery Service.
- Developed and released the next generation Reporting Service.
- Piloted a RADIUS-based authentication extension for non-web-based authentication through the federation.
- Improved user experience and user interfaces across an expanded range of devices.
- Foundations laid for international federation connectivity and access to non-web protocols such as Enhanced Client or Proxy (ECP) in the next generation Discovery Service (DS).
- Improved utilisation statistics and detailed information for service provider and identity provider operators.
These tools operate on the enhanced infrastructure implemented as part of Activity 1.
The next generation Discovery and Reporting Services went live in January 2016. AAF worked with Intersect and AARNet to develop a RADIUS extension for the federation.
Activity 3 – Hosted Identity Provider
Connecting to the federation has meant investments in skill development and infrastructure for IT departments. This can be a significant issue — especially for smaller organisations. The project team developed a Hosted Identity Provider (IdP) to simplify connection to the federation for new subscribers and remove much of the setup and maintenance burden from IdP administrators.
- Reduced setup complexity and learning curve, meaning subscribers will be able to connect to the federation and access connected services faster.
- Subscribers don’t need to deploy extra infrastructure to connect to the federation.
- Significantly reduced need for specialised IT skills to build and maintain infrastructure.
- Faster response to security threats through the centralised deployment of patches and updates.
Initial development wrapped up in January 2017.
The Early Adopter Program will help us identify any show-stoppers, prioritise product improvements and confirm the business model. We expect to launch the hosted IdP service for general availability in the second half of 2017.
For further information contact John Scullen (Project Manager).