A major overhaul of the technology that authenticates users of the Australian Access Federation (AAF) is reaping benefits for large research institutions while enabling smaller institutions with limited IT skills and resources to quickly and easily participate in the federation. The AAF enables researchers to use their institutional user ID and password to securely access hundreds of online platforms.
The new Rapid Identifier Provider, or Rapid IdP, has modernised the way organisations connect to the federation, and uses a cloud-based software-as-a-service (SAAS) subscription model. Rapid IdP delivers world-class performance, availability and cybersecurity as well as streamlined integration to both third-party and home-grown identity systems.
A new ‘light’ version meets the needs of smaller institutions that do not have a central authentication system, without compromising performance, availability and security.
The 2-year development project was completed in December 2020, following ARDC’s investment of $900,000 in 2018 to accelerate the work to make it easier for research organisations to participate in the federation, thereby giving more researchers access to national research infrastructure.
Over the course of the project, the number of live customers grew from 3 to 10, with 9 more in various stages of implementation and several evaluations underway. This expanded customer base means that from 2021 Rapid IdP is a fully sustainable service with enough customers to cover its costs.
John Scullen, Head of Projects & Managed Services at AAF, says ARDC’s investment was critical. “We wouldn’t have this product without them. AAF is a self-funding organisation—we need to earn our own revenue. Apart from specific projects, AAF receives no government funding. This [investment by ARDC] helped expand the customer base to reach the point of sustainability, which was a key objective.“
Enterprise identity systems enable single sign-on—one username and password—within an institution. Rapid IdP uses this ID to log in to the hundreds of platforms and services available to Australian researchers through AAF.
Without Rapid IdP, an institution can still connect to AAF but they need to configure that connection themselves. Smaller organisations often don’t have the time, the people or the skills to do that.
“Universities have [also] been squeezed for resources in the last 12 months. This is a simple, fast, reliable, cost-effective way for them to connect to the federation”, says Scullen.
“We take care of the configuration, they get fast deployment, and don’t have to worry about patching or updates. It’s almost plug and play—once configured, it just works. We’ve lowered the entry barrier for organisations to connect to the federation.”
Deployment time has been slashed with the new product. As an example, Actors Centre Australia were up and running within 3 days. “For customers connecting to AAF and doing it themselves, the previous record [for deployment] was 45 days—and most were 3–6 months”, says Scullen.
The South Australian Health and Medical Research Institute (SAHMRI) is a recent convert to Rapid IdP. Not yet a decade old, it has about 450 employees plus about the same again in ‘partners’—employees of the three universities in South Australia and other organisations that are part of the SAHMRI community.
James Barona is Head of ICT at SAHMRI: “We joined the AAF in 2012 when we had a very small IT environment. But we had the aspiration to be card-carrying members of the federation and participate in it.”
With no single sign-on solution, the idea was to build the connection to AAF in house. But with a small ICT team and tight resources, getting the project to the head of the queue proved a challenge year after year.
“We always had other priorities that would trump the project”, says Barona. “And, so, [in 2020], when Rapid Id P came along, that changed everything.
“AAF filled a skills and capacity gap that we needed to complete the project. We're leveraging their experience in that space, and their ability to keep Rapid IdP up and running and maintained. That frees our team up to focus on things that are more research focused, rather than getting the ‘plumbing’ in order. The indirect benefit to us is that we're providing better services to our researchers. And that's what we're here to do.”
For SAHMRI’s researchers, having a consistent login experience with their applications is a secondary benefit: “What's in it for them is the services that they get access to through that mechanism. CloudStor was a big drawcard and will be the first cab off the rank, giving our researchers free cloud storage that they can use to share data with other researchers.”
James Barona sees further benefits down the track when SAHMRI makes its own facilities available through AAF. “That's [more about us being a] service provider rather than an identity provider. But this was a necessary step we needed to take to be active members of the federation. This was step one. Rapid IdP has greased the wheels for us to be involved in the federation where we weren't before. And it’s been a very positive experience. The AAF should be really proud of the services they've delivered.”