Well-designed and well-operated authentication and authorisation infrastructure is essential to maintaining cyber security for research services. The Australian Access Federation (AAF) helps many universities and large research organisations in Australia with this challenge.
But the volume of research organisations is constantly growing, and it’s not always feasible for smaller organisations and individuals to join the AAF. This can create fractures between collaborators who are part of – and not part of – the federation. An increasing number of Australian research projects also include international collaborators that need to be integrated.
Authentication – establishing someone’s identity – has largely been federated across the AAF and similar international organisations. But authorisation – the process of determining what an authenticated identity has rights to do within a system – remains a larger challenge.
To solve these issues, this infrastructure project is shifting identity and access management to a central platform for research collaboration for all ARDC HASS and Indigenous Research Data Commons projects.
Two options for this new platform were canvassed, one of which would have involved creating a bespoke solution from open-source components. But the AAF’s preferred approach, which is now being developed, involves adopting an ‘as-a-service’ solution to enable a faster and more reliable deployment path. This is being done through CILogon, a cloud-based preferred platform in Australia and the United States. It is modelled on Authentication and Authorisation for Research and Collaboration’s Blueprint Architecture, a standardised design pattern for research communities like LDaCA.
CILogon originated at the University of Illinois and has been used in many large-scale deployments. It has been regularly updated and improved over the past decade. The AAF has a long-standing relationship with the CILogon team and has validated the platform’s capabilities through work with the Australian BioCommons and the Murchison Widefield Array radio telescope. The AAF believes that adopting CILogon is the only viable option given the timeframes for this project.
This solution includes the development, testing and production of CILogon environments to support HASS researchers, including the LDaCA community. It is scheduled for completion in December 2023.
Who Will Benefit
The new platform will provide HASS and Indigenous researchers and research infrastructure creators with a cloud-based method of authentication and authorisation for research projects. They will also have a standardised set of policies and guidelines for managing access.
All researchers involved in the ARDC’s HASS and Indigenous Research Data Commons projects, including the LDaCA, will benefit.
We’re partnering with the Australian Access Federation.
Key objectives of this project include:
- creating a set of policies, standards and guidelines for managing identity and access management
- deploying a cloud-based instance of CILogon as the technology solution to support the authentication and authorisation needs of LDaCA and other projects
- understanding and developing business process documentation for authorising access to published data and services
- configuring CILogon to support these business processes and to develop extensions to CILogon to facilitate new functionality that may be required
- developing support documentation, training LDaCA community representatives to operate the platform, and providing support to LDaCA community managers.
Learn more about CILogon and Authentication and Authorisation for Research and Collaboration (AARC).