APAN 41 Manila - Day 1

24 January 2016

Talk: Identity and Access Management
Speaker: Terry Smith

Terry is from the Australian Access Federation(AAF) and he discussed some aspects of how they operate this project. He talked about federated identity management which is essentially an arrangement among multiple enterprises to use identification data. This arrangement requires parties to follow a trust model. The advantages include single sign on, reduction in work, updated data, improved security and usability. The main entities include the Identity Provider (IdP), Service Provider (SP), and the Users. When a user wants to use a service provided by a service provider, the service provider contacts the identity provider to get the user credentials needed to use the resource. In this scenario, active protection of user information must be guaranteed.

The federation is responsible for the following: maintains a list of IdP and SP, define rules, provide user support, operates a central discovery service, and tool development.

A common issue is how much information is to be shared among the entities. This can be resolved using a consent engine or government policies (as in the case of Singapore). 

Terry also talked about the types of federations which include mesh, hub-and-spoke, centralized, and mashups.

Operating a federation requires tools. Terry discussed some of these tools such as the AAF Registry Tool, Jagger, Janus, OpenConext, and others. A hands-on activity was also conducted using AAF Registry tools.

A brief overview of EduRoam, a location-independent wireless network, was discussed. This is an example service that uses federated identity and access management.

Operating a national federation is very much like operating a business requiring full-time staff and resources. Marketing the services is also important.

DOST-ASTI is starting to roll out a federated IAM for the Philippines.