Copy
AAF Technical Newsletter #15 - April 2015
View this email in your browser

Providing access management services for the education and research community

Important: Shibboleth IdP upgrade to V2.4.4

Over the next few months the AAF will be working with IdPs to upgrade to Shibboleth version 2.4.4, if they haven’t already done so.

This upgrade will ensure that your organisation is running the latest secure version of the Shibboleth IdP. We recommended that technical teams start planning to upgrade to Shibboleth V2.4.4, now. AAF Support will be in touch to book an individual consultation with subscribers about the upgrade and to discuss the outcomes of the recent Boost report.

This upgrade will also enable the Enhanced Client or Proxy (ECP) feature for IdP’s which will allow users to access a new class of non-browser based services that will soon appear in the federation.

To assist IdPs with planning this upgrade there is an updated install guide available on the AAF Wiki.

Need to know more? Contact us
Email: support@aaf.edu.au | Web: support.aaf.edu.au

Future activities for your planning schedule

Transitioning from SHA-1 to SHA-2 Certificates

To reduce the potential risk to internet security, certificates signed with an SHA-1 algorithm will need to be transitioned from SHA-1 to SHA-2 certificates. Throughout 2015 the AAF Support Team will be in touch with IdP’s about upgrading from SHA-1 to SHA-2 certificates. As details about the transition become available the AAF will be in contact with more information.

Shibboleth IdP V3
In late 2014 the Shibboleth Project announced the release of IdP V3. Throughout 2015, the AAF will test V3 for the federation and inform IdP’s when it is suitable to upgrade to this version. Organisations are welcome to test V3 in the AAF test federation, however, at this time there will be limited support from the AAF. If you would like to be an early adopter drop us an email support@aaf.edu.au 

Enable Enhanced Client or Proxy (ECP)

ECP: Why you need it & why it’s important
In the future, ECP will allow Service Providers (SP) to introduce a new class of service that won’t be limited by a browser interface to provide single sign-on functionality. The ECP profile is designed for clients that use desktop applications, server-side code running in a web application and anything else that isn't run in a browser.

Over the coming months there will be a number of new services released by subscribers that will require ECP to be enabled. We encourage IdPs to be prepared for these new services by enabling ECP. For more information on enabling ECP, the AAF has provided documentation that is included in the IdP install guide for Shibboleth V2.4.4 on the AAF wiki.

Identity Enhancement (IdE) and Access Control Project

In late 2014, the AAF and NeCTAR project worked closely to develop the Identity Enhancement and Access Control Project. The project activities will assist with identity enhancement and access which will support the identification and authentication of end users as ‘researchers’. 

The project is expected to complete mid-2015, and will allow NeCTAR funded Virtual Laboratories and other AAF connected services to use a ‘researcher’ attribute to make informed access control and sharing decisions specifically for researchers.
 
The IdE will enable resource owners to improve researcher access to resources such as computer facilities, data and other research infrastructure, at their home institution and at other Australian institutions, all with one set of credentials.
 
For more information and future updates visit our Technology Roadmap - Identity Enhancement (IdE) and Access or contact the Project Manager Brendan O’Keeffe.
 

Celebrating 10 years of SAML 2.0 at the heart of online identity

The SAML 2.0 protocol celebrated its 10th anniversary on March 15, 2015. This XML (Extensible Markup Language)-based open-standard data format enables the exchange of authentication and authorisation data between identity providers and service providers, and of research and education identity federations worldwide.

SAML (Security Assertion Markup Language) is a product of the Security Services Technical Committee of OASIS (Organisation for the Advancement of Structured Information Standards). The community voted to approve the SAML 2.0 standard on 1 March 2005, and it achieved its final version two weeks later. Some 30 individuals from almost 30 companies and organisations were involved in the creation of SAML 2.0 and it has seen significant uptake across the globe.

The SAML 2.0 protocol has been at the heart of online identity for 10 years. (Heart graphic copyright of 'Happy Art'.)
The AAF have recently updated the AAF Privacy Policy and introduced the Privacy Collection Notice in-line with the Australian privacy law amendments. More information can be found here.
Facebook
Facebook
Twitter
Twitter
AAF Website
AAF Website
Federation Status
Federation Status
AAF Dashboard
AAF Dashboard
Copyright © 2015 Australian Access Federation Ltd, All rights reserved.