Identity & Access Management Working Group

Chair : Terry Smith [ t.smith AT ]
Co-Chair : Toby Chan [ toby.chan AT ]
Co-Chair : William Wan [ wanl AT ]
Mailing List: 
iam AT

The APAN Middleware Working Group was established on the 27th January 2006 for a period of 2 years. The Working Group Chair is Professor Yasuo Okabe (Kyoto University), the secretary is Nate Klingenstein (Internet2). It was later renamed as Identity and Access Management Working Group.

This group provides APAN members with the opportunity to discuss and participate in the latest middleware developments on topics such as :

  • Identity Access Management (same and single sign on authentication and authorization infrastructures)
  • Federation frameworks (for scalable anywhere secure easy access to online resources)
  • Middleware solutions (Shibboleth, A-Select, Edugain, eduroam etc.)
  • Application integration to middleware (frameworks for common reusable components and tools to deliver specific middleware services)
  • Middleware policy

This working group is concerned about generating awareness and understanding about middleware and in time hopes to develop collaborative activities with APAN members once middleware activities start to mature. This group has also worked in conjunction with the Grid Committee to cover topics on (1) Middleware (2) Middleware for Higher Education (Identity Access Management) and (3) Grid Middleware (Grid application access and work flow).

The objectives of the APAN Identity and Access Management Working group are as follows :

  1. Share best practice of middleware solutions and document use case scenarios to better understand middleware scope and use within the APAN region through the IAM working group mailing list.
  2. Assist APAN members with middleware issues.
  3. Develop a picture of middleware deployments in the APAN region and assess the feasibility and timeliness of a regional federation test bed for middleware.

The current status of the working group milestones are as follows :

No. Milestones/Actions Deadline
1. Add members to the APAN IAM mailing list Completed
2. Collect information on middleware developments from each APAN member and place on the APAN IAM working group webpage Completed
3. Develop a workshop for Identity Access Management in GRID environments for the next APAN meeting Completed
4. Identify and assess current middleware solutions Ongoing
5. Identify and assess the “federation” model and make recommendations Ongoing
6. Work in partnership with the APAN Grid Committee to deliver workshops on Grid Middleware Ongoing

Identity Management Primer 3: Middleware Activities in Australia

AARNet with support from NMI-EDIT (Internet2 and EDUCAUSE) and the Asia Pacific Advanced Network (APAN) Identity and Access Management Working Group will hold an Ozeconference/information primer for the APAN community on identity management in Australia.

This Ozeconference was recorded and is available online :

Australian Access Federation: Grass Roots and Beyond

Sharing data, systems and research infrastructure, in a secure way, between different Australian Research Organisations, such as universities and research agencies presents a difficult problem, both technically and from a policy perspective. There is a lack of technical methods and little or no policy framework to support sharing between organisations, even once technical challenges are overcome. In order to facilitate the trusted electronic communications and collaboration within and between institutions of higher education and research in Australia, and between these institutions and other organizations worldwide the development of a trust federation in which its members agree to abide by a common set of rules, policies and agreements is necessary.

The Australian Government Department of Education, Science and Training in order to address this requirement is funding a project called the Australian Access Federation (AAF), which will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The AAF will support a range of services, including authentication and authorization, and builds substantially on the work undertaken by two existing DEST funded projects. These are the e-Security Framework project, based at the University of Queensland, and the MAMS (Meta Access Management System project), based at Macquarie University. This presentation will provide the background history of the Australian Access Federation (AAF), the progress of the current testbed federation and will discuss the approach to be taken in establishing the AAF.

About the Speakers

Viviani Paz is the Security Assurance Manager for AusCERT (The Australian National Computer Emergency Response Team) based at The University of Queensland. Prior to joining AusCERT in 1995, Viviani worked in a range of IT areas including: system and network security; system programming and administration; and software testing and verification in the Commercial and Academic sectors for over a decade. Viviani is the Policy Designer and Project Manager for the eSecurity Framework Project, in which a PKI environment is being developed to assist Australian Universities' collaboration and interoperation. She is also the Project Manager for the Australian Access Federation Project (AAF). The AAF project will develop the federation policy framework and deploy the infrastructure required to enable access to online resources and services for the Australian higher education and research sector. The infrastructure deployed is based on two technologies: Shibboleth and Public Key Infrastructure. The Australian Computer Emergency Response Team (AusCERT) provides a single, trusted point of contact in Australia for the Internet community to deal with computer security incidents and their prevention. AusCERT's mission is to support and improve community awareness, representation and communication regarding computer security, both locally and internationally, by being the leading source of impartial and reliable computer security information and expertise for its members. AusCERT is a full member of the international Forum of Incident Response and Security Teams, FIRST and Asia Pacific Computer Emergency Response Team (APCERT).

Neil Witheridge holds a Masters of Engineering Science degree from University of Sydney, Australia, and has 20+ years experience working in software engineering for government and commercial R&D organisations. Neil joined Macquarie University in 2004 as Project Manager for the MAMS Project, a national identity and access infrastructure project for the Australian higher education sector. Neil is currently the Program Manager for the MAMS Project.

IDM Tutorials

Identity Management Primer 2: US Case Studies

The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the second talk took place on June 22, 2007. The talk covered aspects related to the deployment and integration of middleware in University campus environments taking into account business processes and policy.

Case Studies in Identity Management 2: The University of Texas System

The University of Texas System began building their federation in 2004 with the establishment of a statement of direction to '...pursue a common inter-institutional identity management trust fabric throughout the UT System.' A substantial project was then begun to develop and/or re-engineer the identity management infrastructures of many of the campus members to support this emerging federation. Paul Caskey, Technology Architect at the University of Texas System, traveled around the state, educating institutions about identity management, providing technical and process support, and helping install the Shibboleth federating software. Paul will provide a view into Texas' experience in building a federation from the policy, politics, and architecture points of view. He'll also discuss the roadblocks they've encountered and how they were addressed.

About the speaker: Paul Caskey is a Technology Architect in The University of Texas System Administration's Office of System-Wide Information Services and is the lead technologist for the U.T. System's Identity Management Initiative. He has primary responsibility for the development and operation of the U.T. System Identity Management Federation. Paul is active in a variety of identity management areas, including registries, directories, provisioning, credentialing, federation, PKI, and application integration. Paul has a Master of Science degree in Management Information Systems from Texas A & M University. About the speaker: Jon Giltner Director of IT Architecture and Security will discuss the timeline and evolution of their architecture, business processes, and policies and provide insight into the business drivers that led this development.

The presentation is available as a web stream at

Identity Management Primer 1: Introduction

The APAN IAM Group are running 3 tutorials on Identity Management with support from AARNet and NMI-EDIT (Educause and Internet2), the first talk took place on May 30, 2007. The talk covered :

  1. What is Identity Mgt & what does it do?
  2. What are the business drivers?
  3. What are the components?
  4. What does the architecture look like?

The speaker was Mr. Michael Berman, Senior Vice President and Chief Technology Officer of the Art Center College of Design. Mr. Berman has spoken at EDUCAUSE events in the management/introductory context a number of times and is well versed on identity Management.

The presentation is available as a web stream at

  APAN 25
  • Taking Care of Our Core Business: Managing Community Collaboration
  • AAI Federations in Europe
  • CARSI: Federated Identity and Resource Sharing over CERNET
  • Community SSL/TLS Server Certificates
  APAN 24
  APAN 23
  APAN 22
  APAN 21
Last Updated: 

2017 Dec 22