Uncategorized, ,

IMG_1864(view of the nightly Hong Kong light show as it starts).

The Asia-Pacific region is a hotbed of federation activity. A new federation has just gone online last month (the Singapore Access Federation) and there are several others in various pilot and production stages. Full details of the federations within the APAN region can be found on the REFEDS website and via MET for federations with published metadata, but the full list of known federations in the region is:

To help these federations move forward, the Asia Pacific Advanced Network (APAN) Identity and Access Management Task Force (TF-IAM) put on a three-day workshop at APAN42 in Hong Kong. Nearly two dozen people attended, representing six of the APAN region countries and their federations. The workshop was supported by the NSRC, REFEDS and the MAGIC project and built on the successful partnership and approach adopted for the WACREN conference in Dakar. The materials are adapted by the training team for each training event, but all of the slides and resources are freely available on the REFEDS wiki for community use. Thanks to the support of federations and projects across the globe, a rich repository of training materials has been curated by REFEDS at this space.

A photo of the participants, day one, of the Identity and Access Management workshop at APAN 42

A photo of the participants, day one, of the Identity and Access Management workshop at APAN 42

The first day, facilitated by Heather Flanagan, focused on the campus environment. Campuses form the heart of a successful federation, as they are authoritative for the information about their students, faculty, researchers, and staff. Without campus information, federations are very limited in what they can offer as viable services to their community. Discussion in the room was lively, as participants offered their own use cases to help build understanding around what is possible, and what is best practice in the campus IAM space.

The second day focused more on the practical requirements for running federations and working as a federation operator, with Nicole Harris and Brook Schofield managing the day. While there was a bit of unexpected excitement around the arrival of Typhoon Nida that evening, the session was well attended with even more federations represented. Topics ranged from technologies available to federations, policy best practice, the library use case, eduroam and eduGAIN, and questions from within the room on how federations can move forward with their particular challenges and culture. Questions from the audience made it clear that there are similar concerns (e.g. data protection and privacy) and use cases (e.g. library management systems) in APAN to those experienced in other regions. The trainers highlighted the importance of finding the “killer app” use case within specific countries and settings and how the different approaches to federation development offer a variety of options for federation operators that can address differing political, cultural and technical within specific settings.

The second day finished with updates from Malaysia and Singapore regarding how their federations are progressing. The models vary significantly, with Malaysia focusing on seeking government support to require universities to build an SSO-enabled infrastructure and join the national R&E identity federation. The Singapore Access Federation, two weeks old as of the workshop, is being built out of the research community in Singapore and is part of the national NREN. It is a SAML-based federation whose IdPs are mostly using ADFS for their identity stores.

The third day, cut short thanks to a compression of the conference schedule as we made up for time lost to Typhoon Nida, focused on more federation updates as well as a look at information gathered from a survey sent to the TF-IAM participants prior to the workshop. The attendees prioritized the creation of instructional videos, translated into several languages, as the next area of work for the task force.

In future programs, the task force will call itself by its full name, TF-Identity and Access Management, in the hopes of attracting additional participants during the APAN conference that might not otherwise know the intended purpose of the group. The task force recognized, based on feedback from the few random walk-ins to the sessions, that more work needs to be done to facilitate outreach to the networking side of the conference, and adjusting the name is one small but useful step in getting this task force more broadly recognized in the APAN community. As long as the networking component of the research and education network community focuses only on making bits go faster without considering the complexities around access control, researchers will still find themselves struggling to collaborate.