The University of Queensland Homepage Welcome to the eSecurity Framework Homepage You are at the eSecurity Framework website
      

Image: On this site
An Australian Government Initiative: Backing Australia's Ability



 Terms of Reference


Background

 

The eSecurity Framework project is part of a larger effort from Australian Higher Education Sector with support from AusCERT, CAUDIT, DEST and other institutions to develop an environment in which Universities and the Research sector can collaborate with each other at low cost and low risk.
 
The aim of this project is to develop a pilot federation which leverages the PKI infrastructure in aligning the trust arrangements between institutions to support the implementation of Shibboleth across the sector.
 
To achieve this goal the project team are working closely with other projects such as Meta Access Management System Project (MAMS) and Middleware Action Plan and Strategy (MAPS). A phased approach is being used in order to test interoperability and find out issues regarding PKI enabled applications prior to production implementation.

Part of this project is dependent on the progress made by the MAMS Shibboleth project.
 
The Steering Committee will be chaired by the IT Director of the University of Queensland and includes a wide range of interests across the Higher Education sector represented by CAUDIT institutional nominees and representatives from CAUDIT, APAC, MAMS, AARNet, AusCERT, Council of Australian University Librarians, Griffith U niversity, Monash University, Victoria University, GrangeNet, University of Western Sydney, DEST, The University of Queensland, NZ Vice Chancellors Standing Committee on IT, Australian Vice-Chancellors Committee, DCITA, Queensland University of Technology and AGIMO.
 

Objective

The immediate project objective of the steering committee is to provide support to the project team to ensure that the solution proposed meets the expectation of member institutions and the wider higher education and research sector.

The steering committee will facilitate the sharing of experience gained during this project help disseminate information among the sector to enable rapid implementation.

Project Scope                    

This project has four central objectives as detailed below:

Developing a Production PKI

A project to build upon the existing Public Key Infrastructure (PKI) standards project and move PKI into production for the Higher Education and Research Sector. While the CAUDIT PKI project was making significant progress in this field, its funding was only to develop standards and some trial implementations.

Establishing PKI/Shibboleth alignment

A project to build upon the existing PKI and MAMS projects and the Production PKI project identified earlier to develop models and pilot implementations of a common trust federation which would support both PKI and Shibboleth and therefore support a common approach to authentication and authorisation across the sector. This includes the development of a unified model for federation and trust which aligns PKI and Shibboleth approaches, including pilot demonstrations. This unified model, once complete, could form the basis for a future production Federation service across the Higher Education and Research Sector, aligned with the production PKI service outlined above.

Reducing the Systems Cost barriers to entry for PKI

This project aims to reduce the barriers for entry to PKI for all universities and research institutions by providing cost effective access to a free or low cost Certificate Management System for the sector (including access to the source code). This will require the development of training, documentation and a support mechanism.

Integrating Grid technologies with PKI/Shibboleth

This project will investigate the requirements and develop appropriate technologies to allow the APAC Grid infrastructure to become properly Shibboleth aware. It will provide opportunities for research activities in high-performance computing and large-scale data initiatives to test the functionality and scalability of the Shibboleth authentication architecture and associated authorisation architectures being developed by groups such as PERMIS. It will work directly with the NMI "Grid-Shib" initiative as appropriate.

 
This project and its funding are aimed at continuing the work of the PKI Project with the view to building a production PKI infrastructure.

In addition, further discussions will continue with various vendors so that once the production PKI environment is commissioned, the Root Certificate for this environment can be embedded into the browser. This work cannot be drawn to a conclusion during the pilot phase and must wait until a production environment is established.

There is an interest from the Higher Education Bridge Certificate Authority (HEBCA) and the Federal Bridge Certificate Authority (FBCA) both in America to bridge with the Australian Higher Education Certificate Authority once its production PKI environment is commissioned.

 

Timeline

It is anticipated that the project, as defined in the scope will be completed by 30 June 2007.

Resources

The project has a budget of $649,000 to achieve the outcomes as detailed in the scope.

AusCERT will be contracted to undertake the analysis and development work.

Meeting Frequency

It is anticipated that the eSecurity Framework Steering Committee will physically meet in at least two occasions, with other discussions and comments to be undertaken via email and/or teleconferences as required.

Communication Guidelines

It is anticipated that the Higher Education and Research Sector will be updated on this project progress via:

  • information posted in the eSecurity Framework web site,
  • announce new documents through existing mailing lists such as Middle-L and CAUDIT. 
  • reports at the CAUDIT general meetings,
  • and seminars run to executive and technical university personnel.

Authorised by: School Manager
Maintained by: webservices@uq.edu.au
Last Updated - 16 June 2007