Technical Background Information

Identity Management

Identity Management (IdM) refers to all processes and systems that are involved in the management of identities and information relating to identities, including authentication and authorisation. Federated Identity Management deals with these processes and systems across organisations.

Animation about Federated IdM

Unfamiliar with the concept of Federated IdM? Go to the short video on the AAF website which explains what an IdM Federation is all about.

IdM Toolkit

For more information on how to do IdM within your organisation, we refer to the excellent IdM Toolkit created by JISC (UK).

Shibboleth

Shibboleth is an Internet2 project, part of their middleware activities.

Shibboleth is the recommended technology to use for the Australian Access Federation.

Key concepts of Shibboleth are:
    • Federated administration
    • Access control based on attributes
    • Privacy management
    • A framework for multiple, scalable trust and policy sets (federations)
    • A standard (yet extensible) attribute value vocabulary
The original Internet2 Shibboleth documentation links to installation and configuration guides on the Shibboleth Wiki. However, for deployment of Shibboleth within the AAF, follow the AAF specific deployment information for Identity Providers and Service Providers.

More Internet2 information:

SAML2

SAML stands for Security Assertion Markup Language. Shibboleth 2.x is an implementation of the SAML 2.0 Web SSO and attribute exchange profiles. For the SAML specifications, see the OASIS website.

uApprove

uApprove is Shibboleth add-on that enables user consent on attribute release. Visit the uApprove website for more information. Implementation instructions for the AAF can be found in the IdP 2.x set-up guide.