Australian Access Federation

Purpose

This wiki, assessed at wiki.aaf.edu.au, is the focal point for collaboration between the former eSecurity Framework and AAF project teams, other collaborators and the Higher Education community.

Content

The initial content is related to federation policy documents, but we expect other content will be migrated into this wiki soon.

Structure

The wiki is divided into two areas (spaces in Confluence terminology) "AAF" and "AAF(draft)". The draft space will only be visible to project members and collaborators, such as MAMS project staff, who are participating in the creation and editing of content. Once "approved", draft content will be transferred to the "AAF" space, where it is visible to all community members. This public space will allow for authenticated community members to add comments.

Navigation

The public space home page is displayed as the default page for the https://wiki.aaf.edu.au link. To navigate to the draft space, a user must first visit the "Dashboard" link on this page. The "Dashboard" https://wiki.aaf.edu.au/dashboard.action is a good link to bookmark for users with editing access.

Access

The wiki is a Level-2 Federation Service Provider requiring a Shibboleth authentication and the release of attributes before any access, read or write, is granted. Required attributes are eduPersonPrincipalName and email. If these two attributes are not released by a user's IdP any attempted login will fail. The cn is a requested attribute and, if released, is used in place of eduPersonPrincipalName as the display name within the wiki. The release of the cn is recommended because in some IdPs the eduPersonPrincipalName may be the same string as the users email address. The email attribute is not made visible within the wiki.

At first login a user account is automatically provisioned and the public "AAF" space will be visible. A wiki administrator must grant user accounts access and editing rights to the "AAF(draft)" space.

Security

The wiki is a SSL protected site with all access via https. The server is using a digital certificate issued under the CAUDIT Test PKI Infrastructure. The Root CA certificate of the CAUDIT Test PKI is not in the trusted anchor store distributed with any web browsers.
Therefore, users will see a warning to this effect when first encountering the wiki in any browser session. If a user wishes to remove this warning, they can download and install the Root CA Certificate in their browser manually. This is explained on the wiki home page.