 And we'll be starting with Sarah, who's the head of e-research at the AAF, so the Australian Access Federation. For more than 10 years, she's been successfully leading teams to deliver national computational and data infrastructure to multiple research domains, including life science, environmental science and humanities, arts and social science. Nick Rosso will also be presenting. He's a portfolio manager. Sorry, Nick, at the AAF. He's a results driven technologist who loves working in the e-research sector, driving innovation and the adoption of best practice. So I'll hand it over to you, Sarah. I think you're going to start. Wonderful. Thank you, Yuma, everyone. I'd like to start by acknowledging the traditional custodians of the land and pay my respects to their eldest past, present I'm coming to you from Ngunnawal country. So look, a big thanks to Kylie and the Osdig group for the invitation to present and a big thanks to the audience for joining us so that we can talk to you about the exciting new work that the AAF is doing to sort of improve and simplify access to Australia's research infrastructure. As thanks for the wonderful introduction, Kylie, I am the head of e-research at the AAF and I'm leading our extension of our trust and identity capability into research, industry and government. The AAF is a member base, not for profit, that provides our subscribers with a single sign on service. So the AAF solves the problem of users needing a different username and password for individual services by providing secure, federated login. So this makes it easy for users to access the hundreds of services with just one credential. We're also the consortium lead for Auckland in Australia and we are the lead agent for the Department of Education's funded trust and identity increase capability. So why trust and identity now? So I guess we're all engaging online more than ever before and with so many digital services available, there's a real need to be able to sort of verify who we are in trusted and safe environments when accessing our banking, government or health services online. And I think this holds just as true for our research services. So in Australia, we think quite a big push from the federal government towards a more connected ecosystem of digital services. And the government's data digital strategy states that its vision is to deliver simple, secure and connected public services for all people and businesses through world-class data and digital capabilities. Internationally, we've seen the adoption of trust and identity principles for research infrastructure with the development of the arc blueprint architecture. And Nick's going to go into a bit more detail about that later. Also locally, the 2021 Encriss Roadmap has identified trust and identity has been critical to enable a step change in our national digital research infrastructure strategy. And it also points to trust and identity as being the key enabler in achieving a more seamless, globally connected and cyber secure NRI ecosystem for our researchers. So that's sort of the landscape that we find ourselves in. So trust and identity does underpin every aspect of modern research. And our vision is to create a more researcher centric NRI ecosystem that's connected and secure. So we're building a national trust and identity framework that includes policy and technology, allowing researchers to enjoy a more cohesive network of services. So through one username and password, researchers will be able to seamlessly access multiple services. So if you think about sequences, super computers, data repositories, all sharing a common understanding of a user's identity. You know, the T&I team, we really see a more connected future where research, industry and government can easily collaborate, which will enable new advances in research and translation. And through the trust and identity capability, we've kind of identified four main benefits to researchers. So these are easier access to NRI for researchers, reducing the time and complexity for them to access multiple services. Better access to international infrastructure and collaborations. Better collaboration with industry and a safer and more secure national research ecosystem through cyber security best practice. So just finalising my part of the presentation to give you a bit of an overview of our sort of our strategic drivers and sort of what the some of the six underpinning ones we've identified. So obviously, you know, we really want to make sure that the ecosystem is more connected, more seamless, and we want to build really high quality infrastructure. But I think the one that I really want to pull out and make everyone aware of is that is sort of number four, which is about deploying the trust and identity solutions in response to national challenges. So these might be sensitive data management, species conservation, cancer genomics, where rather than just providing like a base capability, we really want to work directly with research communities to build TNI solutions that are in response to these thematic challenges. So I think that's a really nice example of why we're really keen to sort of engage with communities like yours. And now I'm going to hand over to Nick, our portfolio manager, just to talk about more, give a bit more detail about how this how we see this working in practice. So thanks, Nick and thanks, Kylie. OK, thanks, Sarah. So we've broken the project into three different components. And these elements are kind of listed on the screen at the moment. So the National Trust and Identity Framework is about us utilising the Arc Blueprint that Sarah mentioned. And this is an internationally endorsed framework that was developed in Europe a couple of years back and is adopted in some of the really large international research infrastructures such as the CERN Large Adron Collider. So they've set up a multinational HPC environment that allows researchers from lots of different countries to connect through to the HPC environments. And so we're looking at how we can implement that in Australia and reuse some of their lessons learned through that. So the second one is the Accelerated Components. And this is enabling us to set a sustainable foundation for our trust and identity capability. So we're looking at what are the activities that we need to put into place around the framework to make sure that we have a sustainable venture. So this includes things like skills and training. So looking at uplifting the identity and access management skills inside these research infrastructures. We're applicable, but also putting in things of advice around how to maintain a good cyber secure identity and access management system. And so we'll be doing things like penetration testing any of the software that we're putting into place. There's checklists that just about every government department has when you're dealing with their data that they want to make sure they have their own checklists completed. So we'll be doing things like that where we can. And then thirdly is the incubators. And this is going to be how we're testing the framework is fit for purpose for Australian research infrastructure. So we're going to be doing small pilot projects throughout the next year and a bit to make sure that we test the framework. And so we're we're not going to be doing large year multi year projects on this. We're going to be doing small bite size projects because we like to say that we're building we're building decade along partnerships with these national research infrastructures. So I thought what I might do first up is to kind of show an overly simplified diagram of what we think collaborative research environments look like and where the trust and identity framework can really enhance those collaborations. So in a traditional research environment, we need to show that a researcher has access to lots of different services throughout the life of their project. And so what we see in a traditional environment is that a user will have multiple accounts throughout their project life on lots of different services. So a single researcher has different identities to connect to each service. Now, even if all of these services are using the federation that as it currently sits, the services don't have any idea that that is the same user at another service location. So the future of the collaborative research environments is that we introduce a trust and identity component to the community where a single user only needs to log in once and then has the ability to connect to services that are part of the community. So in this collaborative research environment, all of these services have a shared understanding of who a user is. So this will allow for data to be shared between the services without having to be downloaded to a local machine and then reuploaded. So we can see lots of different benefits from that like consistent group management. So infrastructure providers only need to add a user once to a group and then those permissions are propagated through to the end services. And then also importantly, a user only needs to be removed once from the group, not logged in. No, infrastructure providers don't need to log into each of the services to remove permissions from a user. So this will help in things like audit ability of access to data and things, which is important in sensitive data management cases. So this is a diagram that shows the trust and identity framework. Now, we're not starting from scratch. Like I said, we adopted this framework from the European Infrastructure Group. And so we're actually building on this. We like to call it the trust and identity framework because there's two components to the framework. There's the policy development kit, which is a standard set of policies that have been developed to enable a community to operate. And then there's the identity and access management side of the framework. And then there's the identity and access management side of the framework. Which allows you to solve really complex identity and access management needs in complex research environments. So the Australian Access Federation at the moment is a pipeline for authentication. And what we're looking at introducing in this trust and identity framework is more about authorization as well. It's adding the authorization component to the federation. So we can do things like implementing resource entitlement management systems. We can allow data custodians to be in full control of their data by introducing workflow systems to grant or deny access to data. We can also do things like building very rich pictures of who our users are in these communities by connecting to systems such as Orcid and GitHub and other implementations of where users may have separate identities. To be able to combine them together into a single identity resource. So that these services can be connected to a single identity resource. So that these services can then impact tracking and things like that. A lot easier than they currently have to do them. So like I said before, there's policies that build trust. So in this really simple diagram, we can see that there's a difference of understanding of what the word trust means. So inside a collaborative research environment, the users need to trust that the services are going to manage their identity data or their personal information appropriately and according to legislations. The services actually need to trust who the users are. So in some scenarios, access to sensitive data requires that the identity of the users has been verified to a high degree. So we can see in these policies that we can set standards around what level of assurance does a service require that the person that's logging in is who they say they are. So the framework can handle things like that. And then the third direction is the service needs to trust other services within the collaboration because they're connected through a central trust and identity store. Services need to understand how security operations is managed through the collaboration. So services need to trust the other services within this environment as well. And so there's policies that can help build that trust. So digging a little bit deeper into these policies, the policies are listed on the right-hand side. So we can see that there's a number of policies that can help build that trust. So we can see that there's operational security policies which set around the standard way of managing incidents when they occur. There's standard privacy policies that are templated. And then there's some community-based policies around, like I said before, the acceptable authentication assurance. So how much certainty does your service require before the users can log in? And so we can see that these policies help infrastructure providers make those decisions. So like I said, the accelerated components are around how we can make a sustainable trust and identity framework. And we can do that by increasing the skills and expertise of the communities themselves. So training is a big part of what we're doing. Like Sarah said, cybersecurity underpins basically everything we're doing. We need to make sure that the trust and identity component of these communities is managed in the most cyber-secure fashion possible. We are in the moment developing a library of software and tools. So things that we have found successful through these incubator projects will be making available to the rest of the increased community as well. And other whoever wants to see software that we've pen tested will be making sure that's available and any conditions are online as well. And then the access and authentication infrastructure is what we like to call the future of trust and identity. And this is where we'll be looking at things like implementations of passwordless authentication, how we can boost the uptake of multi-practor auth, and things on the side that sort of really make the anchorous ecosystem more secure. So I think I'll spend the next 10 minutes also having a quick chat about some of the incubators that are currently running to give you an idea of where the trust and identity framework can be utilized. So the first one is with the National Imaging Facility. So we've just kicked these ones off. So we're at the process now where we're identifying their requirements. So the National Imaging Facility is the advanced imaging network providing instruments infrastructure and skills to the Australian Research Network. So I think things like brain cancer research or melanoma research, things like that. So they're a complex infrastructure environment where they've got 14 partners around Australia, over 100 instruments, and what they like to call importantly 60 experts to help design and run research projects. So the research projects that we're looking at how the trust and identity infrastructure can assist is in the complex multi-site, multi-modal clinical trials that they run. So they've got a diverse dataset and international collaboration, and they're hyper aware of the risks and damages that are potential due to cybersecurity breaches. So their existing infrastructure is in silos. So each node will operate their own data management processes. Then NIF being a central organising body, see that they've got the ability and the capacity to build a single touch point for imaging and clinical data management. And the long term goal is to add in analysis pipelines into the mix as well for the community. So the question wasn't really much around how trust and identity can help, but where do we start? So we're going to be starting with two of their main software pieces that they use within clinical trial management. That's RedCap and XNAT. So you're probably very aware of them, but if you're not, RedCap is used primarily for participant management in the NIF studies, and XNAT is used for image analysis and image management. So we're going to be working together with NIF and the MRRF project, AIS Shields, to connect these two pieces of technology together through a single sign on. So this will have huge benefits in preventing data leakage, because at the moment we see that there's existing users that don't need to have access to the image data that currently do get access to it because they need to track participants through their workflows. So if we can connect these two systems together seamlessly so that the systems can talk together to advance participants through a workflow rather than having users manually cocking and pasting data from one system to another, we're going to be boosting the security of these systems and potentially removing the risk of data leakage. So the next one that I'll talk about is with POSI. So POSI is one of the tier one HPC infrastructures in Australia, and it's the largest HPC for research in the Southern Hemisphere. So POSI have suggested that their interest in this program is to help them solve the future challenges of supercomputing in the Australian research infrastructure environment. So they've said that they see the future of supercomputing in research is not just bigger, faster supercomputers, but rather a community of distributed computation and storage nodes. Ample that they've used in meetings with us before is the square kilometer array. For those that don't know about the square kilometer array, it's got the potential to be the single largest research infrastructure in the world. It's building radio telescopes in Australia, in South Africa, or in Africa rather, sorry, and there's going to be huge amounts of data coming off these instruments. So how do you support something as large as the square kilometer array? So we're looking at how we can implement trust and identity into an area that has traditionally seen its own single user accounts created because it's non-web based interaction. It's complicated to use the Federation to sign into a non-web based environment. So we'll be looking at how we can expand the Federation to connect all of PAUSE's resources together. So some of the compute and data infrastructure for the square kilometer array will be at PAUSE and they're obviously not ready yet because they're still building the infrastructure for trust and identity to be developed at the square kilometer array. So what PAUSE are hoping is that if they can come to the square kilometer the SKA with some solutions in mind, then the SKA will adopt those solutions that are already in place. So the last thing I wanted to show you was to touch back on the authentication framework, the assurance levels that some services require. So we can see along the bottom of the table here we've got some of the requirements for authentication assurance. So it's kind of a choose your own adventure. Services can then choose how high a level of certification or assurance their individual users must meet before they can access their services. Though at the moment we can see AAF baseline is along the bottom of the line. So what the AAF is doing over the next couple of years and months is looking at how we that level of assurance where services require. And so that's why we thought it'd be great to have a chat to the sensitive data interest group to work out if there is use cases out there that we can tap into. And that's it. So happily taking questions. Thanks, Kylie. So much, Nick and Sarah. That was super, super interesting. I must admit I was at your presentation at e-research and still wrapping my head around it. Even second time around learning new things and super exciting. Actually, I might get the ball rolling with a question, I guess, while the audience has to think about things I might like to ask. You mentioned about impact tracking as being a potential use for the trust and identity framework in the connection that this framework can have to other systems like awkward and GitHub. Could you elaborate a little bit more on how that might work? Impact tracking is kind of fun to mine for me at the moment, looking at the bushfires projects that ARDC is finishing off at the moment. Yeah, absolutely. So I think one of the first activities we did as we were sort of kicking off the trust and identity project was we undertook a landscape scan of the Encrus community. So we spoke to about nine different facilities across Encrus. And we found out that impact tracking was sort of one of the biggest issues for a lot of facilities. It's a very like time consuming process that a lot of facilities are kind of spending three months of sort of dedicated person time on trawling through journal articles to try and understand what the impact of their infrastructure has been. So we've definitely noticed that it's a common issue within the community. We knew that there would be a role for trust and identity to play with better understanding of who your users are and then the ability to kind of you know, sort of flesh out those profiles by linking them to other existing profiles. We knew that there'd be a strong case for us to play in. I might just hand over to Nick to talk a bit more through your other question about, you know, how we kind of see this working. Because we've given you a bit of an overview of two of our incubators, but we've just yesterday had another two sort of endorsed by our project control group, which are going to look into this in a bit more detail. Just give Nick a nice handball here to go through just how we're sort of working with two different facilities to sort of look at the same issue, but sort of from different angles, I think. Yeah, thanks, Dara. So we're looking at, I think I mentioned during the presentation, how do we build a rich understanding of who a user actually is when they are using the research infrastructure services? So we'll be doing things like connecting federated logins, so home institutions. So if I log in with a university account, you get all of the metadata that comes with that through the federation. What it doesn't tell you is, for instance, what their awkward identifier is. So we'll be looking at how we can connect awkward identifiers into the trust and identity information store. So then we know, okay, well, this user is from this university. They've got this awkward identifier. Other potentials that we're looking at is, okay, well, what is their source code repository identifiers? A lot of researchers don't tend to use their university credentials for their source code repositories, because their university's credentials could change over time and they want to keep access to their source code repository. And so how do we connect all of those pieces of information together? So that when they then log into a service such as the HPC environment, utilize some of the code or the data that the infrastructures are providing, we understand who that user is, where they're from, potentially further down the track what research outputs they're generating through the use of that infrastructure, so that over time we can then compile reports based on empirical evidence around who they are, where they're from, what they've done, and what's the output of that. So we've seen at the moment it takes around two months of a single FTE to generate these types of reports, because there's a lot of manual linking of that information that we've seen that we can link in a pipeline. That's fantastic. So certainly UWA, which is my home institution, there's a big push from the DVCR to get everybody to have an orchid, and certainly there is a workflow in place where the publications which are automatically pulled into the university repository through automatic searches in scobers, web of science, places like that, populates the repository, pushes it through to the orchid, and then it feeds into this bigger ecosystem. So it's an even bigger incentive, I guess, people to get their orchid profile sorted, and I only have one of, I do see people with multiple orchids from time to time. Yeah, so we like to call these incentives for researchers to get things like orchids or to sign up for multifactor authentication, because some of these services, like HPC, what we call killer apps, like these are the applications that have got the power to mandate certain levels of authentication assurance or certain levels of identity. For researchers to use them, they need to have these pieces of information, so they just add weight to the requirements. Yeah, absolutely. So I don't know if you can see it, but Mark Hoffman has just put a comment and question in the chat. Mark, would you like to unmute and maybe ask your question directly? Okay, hello. Yeah, so this is going back to that. One of the slides a bit earlier about getting data sharing as opposed to just identity sharing. And that sounds pretty good. We work with a couple of systems for onboarding prior to system access. And so that kind of thing would be ideal where the results could flow from one system to the next to get the onboarding going. But I'm just curious what kind of control does the individual have over the data being shared? Or is it assumed that any data generated? Sorry, I've got COVID. Any data being shared, generated by the individual in any of the systems then becomes automatically available to every other system in the identity network? Yeah, great question, Mark. I hope you're feeling better soon. So the idea is that we generate data pipelines. So at the moment, the example that we've seen is the threatened species initiative for the biocommons. So they've connected the bioplatforms data portal to Galaxy Australia. So the requirement for them was for them to be able to access data inside Galaxy that they curated or got access to within the data portal. The solution that they wanted to see was a push button. So it was actually a push this data to my Galaxy service. And so then that data is transferred through in the background. So it isn't assumed that any data is created is accessible across each system. But that is in that particular use case. So we're interested to talk about other use cases as well. If there is a use case where it is assumed that any data created is available to all systems, then we would need to look into different solutions. But the one we've got at the moment is is a is a push pull type arrangement. Fantastic. So I'm sure there's probably other questions from our audience members out there. Maybe I can't see any in the chat. So maybe if you've got a question just unmute and ask away. I think we either explained it too well or not well enough. Oh, I'm going to be really mean. So one of my ARDC colleagues, Kristen King, who's project manager for the Hissander project for sharing health studies data, I'm looks like he's in the audience today and he always has questions. So Kristen, I I don't know the infrastructure behind the scenes of his Sander well enough in technical detail to pose some kind of sensible question. But I'm sure you've got something knowing you. Yeah. Well, thanks for, thanks for putting me on the spot. Sorry, you were listening to the whole talk. They have been multitasking guys, because we have met one on one about your project and about the Sander and what we're doing here. I think what came out of that discussion, you know, and we're probably fine to say this in a public forum is that we didn't at this time see an opportunity to work together. That was my takeaway. And it might be useful for people interested in this, but trying to understand what are the edges of what you can focus on and prioritise and what you can't. Maybe giving some insights there about, so the context, I think we've got a smaller crowd today and a number of people know about what is happening with the Sander. But we're basically building a national catalogue of clinical trials data. So it's a catalogue that's on a repository. And users can log on to our platform and search for data and submit requests to it. But then the actual management of that request happened externally, goes back to the custodian at whichever university or institute or health service. So yeah, using that as an example, what kinds of things are kind of in scope and out of scope for the work that you're doing? Yeah, great question. And how do you kind of engage with us if this is something that you're sort of interested in, but you want to find out more? So obviously, this is a new capability, Nick and I have been at the AF for just over a year now. So we are sort of building out our engagement model, the primary model that we've got for partnering with organisations or services at the moment through that incubator process that Nick sort of spoke about. So that's if you've got like a trust and identity question or issue or challenge or opportunity, and you're kind of in a position to do something about it right now, we're really keen to have a chat to you, find out what you're doing, where we can help, and we can use that incubator model to work through those opportunities with you in partnership. For those that are kind of not in that position, we do have a policy working group that anybody can join at the moment. And the purpose of that group is really to go through the policy toolkit that Nick presented and make sure that it's fit for purpose in the Australian context. So that's a really nice way of sort of getting exposed to the trust and identity framework, policy landscape, understanding a bit more about how this might be useful to you or your service or your organisation or your facility, and sort of influencing the sort of the design and outcome of that policy working group. I think for everyone else at the moment, like our kind of our engagement strategy is, you know, come along to these meetings, talk to the people who have incubators already, come along to our sort of our information sessions, and just sort of be aware and sort of absorb what we're doing. That's a really nice sort of way that we can keep up the communication, but you know, it's not a huge burden on the community to sort of keep up to date with what we're doing. So those are kind of our primary channels at the moment. You would have noticed that the government did announce the outcomes for the 2023 Encriss Guideline RIP Brown. We are an Encriss facility, so we are in the community. We are here to support other Encriss facilities and to, you know, help implement that step change that's described in the roadmap. So we will be looking at ways we can kind of engage through that model a bit more as we move forward. But a primary model, if you do have, you know, trust not any opportunity or challenge and you're ready to work on it right now, we really are interested in working with you as an incubator. There's no real limit on the number of those. So, you know, if you are ready, willing, and able, come and have a chat to us, let's do something together. And it can be around, you know, we're really interested in demonstrating any parts of that framework. So if you've got a technology problem, if you've got a policy problem, if you've got something you want to work on, we're really keen just to have a chat and understand what's going on. And, you know, not every chat needs to end up as an incubator. As Krista mentioned, you know, it's, it's sometimes it's just enough to kind of know what each other are doing so that as we're sort of building out both of our capabilities and road maps, they can be in alignment. So, you know, we can kind of make something work a little bit down the track as well. Is that a good answer? That's a, that's a great answer to a question that I had to invent on the spot. Take this one as a comment. Still keen to pursue the discussion around authentication for health services, but I think traditionally don't have access to AF. Yeah, so I think that's great. I appreciate this is separate. No, no, no. Well, it's a one because obviously, you know, you've identified a gap in the existing service, but that doesn't mean it needs to be a gap forever. So we are really interested in sort of exploring these case studies for those, you know, that sort of do have the, that the capacity to work with us on those on those projects right now. So yeah, because I believe I'm not sure if my intelligence is correct here, but that New South Wales Health said that they'll be signing on or have signed on. Yeah, they've been a part of the Federation for a while and there are a number of medical research institutes that are AF members. So I think, yeah, maybe, maybe just a bit more awareness of who's in the Federation, what it can do. Some of those basics are probably valuable to update you, but, you know, we can do that, you know, outside this stamina. Nick, were you going to jump in? You picked out a slide. I was just going to point out that we are looking at expanding the Federation. So as part of the technology blueprint where we've got the ability to add authentication mechanisms from outside the area. So if you have services that are non-web based, like I said, like the HPC stuff, we can authenticate through other mechanisms, like X599 certificates, probably of less interest to the sensitive data group, but we can take authentications from social accounts or from things like Google, Microsoft, and those sorts of things. So, you know, if we do have smaller organizations that aren't capable of joining as a subscriber to the AES, we can connect through things like Microsoft or Google and then potentially put in place workflows of identity verification after that, depending on the level of requirements. So I'm still very keen to talk to you about that, Kristen. I'm not ignoring you. I do have your email on this morning sitting there ready to go. Yeah, it's not fair to take Kylie putting me on the spot and then put you guys on the spot for a different work agenda, but you know, you take your opportunities. So thanks guys. Just the other chats, Mohammed. Yeah, we'd be very keen to learn more about what you're doing with the data spaces program and how we can be of use and helpful. So more than happy to have a chat with you after this seminar and Mary, do we have a call to participate? Not exactly. It's not really an open call. It's more we're just looking for partners and collaborators that are interested. I know that's probably not super helpful, but you're more than welcome to share our email address or my email address with anyone who's who's interested. And yeah, our sort of our main strategy is just to kind of have a have a Zoom call with whoever's interested. And we kind of generally go through this presentation and then talk about what what it is that they're hoping to achieve and, you know, how we can work together. Fantastic. And the website link in there too. Oh, sounds like Mary's got someone interested. That's great. Yeah, Mary's an Adelaide, which is great. Are there any other questions from the audience before we think about wrapping up? I think that's got his hand up again. Oh, sorry, I didn't see that. Go ahead, Mark. Yes. Thank you for sharing the email of the website. Can you share the email addresses for people who can't thank you for incubator? Yes, we have a we have a general one, which we'll probably put in this, because I think this has been made public, but more than happy to email you, Mark. Okay, thank you. Yeah, if you shoot that email address, you'll get Nick, myself and the team. Fantastic. Excellent. Okay, well, it looks like we may have come to the end of questions from the floor. I can't see any hands up or anything new in the chat. So thank you so, so much, Sarah and Nick for this. It took a little bit of organising to find a day that we could make it happen, but we got there in the end. And it was so lovely to meet you both at eResearch as well and actually talk about it over in person. So yeah, just echoing all the comments that are coming through in the chat. Thank you so much. It is super, super interesting. And can't wait to see how it progresses with all these incubator projects. It's really exciting times. So thanks. That's all right. And if you want us to come back and maybe with some of the incubator partners so they can talk about their perspectives, we'd be more than happy to do that too. Thanks so much. Thanks, everyone. Okay, thanks, everyone. Yeah, and have a good day. Thank you.