Tuakiri and Federated Identity Management (Shibboleth)

Summary

Your Massey University network usercode and password can be used to securely access resources shared via Tuakiri, the New Zealand Access Federation.  Many New Zealand Universities and Crown Research Institutes (CRIs) are Tuakiri members; the current subscriber list is available to view via the links below.

What is Federated Identity Management?

Traditionally network usercodes authenticate access to services only within an organisation's internal network: examples include file / print and internal applications. Directly authenticating access to external resources (thus excluding proxies and gateways) usually requires a different set of credentials. For public services, typically a new login can be created "self-service" by email registration; for private services, such as those hosted by another University, foreign credentials generally need to be issued to allow access.

The use of duplicate credentials, however, can be avoided by establishing a trusted "federation" between organisations. This is the concept behind Federated Identity Management (FIdM). With FIdM, participating organisations authenticate and provide limited information about their own users and can also opt to make selected services accessible to the wider federation. This process allows for a single set of credentials from the home/parent organisation to be used to access externally shared or "federated" resources.

Tuakiri and its participating members use Shibboleth which is the De facto standard for secure federated identity management and is deployed extensively worldwide.

How do I use it ?

Upon logging into a Tuakiri enabled site you will be redirected to a Tuakiri website where you can select Massey University as your organisation.  This will take you to a secure Massey University site running Shibboleth for authentication.  Some limited information about you will have been requested by the original website, you will be prompted to approve its release.  If using Tuakiri for the first time, you will also be prompted to accept relevant terms and conditions.  Upon completing the above steps you will be returned to the original website with an authenticated, Single Sign On (SSO) session.

The above steps are illustrated below:

FederatedIdentities_Workflow_700px.png

 

What services can I access?

Currently, the following services can be accessed via Tuakiri, with work also underway to add support for more national and international services:

What information about me is shared?

The New Zealand eScience Infrastructure (NeSI) provides shared, nationwide High Performance
Computing (HPC) resources which are available for use by University and CRI researchers.  If your
research project is funded, NeSI resources are available for use at low cost.  For researchers
without funding, it may be possible to access residual NeSI resources without cost.

Each time information about you is readied to be sent to a Tuakiri website you will be prompted and can decide whether you'd like to continue. An example is provided in the image below.

Details of the full set of information which may - with your consent - be shared is covered in the Terms of Use.

DigitalIDCardExample.png

Massey Contact Centre Mon - Fri 8:30am to 5:00pm 0800 MASSEY (+64 6 350 5701) TXT 5222 contact@massey.ac.nz Web chat Staff Alumni News Māori @ Massey