5.1 Australian Access Federation (AAF)

The Australian Dataspace Testbed Platform integrates with the Australian Access Federation (AAF) to provide secure, federated authentication for users across Australian research and education institutions.

Authentication Integration

AAF integration is implemented using OpenID Connect (OIDC), enabling users to authenticate to the platform using their existing institutional credentials. This federated identity approach allows researchers and developers from participating Australian universities and research organisations to access the testbed service without requiring separate account creation or credential management.

When users log in to the platform, they are redirected to AAF’s authentication service, where they select their home institution and authenticate using their institutional credentials. Upon successful authentication, an account request is sent to the administration team. Once approved, a project is created and the users will then gain access to the platform.

Benefits of AAF Integration

Simplified Access Management - Users authenticate with credentials they already possess through their institution, eliminating the need to create and manage additional usernames and passwords for the platform.

Enhanced Security - Leverages institutional identity and access management systems, ensuring authentication follows each institution’s security policies and multi-factor authentication requirements where implemented.

Federated Identity - Enables seamless collaboration across Australian research institutions, allowing users from different organisations to access the same platform using their respective institutional credentials.

Reduced Administrative Overhead - Eliminates the need for platform-specific user account provisioning and password reset processes, as identity management is delegated to participating institutions.

Institutional Accountability - Maintains clear attribution of platform usage to specific institutions, supporting governance and compliance requirements for research infrastructure.

Scalability - Supports the entire Australian research and education community without requiring individual user registration, enabling rapid adoption across institutions.

Scope of AAF Authentication

AAF authentication applies to the platform infrastructure service itself—the web portal where users provision and manage dataspace testbed environments. Once a dataspace environment is deployed, the dataspace components (connectors, brokers, DAPS) within that environment operate independently with their own authentication mechanisms as defined by the dataspace architecture.

This separation ensures that:

  • Platform access is controlled through trusted institutional credentials
  • Dataspace components maintain their own security boundaries
  • Developers can test and configure dataspace-specific authentication without affecting platform access