David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

Slides:



Advertisements
Similar presentations
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Advertisements

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – going where? Collaborative, distributed, and generalized assurance beyond just identity authentication.
Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
7 th FIM 4 R meeting April 2014 ESRIN Frascati.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
Authentication and Authorisation for Research and Collaboration AARC Plenary, Milano Melanie Imming, LIBER Authentication and Authorisation for Research.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.
David Groep Nikhef Amsterdam PDP programme Authentication and Authorization for Research and Collaboration David Groep, Nikhef with materials gratefully.
Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International GmbH/DARIAH Tommi Nyro.
Connect communicate collaborate Case Studies in Federated Identity Management for Research Communities Ann Harding, SWITCH/GN3plus Peter Gietz, DAASI International.
Authentication and Authorisation for Research and Collaboration Bari, Italy Training and Outreach Authentication and Authorisation.
Summary of Poznan EUGridPMA32 September EUGridPMA Poznan 2014 meeting – 2 David Groep – Welcome back at PSNC.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
EGI-Engage EGI-Engage WP3 e-Infrastructure Commons Diego Scardaci EGI.eu/INFN 6/18/2016 EGI-Engage – First.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos David Groep 9 th FIM4R Meeting The AARC Project.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.
Introduction to AAI Services
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
Cross-sector and user-centric AAI
User Community Driven Development in Trust and Identity
Federated Identity Management for Researchers (FIM4R)
Boosting AAI for research and collaboration
Federated Identity Management for Scientific Collaborations
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
Policy in harmony: our best practice
Policy and Best Practice … in practice
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
AARC Blueprint Architecture and Pilots
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
AAI Architectures – current and future
RCauth.eu CILogon-like service in EGI and the EOSC
Presentation transcript:

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead

David Groep Nikhef Amsterdam PDP & Grid AARC is a 2-year project* to make AAI ‘truly work’ for research and collaboration ◦ across countries, domains, multiple IdPs and SPs ◦ without an explosion of bilateral agreements ◦ for web and non-web ◦ with multiple sources of attributes ◦ and many sources of identity Expected start Q What is AARC

David Groep Nikhef Amsterdam PDP & Grid On the technical side ◦ address Single Sign On for non-web applications ◦ authorisation side: attribute aggregation Both these areas are rather complex and even if progresses have been made, there is still need for further work On the policy side ◦ variety of initiatives where work is carried out ◦ GÉANT project, EGI, IGTF, REFEDS, FIM4R/RDA, e-IRG, … Why AARC?

David Groep Nikhef Amsterdam PDP & Grid Organisational and legal (policy) work eduGAIN REFEDS (R&S, CoC) IGTF RP (EGI, OSG, PRACE, XSEDE) LoA requirements Technical work Various non-Web SSO techniques Credential translators (STS, Portals, SLCS CAs) Inputs to AARC

David Groep Nikhef Amsterdam PDP & Grid Part of an ecosystem Research on scalable policy models (LoA, incident response, etc.) AARC Pilots (Guest IdPs, Attribute providers, etc.) Training/Outreach REFEDS/FIM4R/ RDA ESFRI Clusters/GÉANT /EGI/EUDAT Libraries, institutions, resource providers, etc.

David Groep Nikhef Amsterdam PDP & Grid Training for IdPs ◦ Directly focusing on research use cases, engaging their local researchers and their requirements ◦ Encourage them to harmonize ◦ Support for guest IdPs Architectures for integrated/interoperable AAI ◦ technical elements needed for the integrated AAI: attribute frameworks and deployable non-web technologies ◦ Expand coverage of national identity federations, supporting institutions with low levels of technical or organisational preparedness Some key activities GRNET, Christos Kanellopoulos TERENA, Jim Buddin

David Groep Nikhef Amsterdam PDP & Grid Pilots on integrated R&E AAI ◦ Support different levels of trust associated with the credentials ◦ scalable authorisation at resource level ◦ introduction of attribute management services The aim here is to show pilots that work, and have a sustainability model (e.g. adoption by the GEANT services activity, run by the research community, or by the e-Infrastructures) SURFnet, Paul & Niels van Dijk

David Groep Nikhef Amsterdam PDP & Grid Policy and Best Practices harmonisation ◦ the creation of a level of assurance framework (not only for SPs (DP CoC, R&S EC), but also for IdPs (which is where the IGTF APs have their focus) this is a prime reason to split off LoA level from our APs ◦ identify policies needed for attribute aggregation ◦ consistent handling of security incidents in eduGAIN ◦ policy & security to enable the integration of attribute providers and of credential translation services ◦ support models for (inter)federated access (i.e. how are we going to sustain something scalable once AARC is over? ◦ guidelines to enable exchange of accounting data … and most relevant here Nikhef, DavidG

David Groep Nikhef Amsterdam PDP & Grid Although there are ‘only’ 20 project partners it is a pan-European effort! ◦ work plan is to be co-developed collaboratively ◦ communities are encouraged (in several ways) to attend workshops and express their requirements Your input is very welcome! project start: ~ May 2015 An open collaborative effort TERENA, CERN, CESNET, CSC, DAASI, DFN, EGI, GARR, GRNET, JANET, FZJulich, KIT, LIBER, MZK/Brno, FOM-Nikhef, PSNC, RENATER, STFC/RAL, SURFNet, SURFsara

David Groep Nikhef Amsterdam PDP & Grid Increased interest in the LoA definitions ◦ for that the ‘PKI-ish’ bits need to be factored out More credentials translators ◦ Some will be community specific ◦ Other systems/services may want to be accredited Potential for ‘accrediting’ non-PKI IdM systems ◦ Depends mainly on the interest of our major RPs some background (to be expanded in the future) at What might we see

David Groep Nikhef Amsterdam PDP & Grid Matches with the repositioned IGTF

David Groep Nikhef Amsterdam PDP & Grid

David Groep Nikhef Amsterdam PDP & Grid