Networks ∙ Services ∙ People www.geant.org Mandeep Saini AARC/CORBEL Workshop Collaborative Organisation Platform as a Service June 1, 2016, Paris Product.

Slides:



Advertisements
Similar presentations
FIM-ig Federated Identity Management Interest Group.
Advertisements

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Networks ∙ Services ∙ People Mandeep Saini TF-MSP, Espoo, Finland Service Delivery and Adoption 10 th Sep 2015 Task Leader, GN4-1 SA7 T3.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration Niels van Dijk AARC General Meeting Authentication and Authorisation.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Networks ∙ Services ∙ People Nicole Harris, GÉANT GN4 Project Update “SA5”, or Identity Stuff Internet2 Technology Exchange 2015.
Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Networks ∙ Services ∙ People Nicole Harris UK federation meeting eduGAIN, REFEDS and the UK 23 June 2015 Project Development Officer GÉANT.
Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Networks ∙ Services ∙ People Ann Harding eduGAIN Town Hall eduGAIN in the GÉANT Project Activity Leader GÉANT Trust and Identity.
Networks ∙ Services ∙ People Ann Harding GÉANT Symposium, Vienna Users Session A3 Trust and Identity March GÉANT Activity Leader Trust.
Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting AARC and AARC2 Vienna, 1 st December.
Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.
Networks ∙ Services ∙ People Andrea Biancini #TNC15, Porto, Portugal Implementing Grouper to federate user authorization Federated Authorization.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration Heiko Hütter, Martin Haase, Peter Gietz, David Groep AARC 3 rd.
Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
European Life Sciences Infrastructure for Biological Information European Life Sciences Infrastructure for Biological Information.
Networks ∙ Services ∙ People Marina Adomeit TNC16 Conference, Prague Towards a platform for supporting collaboration GÉANT VOPaaS
Networks ∙ Services ∙ People TNC 2016, Prague Alice Through the Looking Glass Science DMZ goes above the network 13 June
Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.
Authentication and Authorisation for Research and Collaboration On behalf of the MJRA1.2 scribes J Jensen.
Networks ∙ Services ∙ People Di4R Network. Services. People. GÉANT 28 th September, Krakow.
Introduction to AAI Services
Cross-sector and user-centric AAI
EGI Updates Check-in Matthew Viljoen – EGI Foundation
User Community Driven Development in Trust and Identity
eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS – Current status & Future Plans
Identity Management and Authorization
CheckIn: the AAI platform for EGI
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Federated Identity Management for Researchers (FIM4R)
Check-in Nicolas Liampotis
An AAI solution for collaborations at scale
ELIXIR Safeguarding the results of life science research in Europe
The AARC Project Licia Florio AARC Coordinator GÉANT
Identity Management and Authorization
GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –
EduTEAMS at a Glance Mandeep Saini Linz, Austria 30 May 2017.
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
AARC Blueprint Architecture and Pilots
Common Authentication and Authorisation Service for Life Science Research Mikael Linden, ELIXIR Finland.
AAI Architectures – current and future
Björn Erik Abt :: Paul Scherrer Institut
Community AAI with Check-In
eIDAS-enabled Student Mobility
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Networks ∙ Services ∙ People Mandeep Saini AARC/CORBEL Workshop Collaborative Organisation Platform as a Service June 1, 2016, Paris Product Manager, GÉANT, U.K. Niels Van Dijk Technical Product Manager, SURFnet, The Netherlands

Networks ∙ Services ∙ People Introduction Problem statement COPaaS offering What's in it for R&E communities? Our roadmap How to join us? 2 Outline

Networks ∙ Services ∙ People GÉANT project Europe’s leading collaboration on network, related infrastructure and services. CO Platform as a Service Offers a simple, consistent way for using federated services for COs, including group management, attribute authorities. To support uptake of federated technologies while improving the quality of AAI for COs. 3 Introduction

Networks ∙ Services ∙ People Organisational representation of network of people and resources Spread across different organisations in multiple geographical locations Enable group of people to share set of resources. Access to resources (or Services) often needs to be managed Requires authentication and authorization. 4 Collaborative/Virtual Organisation (CO/VO)

Networks ∙ Services ∙ People With Federated Authentication Home oragnisation operates Identity provider (IdP) Allows authentication towards a Service Provider (SP) Identity Federations E.g. InCommon or SURFconext, Provides trust frameworks between SPs and IdPs. Inter-federation E.g. eduGAIN, Interconnects national identity federations. Successfully addresses authentication in heterogeneous environment. 5 Collaborative Organisations and AAI

Networks ∙ Services ∙ People To be able to grant access, a Service needs information beyond Authentication Identity Federations often conveys it using attributes However, often attributes issued by home organisation alone are not enough CO services need attribute information in the context of the CO Requires COs to manage and provide additional attribute towards Services, independently from the home organisation. 6 Collaborative Organisations and AAI

Networks ∙ Services ∙ People Goal: Investigate the conditions that would allow GÉANT to provide services for supporting COs Focus on delivery of Technical services Out of scope: Technical development Policy & LOA development Activities: Collected requirements and priorities with/from communities Evaluated existing tools and technologies Looking into delivery model Investigating business case & sustainability Operations and Market 7 CO Platform as a Service

Networks ∙ Services ∙ People COPaaS conducted a survey For several small and large Pan-European COs Re-validates the FIM4R requirements. Results outlines functional requirements. The FIM4R paper (April 2012) Outlines collective requirements for using Federated AAI for COs. 8 Requirements for building on Federated AAI as a CO

Networks ∙ Services ∙ People Interviews and desk study conducted with: Umbrella(Large neutron and photon facilities) CLASSe(Shared IaaS) DARIAH(Humanities) CERN(High Energy Physics) CLARIN(Humanities and social sciences) Virtual Campus Hub (eLearning, Renewable Energy) ELIXIR(Life Sciences, Bioinformatics) GÉANT VAMPIRE (NREN collaboration). Broad NREN/federation participation: AMRES, CESNET, DFN/LRZ, GARR, IUCC, NIIF, RENATER, SUNET, SURFnet, SWITCH Market Analysis 2_Market-Analysis-for-Virtual-Organisation-Platform-as-a-Service.pdf 9 COPaaS Market Analysis

Networks ∙ Services ∙ People 10 COpaas Market Analysis Results

Networks ∙ Services ∙ People Persistent Identifier Allows CO to identify the user even if (s)he changes IdP CO Membership Registration Workflows for CO member registration ‘External’ Identities Many CO users’ IdP will not be in eduGAIN Attribute Management Attributes beyond the IdP are needed for CO roles and rights, or To provide extra context (e.g. ORCID, Grant number) Group Management Groups may also be used to define roles and rights (de)Provisioning Identity, attributes and groups need to be provided to Services Service Proxy and Attribute Aggregation A centralised infrastructure to operate on behalf of the CO Service Providers 11 COPaaS - Function requirements

Networks ∙ Services ∙ People Basic Services Operated by GÉANT Multi tenant service Also for COs that are not legal entities Operated as a (set of) Services Advanced Services Operated by GÉANT on behalf of a CO Single tenant service Somebody – a legal entity - must take responsibility for the data Operates as per CO applications on VM ‘boxes’ 12 COPaaS Deployment model

Networks ∙ Services ∙ People CO Membership service Registry for CO persistent Identifier CO specific Workflows for onboarding Limited set of attributes Accessible through eduGAIN Transparent External Identity proxy (TEIP) One persistent (SAML) IdP for many ‘Guest’ Identity Providers, including: Social (Google, Twitter, Linkedin, Facebook) NREN operated & Commercial Guest IdPs (OpenIDP, UnitedID.org, eduID.se) eGOV (STORK) BankID Provides LOA: eIDAS by default, others upon request from SP Available and accessible through eduGAIN 13 Basic Services

Networks ∙ Services ∙ People 14 Transparent External Identity proxy (TEIP) SaToSa Proxy Account Recovery TEIP SP SAML2INT VHO Social (OIDC & Oauth) BankId & eGOV

Networks ∙ Services ∙ People (advanced) Attribute Management Whatever you can come up with (advanced) Group Management Groups hierarchy etc. Provisioning For web and non-web resources, ‘application specific connectors’ Service Proxy and Attribute Aggregation To have a central point for technology and policy Accessible through eduGAIN May be delivered as a paid service 15 Advanced Services

Networks ∙ Services ∙ People Basic Services CO Membership service: COmanage Transparent External Identity Proxy (TEIP): SaToSa Advanced Services Attributes and Groups: HEXAA, PERUN and COmanage SP Proxy: OpenConext 16 Tools

Networks ∙ Services ∙ People Service Provider 17 Architecture VOOT SAML AA Oauth COmanage COPaaS eduGAIN TEIP IdP CO persistent Identifier + CO attributes AuthN: Id + attributes

Networks ∙ Services ∙ People 18

Networks ∙ Services ∙ People AAI is complex, subject matter experts are required. Save time and efforts Why to re-invent wheel? Invest on research topics rather than building AAI COPaaS Delivery vehicle for trusted technologies. 19 What's in it for R&E communities

Networks ∙ Services ∙ People Q Delivery Model Deploy pilot platform Q Run pilots with Basic Services, in collaboration with AARC Support application integrations 2017 Production service for Basic Services Finalise specification for Advanced Services 2018 Deploy Pilots for Advanced Services Possibly: pick up new services as developed within GEANT, AARC or others 20 Roadmap

Networks ∙ Services ∙ People Interested to join COPaaS pilot or have any queries Contact us: 21 Join Us

Networks ∙ Services ∙ People Thank you Networks ∙ Services ∙ People This work is part of a project that has applied for funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (GN4-1). 22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.