AARC Update What’s been happening in AARC which matters for GÉANT

Slides:

Advertisements

Similar presentations

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

Advertisements

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC f-2-f Meeting One Year of AARC Utrecht, 24 May.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.

Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.

Building Trust for Research and Collaboration

Introduction to AAI Services

WLCG Update Hannah Short, CERN Computer Security.

Boosting AAI for research and collaboration

RCauth.eu CILogon-like service in EGI and the EOSC

Authentication and Authorisation for Research and Collaboration

TrustTech - Task Overview (GN4-2 JRA3-T3)

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

EGI Updates Check-in Matthew Viljoen – EGI Foundation

User Community Driven Development in Trust and Identity

Identity and Certificates

eduTEAMS platform for collaboration Niels Van Dijk

eduTEAMS – Current status & Future Plans

Wrap up Licia Florio AARC Coordinator

Christos Kanellopoulos

CheckIn: the AAI platform for EGI

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

Federated Identity Management for Researchers (FIM4R)

Check-in Nicolas Liampotis

Boosting AAI for research and collaboration

Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader

The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)

The AARC Project Licia Florio AARC Coordinator GÉANT

Minimal Level of Assurance (LoA)

GÉANT project update eduTEAMS - AAI as a Service for Collaborative organisations Introduction Status Pilots New Features – input requested InAcademia –

GÉANT 4-2 JRA3 T1 and T2 Federations and Campus (CaFe) e-Infrastructures and Service Providers (RASP) Daniela Pöhn JRA3 T1 LRZ/DFN-AAI Technology Exchange.

Policy in harmony: our best practice

The New Virtual Organization Membership Service (VOMS)

Thursday pilot session: 7-minutes

Policy and Best Practice … in practice

EduTEAMS at a Glance Mandeep Saini Linz, Austria 30 May 2017.

OIDC Federation for Infrastructures

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R

Updated (VO) Community Security Policies

AARC Blueprint Architecture and Pilots

Supporting communities with harmonized policy

EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.

OIDC Federation for Infrastructures

AARC2 JRA1 Update Nicolas Liampotis

AAI Architectures – current and future

RCauth.eu CILogon-like service in EGI and the EOSC

Community AAI with Check-In

GÉANT 4-2 JRA3 Daniela Pöhn JRA3 T1 LRZ/DFN-AAI

Federated Incident Response

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

AARC Update What’s been happening in AARC which matters for GÉANT Lukas Hämmerle JRA3 T2 (RASP) Task Leader JRA3/SA2 All-Hands F2F Meeting, Zurich 12. December 2016

What is AARC Two year EC-funded project to "to develop and pilot an integrated cross- discipline authentication and authorisation framework, building on existing authentication and authorisation infrastructures (AAIs) and production federated infrastructure." A few JRA3/SA2 eduGAIN experts are also in AARC What is difference between AARC and GÉANT JRA3/SA2? AARC GÉANT (JRA3) Participants Federation operators, research communities, libraries Federation operators Objectives Use federated infrastructures for pilots and to extend services Provide and operate federated infrastructure Limitations Does not operate services in the long term Should leave piloting to AARC

Status of AARC Project 4th AARC General Meeting 29. Nov – 1. Dec. 2016, CERN https://indico.cern.ch/event/569445/ AARC Project ends April 2017 (4 months to go yet) Goal of meeting: Present what has been going on in AARC tasks since last meeting (and in past 1.5 years). Discuss steps and to-do's till end of project (and partially AARC2) What remains to do for AARC: Finish pilots and wrap-up deliverables Publish and archive documentation/deliverables Prepare for AARC2

Policy and Best Practices "Minimum Baseline Assurance Profile" Currently in community consultation till 31. Dec. 2016 Specification for Self-Assessment Tool (SAT) Being worked on (with AARC) in T2 RASP with Henri/Janne/Slavek From baseline to differentiated "Assurance Profile" (Draft) Splits assurance into five orthogonal components/vectors: identity, proofing/delivering, authentication, quality/freshness, management/organisation. REFEDS consultation early 2017. Relevance: Identity Assurance Service "Security Incidence Response Procedure" (Draft) Why? "Proper channels, expectations, and the operational capability are still missing" in SIRTFI

Guidelines and Documentation "Guidelines for the expression of group membership" How to express group membership in attributes? Relevance: E.g. eduTEAMS Membership Registration "Guidelines for attribute translation from SAML to OIDC" How to map SAML attributes on OIDC claims and vice versa? Relevance: E.g. eduTEAMS Identity Hub, InAcademia

Work with Community and Pilots Upcoming FIM4R Paper v. 2.0 Currently, previous and new authors are contacted by Hanna Short (CERN). Goal is to write new paper with updated requirements with regard to security, non-browser applications, commercial IaaS integration, ... "Token Translation with OpenStack" (presentation) Access OpenStack with eduGAIN/Social ID via Proxy that aggregates VO attributes from COmanage. "Token Translation with X.509" (presentation) Get X.509 certificate from an IGTF-accredited online CA via CILogon using an R&S/SIRTFI-compliant eduGAIN IdP. Group information from VOMS server that communicates via OpenID Connect.