AAAI Pathfinder J Jensen, STFC 031 Oct, 03740.

Slides:

Advertisements

Similar presentations

Federated Access to Grids Daniel Kouřil, Sam Hartman, Josh Hewlet, Jens Jensen, Michal Procházka EGI User Forum 2011.

Advertisements

Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.

Contrail and Federated Identity Management

Moonshot for Federated Identity Jens Jensen, STFC Daniel Kouřil, CESNET EGI CF, April 2013.

EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force.

© Janet 2012 Project Moonshot Technology, use cases & pilot 17 January, 2012 Haka conference, Helsinki 1.

Technology on the NGS Pete Oliver NGS Operations Manager.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

Project Moonshot TF-MNM. Use cases Project Moonshot 2.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Introduction Moonshot workshop

Jens G Jensen CCLRC e-Science Single Sign-on at RAL (and DLS too) Authentication and Integrated Identity Management hepsysman Cambridge, 23 Oct 2006.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

AAI Developments AAI for e-infrastructures UK T0 workshop, Milton Hill Park October 2015

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

NREN Trust and Identity Strategy Ann Harding, SWITCH Cambridge July 2014.

IETF 78 Maastricht 27 July 2010 Josh Howlett, JANET(UK)

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Project Moonshot Daniel Kouřil EGI Technical Forum

Jisc/Janet AIM Update Dr Rhys Smith May Agenda Where we are And where we’re going.

RI EGI-InSPIRE RI Pre-OMB meeting Preparation for the Workshop “EGI towards H2020” NGI_UK John Gordon and.

Ian Bird LHCC Referees; CERN, 2 nd June 2015 June 2,

Federated Access to Storage EGI CF 2012 Luke Howard, Daniel Kouril, Michal Prochazka.

Authentication and Authorisation for Research and Collaboration Licia Florio IGTF Meeting The AARC Project Amsterdam, 8 September.

Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.

Building Trust for Research and Collaboration

Jens Jensen EU Grid PMA, Berlin Jan 2015

Boosting AAI for research and collaboration

RCauth.eu CILogon-like service in EGI and the EOSC

EGI Updates Check-in Matthew Viljoen – EGI Foundation

P-p-pick up a Pathfinder

User Community Driven Development in Trust and Identity

J Jensen, STFC hepsysman, June 2017

UK e-Science CA Update J Jensen, STFC 31 Jan 2017.

Identity Management and Authorization

Christos Kanellopoulos

Jens Jensen, STFC Sep EUGridPMA Manchester

Tweaking the Certificate Lifecycle for the UK eScience CA

An AAI solution for collaborations at scale

Boosting AAI for research and collaboration

Jens Jensen, STFC 15 Sep GridPP39, Lancaster

The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)

Dissemination and outreach plans

The AARC Project Licia Florio AARC Coordinator GÉANT

Minimal Level of Assurance (LoA)

Identity Management and Authorization

Assessing Combined Assurance

Assessing Combined Assurance

Thursday pilot session: 7-minutes

OIDC Federation for Infrastructures

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AARC Blueprint Architecture and Pilots

EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.

OIDC Federation for Infrastructures

AAI Architectures – current and future

RCauth.eu CILogon-like service in EGI and the EOSC

David Kelsey (STFC-RAL)

FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

AAAI Pathfinder J Jensen, STFC 031 Oct, 03740

RC funded (EPSRC/STFC) Partners: Executive Summary A national infrastructure pilot for authentication, authorisation, and accounting RC funded (EPSRC/STFC) Partners: EPCC, UCL, JISC, eMedLab (= Crick/UCL), Farr, ARC (= Oxford), DiRAC (UCL+Durham), GridPP, N8 (Leeds) Budget £215K, 10 months, start date

Bkg - Technology Moonshot JISC-led activity (+ CESNET, Painless) “eduRoam for higher level resources (e.g. ssh, web)” Production service in Assent (www.jisc.ac.uk/assent) Open Source implementation, IETF standard (ABFAB-WG)

Bkg - Technology Moonshot Server side Client side Federation ssh, Apache, MyProxy, (in theory anything that uses GSSAPI, RFC 2743) Client side Needs stuff installed - Support for Debian 8, and {CentOS, RHEL, SL} {6,7} Support for (some) MacOSs nearing completion Federation Needs a trust router (à la eduroam)

Bkg - Technology SAFE SAFE-SHARE Acct mgmt used by ARCHER, DiRAC, and Hartree Developed at EPCC Partially open source - SAFE-SHARE JISC funded HAN – High Assurance Network HAN for medical/biosci (Farr, MRC) and for admin data (ADRN) AAAI for eMedLab, Cloud Infra for Microb. Gen. (CLIMB)

Pilot demonstrator for user communities Project Goals Link stuff together to provide account management, authentication, authorisation, and accounting Pilot demonstrator for user communities EPSR, MR HEI service delivery Connecting to other einfra (internationally) (via a X.509 SLCS)

A pilot AAAI across xple sites Interoperability Future directions Main Deliverables A pilot AAAI across xple sites ARC, N8, DiRAC, eMedLab Interoperability WLCG, ELIXIR, EUDAT, PRACE, EGI Future directions

WP details 0. Proj. mgmt Id mgmt pilots SAFE deployment Integration Assent, IdP, 2-factor for eMedLab SAFE deployment Integration VO/Assent (e.g. VOMS), Assent-X.509 (GridPP) Docs & writeups Architecture, business case

GridPP and STFC It was agreed that STFC should fulfill GridPP’s obligations in AAAI pathfinder STFC is a member of Assent STFC already has a Moonshot infrastructure, connected to Assent One IdP connected to site AD; one SP (=ssh) connecting to SCARF cluster (working on more stuff) UK e-Science CA, HSMs, (RCauth?) for interoperation 2.83 Months of effort – Suleman Tariq (Moonshot sysadmin) Starting April 2017

Opportunities GridPP STFC National HPC/data e-I, interoperating beyond WLCG (cf. DiRAC) Considerable expertise in policy harmonisation etc. No direct change to infra(?) – main drivers are LHC STFC Additional services for facilities’ users? Fed id => connecting via nat’l AAAI

RCauth RCauth (www.rcauth.eu) CA, initially piloted by AARC and operated by NIKHEF/Surf Lower LoA (IOTA/DOGWOOD) than Classic et al. But IGTF-accredited Currently investigated by EGI, EUDAT for user certs, (&, indirectly, PRACE) Future terms/steps discussed (Krakow) Should STFC offer to co-host RCauth‘s key? Performance wouldn’t be an issue 