Boosting AAI for research and collaboration

Slides:



Advertisements
Similar presentations
EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Advertisements

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Utrecht NA3 Task 4 – Scalable Policy Negotiation.
Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Building Trust for Research and Collaboration
Introduction to AAI Services
WLCG Update Hannah Short, CERN Computer Security.
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
Authentication and Authorisation for Research and Collaboration
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
EGI Updates Check-in Matthew Viljoen – EGI Foundation
User Community Driven Development in Trust and Identity
Policy and Best Practices … the Story So Far
eduTEAMS platform for collaboration Niels Van Dijk
Christos Kanellopoulos
AARC Strategy and Approach
Policy and Best Practices … the Story So Far
CheckIn: the AAI platform for EGI
AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)
Federated Identity Management for Researchers (FIM4R)
An AAI solution for collaborations at scale
Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader
Federated Identity Management for Scientific Collaborations
Bringing Harmonized Policy and Best Practice
Towards hamonized policies and best practices
The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)
The AARC Project Licia Florio AARC Coordinator GÉANT
Minimal Level of Assurance (LoA)
The RCauth.eu CILogin-like TTS Pilot in EGI
Sustainability for the AARC CILogin-like TTS Pilot
Frameworks for harmonized policies and practices
Policy in harmony: our best practice
Policy and Best Practice Harmonisation (‘NA3’)
Leveraging the IGTF authentication fabric for research
Leveraging the IGTF authentication fabric for research
Towards hamonized policies and best practices
Policy and Best Practice … in practice
AARC Athens AHM meeting – NA3 session
OIDC Federation for Infrastructures
Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)
AAI For Researchers Licia Florio AARC Project Coordinator GÉANT DI4R
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.
OIDC Federation for Infrastructures
AARC2 JRA1 Update Nicolas Liampotis
AAI Architectures – current and future
RCauth.eu CILogon-like service in EGI and the EOSC
WP3: Policy and Best Practice Harmonisation
David Groep for the entire AARC Policy Team I2TechEX18 meeting
Community AAI with Check-In
David Groep for the entire AARC Policy Team AARC2 AHM4 meeting
AAI in EGI Status and Evolution
Federated Incident Response
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Boosting AAI for research and collaboration David Groep NA3 – Policy Harmonisation and Best Practice coordinator Nikhef 10th FIM4R Meeting Vienna, 20-21 February 2017

Starting Point: Identified Requirements Attribute Release Attribute Aggregation User Friendliness SP Friendliness User Managed Information Persistent Unique Id Credential translation Credential Delegation Levels of Assurance Guest users Step-up AuthN Non-web-browser Community based AuthZ Best Practices Social & e-Gov IDs Incident Response

3

Common Scenario The scenario: There is a technical architect of a research community Her community is distributed internationally Increasing number of services need authentication and authorization She wants to focus on research and not reinvent the wheel She starts googling and asking around So, there are some solutions available, but…

Think Global: the AARC project Bring federated access to eResearch Avoid a future in which new research collaborations develop independent AAIs Build on existing tools and framework

What AARC does want to change and how Improve usage of FIM – Promote usage of FIM and organise training to leverage identity providers outside the academic boundaries Address Research requirements – Design a technical Blueprint Architecture that builds on top of eduGAIN to add components required Offer support for global policies – Sponsor the development of key policy frameworks that aim to add additional ‘flavours’ to eduGAIN. Sustainability – Ensure that operations of components of the blueprint architecture and deployment of assurance, security and policy frameworks rest with r/e-infrastructures

https://aarc-project.eu/achievements/

AARC Blueprint Architecture & eduGAIN Research & e-Infrastructures Implement the AARC blueprint AARC set of building blocks - both technical and policy, leveraging eduGAIN, for International Research Collaboration eduGAIN and the Identity Federations A solid foundation for federated access in R&E

Pilots and demonstrators AttributeManagementPilot AuthX509toSAMLDemo BBMRIAAIPilot CILogon-like pilot COmanageORCIDPilot COmanageSSHPilot LibrariesCockpitPanelConsortiumProxy LibrariesCockpitPanelEZproxy LibrariesCockpitPanelWalkInUsersPortal ORCIDpilotCockpitPanel PerunVOMSCILogonPilot SocialIDCockpitPanel https://wiki.geant.org/display/AARC/Pilot+results+and+demos

AARC CILogon Pilot: A Token Translations Service for Europe Use-cases: Hide PKIX complexity from the users Federated Access to web and non-web resources Support different type of credentials and delegation Enables access to different resource via portal Benefits: Allows for VO services, ie. VOMS Offered to research communities as service Managed security-sensitive components Built on CILogon and MyProxy! www.cilogon.org

Flow for RCauth-like scenarios VO portal can be anything even a simple shell Certs stored only for 11 days Master portal can add attributes via VOMS (or others in the future) Sirtfi REFEDS “R&S” Built on CILogon and MyProxy! www.cilogon.org 12 see also https://rcdemo.nikhef.nl/

First e-Infrastructure implementations for BPA & pilots EGI CheckIn Service https://wiki.egi.eu/wiki/AAI ELIXIR AAI https://www.elixir-europe.org/services/compute/aai EUDAT B2ACCESS https://www.eudat.eu/services/b2access GÉANT eduTEAMS https://www.eduteams.org

Solving the Policy Puzzle Pushing forward best practices and like policies across many participants “Levels of Assurance” – baseline and differentiated profiles, capabilities and grouping “Incident Response” – beyond Sirtfi: a common understanding on operational security “Sustainability, Guest IdPs, use models” – how can a service be offered in the long run? “Scalable policy negotiation” – helping SPs move beyond bilateral discussion “Protection of (accounting) data privacy” – necessary aggregation without breaking the law too much Strategy to support and extend established and emergent groups leverage their support base - and ‘multiply’ the effect of policy work from AARC IGTF WISE REFEDS FIM4R GN4 AARC SIRTFI . . .

From Baseline to Differentiated Assurance REFEDS WG based on capabilities (‘vectors’ mainly for IdPs) Grouping of capabilities with our SPs into profiles Different profiles and joint alignment of assurance between e-Infras ongoing … @REFEDS: Assurance Components consultation early 2017 – simple structure @FIM4R: useful grouping in assurance profiles – see Mikael’s talk https://docs.google.com/document/d/15v65wJvRwTSQKViep_gGuEvxLl3UJbaOX5o9eLtsyBI

Developing scalable policy models in light of the Blueprint: Snctfi  allow proxy operators to assert ‘trust marks’ based on known SP properties  Develop framework recommendations for RIs for coherent policy sets evaluate with the SP-IdP-Proxies in pilots based on the Blueprint Architecture Collaborate in WISE, IGTF & FIM4R to get endorsement Many SPs are alike Policy frameworks for collective service providers Shared use of and collaboration on reputation services, together in FIM4R Complementary work: Accounting Data Exchange Protection for Infrastructures Graphics inset: Ann Harding, SWITCH Proxying IdPs to SPs is part of the BPA, with e.g. the RCauth CPS as policy example

Inconsistency as our gravest risk? – towards AARC2 Reflected in updated AARC2 structure Operational security capabilities and Incident response in federations – beyond Sirtfi v1 Service-centric policies: traceability & accounting, privacy, gateway operations & proxies e-Researcher-centric policies: alignment of AUPs and templates, authentication assurance, community attribute management models and provisioning Policy Engagement and Coordination: contributes to Community Engagement, provision of policy expertise to the Competence Centre, promotion of best practices globally (WISE, FIM4R, IGTF, REFEDS), easing end-to-end coordination across the chain Structuring the exchange of information amongst SP groups

AARC2 In three bullets Starts 1st of May 2017

AARC2 Focus on Pilots and eScience Engagement 8 Pilots with research communities: CTA, EPOS, EISCAT_3D, LIGO, LifeWatch, WLCG, Biomedical Science Research, HNSciCloud Pilots to support interoperability among research & e-Infrastructures

Two new engagement mechanisms

AARC/2 support for Research & e-Infrastructure collaborations What AARC can do for you? AARC/2 support for Research & e-Infrastructure collaborations FIM4R as a community forum for AARC/2 work and pilots including bilateral meetings as needed Create a forum for Infrastructures: the competence centre facilitate the exchange of information of every (AAI, security) sort Check the AARC blog for the latest information https://aarc-project.eu/news-blog/ Get in touch: aarc-contacts@lists.geant.org

davidg@nikhef.nl

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.