OIDC Federation for Infrastructures

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – IGTF LoA generalisation David Groep Interoperable Global Trust Federation IGTF Documents at.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

David Groep Nikhef Amsterdam PDP & Grid Evolving Assurance – going where? Collaborative, distributed, and generalized assurance beyond just identity authentication.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

David Groep Nikhef Amsterdam PDP & Grid AARC Authentication and Authorisation for Research and Collaboration an impression of the road ahead.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.

Security in the wider world David Kelsey (STFC-RAL) GridPP37 – Ambleside 2 Sep 2016.

SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.

Building Trust for Research and Collaboration

Introduction to AAI Services

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

Boosting AAI for research and collaboration

RCauth.eu CILogon-like service in EGI and the EOSC

The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AARC Update What’s been happening in AARC which matters for GÉANT

User Community Driven Development in Trust and Identity

eduTEAMS – Current status & Future Plans

Policy and Best Practice Harmonisation

Christos Kanellopoulos

CheckIn: the AAI platform for EGI

AAI Alignment Nicolas Liampotis (based on the work of Mikael Linden)

Check-in Nicolas Liampotis

Boosting AAI for research and collaboration

Updates on Training Andrea Biancini (AARC2.AHM)2 NA2 WP leader

Towards hamonized policies and best practices

Minimal Level of Assurance (LoA)

The RCauth.eu CILogin-like TTS Pilot in EGI

Sustainability for the AARC CILogin-like TTS Pilot

EUGridPMA Status and Current Trends and some IGTF topics October 2017 APGridPMA Autumn Meeting David Groep, Nikhef & EUGridPMA.

Policy in harmony: our best practice

Assessing Combined Assurance

Assessing Combined Assurance

Leveraging the IGTF authentication fabric for research

Leveraging the IGTF authentication fabric for research

“RaaS” – towards RCauth.eu as a Service

Thursday pilot session: 7-minutes

Towards hamonized policies and best practices

EduTEAMS at a Glance Mandeep Saini Linz, Austria 30 May 2017.

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

Updated (VO) Community Security Policies

AARC Blueprint Architecture and Pilots

EUGridPMA Status and Current Trends and some IGTF topics March 2018 APGridPMA ISGC Meeting David Groep, Nikhef & EUGridPMA.

OIDC Federation for Infrastructures

AARC2 JRA1 Update Nicolas Liampotis

AAI Architectures – current and future

RCauth.eu CILogon-like service in EGI and the EOSC

WP3: Policy and Best Practice Harmonisation

David Groep for the entire AARC Policy Team I2TechEX18 meeting

EUGridPMA Status and Current Trends and some IGTF topics August 2018 APGridPMA Auckland Meeting David Groep, Nikhef & EUGridPMA.

Community AAI with Check-In

David Groep for the entire AARC Policy Team AARC2 AHM4 meeting

AAI in EGI Status and Evolution

JRA1: Integrated AAI Developments

Authentication and Authorisation for Research and Collaboration

Federated Incident Response

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

OIDC Federation for Infrastructures EUGridPMA 42 Prague, CZ

“establish common policies and guidelines that enable interoperable, global trust relations between providers of e-Infrastructures and cyber-infrastructures, identity providers” technology-agnostic assurance profiles (see IANA registry) with specific renderings – PKIX, Attribute Authorities, … How can we help support RI and e-Infrastructure use cases? technology bridges: TCS, RCauth.eu, IGTF-eduGAIN bridge, … native SAML R&E federation most effective through REFEDS now behind the bridges for research & collaboration, OIDC prominence!

OIDC Federation Task Force The IGTF task force for OIDC Federation will identify specific objectives – I2 TechEx scope needs and requirements for R/E infrastructure OIDC Fed we will be doing that today! verify compatibility of IGTF Assurance Profile framework for ‘technology-agnosticity’ with OpenID Providers (proxies) and RPs test a OIDCFed scenario e.g. starting with use cases: WLCG, RCauth.eu, … ELIXIR, EGI CheckIn assess structure and needed meta-data in a ‘trust anchor service’, how to address RPDNC links it with dynamic client registration through ‘.well-known’ liaise with OIDC Fed efforts in AARC and GN*-*, and Roland Hedberg

Client ID and Client Secret WaTTS service EGI MasterPortal MinE Credential Hosting … B2ACCESS, … SSH Proxy CLI Prometheus WebDAV portal mkProxy service … Master Portal

OIDC Fed See spec by Roland Hedberg scoped to the RP + Proxy case is not very complex, actually

OIDC Fed ‘policy’ IGTF “RP oriented” OIDC Fed can leverage existing framework connect RPs from infrastructures that are IGTF members (EGI, HPCI, OSG, WLCG, GEANT, PRAGMA, PRACE, XSEDE, …) and new IGTF RP members can join of course! Accreditation process and membership guidelines in place OPs in the federation (RI/EI IdP-SP-Proxies) use IGTF APs and Snctfi framework where needed RPs in the federation become the responsibility of their member representatives regional (‘national’) RP groups via their existing authority member for RP trust (more than today) re-use Sirtfi, WISE, and trust groups

Information sharing ACAMP session nodes (see Wiki) do not over-complicate the initial set-up retain dynamics in the system by leveraging existing trust stick to OIDC core attributes makes life easier discovery – leave this for the RPs, but make our data available allow overlapping federations and be complementary (COIs) Keeping in touch http://wiki.eugridpma.org/Main/OIDCFed oidcfed@igtf.net (https://igtf.net/mailman/oidcfed)

Needs and Requirements ELIXIR & Life Sciences AAI (Michal Prochazka) CILogon developments (Jim Basney) behind EGI Check-In (Nicolas Liampotis) Recommendations in AARC and GN*-* (Davide Vaghetti) WaTTS (Marcus Hardt) followed by a discussion on what tools we can use on the IGTF side (scripts, URL triggers) , what tools on the client side for auto-populating RPs (periodic cron jobs, scripts)