EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Advertisements

(Re)using existing AAI experiences and future --- AAI Soapbox --- Jens Jensen, STFC-RAL Terena VAMP, 0-1 Oct 2013.

Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.

Contrail and Federated Identity Management

JISC Metaleth Project Athens, Shibboleth and the University of Bristol 29 th January 2007.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,

EMI INFSO-RI AAI in EEF Projects John White (Helsinki University) EMI Security Area Leader.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

ASPiS Security Jens Jensen Science and Technology Facilities Council AHM, 8-11 Sep 2008 Edinburgh.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

SAML to LDAP bridging developments Marcus Hardt Marcus kit.eduSteinbuch Centre for Computing (SCC) Motivation Allow linux logins,

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

Diego R. Lopez, RedIRIS TF-EMC2, Umea SIR, FedSSH and more to come…

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Example Use Case for Attribute Authorities and Token Translation Services Jens Jensen, EUDAT/AARC/STFC.

AAI Developments AAI for e-infrastructures UK T0 workshop, Milton Hill Park October 2015

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.

Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

WSO2 Identity Server 4.0 Fall WSO2 Carbon Enterprise Middleware Platform 2.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

INDIGO – DataCloud WP5 introduction INFN-Bari CYFRONET RIA

INDIGO – DataCloud Security and Authorization in WP5 INFN RIA

Security and Delegation The Certificate Perspective Jens Jensen Rutherford Appleton Laboratory Workshop at NIKHEF, 27 April 2010.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

WLCG Update Hannah Short, CERN Computer Security.

RCauth.eu CILogon-like service in EGI and the EOSC

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AAI for a Collaborative Data Infrastructure

AARC Update What’s been happening in AARC which matters for GÉANT

User Community Driven Development in Trust and Identity

Identity Management and Authorization

Christos Kanellopoulos

CheckIn: the AAI platform for EGI

Federated Identity Management for Researchers (FIM4R)

Check-in Nicolas Liampotis

Umbrella authentication

The AARC Project Licia Florio (GÉANT) Christos Kanellopoulos (GRNET)

The AARC Project Licia Florio AARC Coordinator GÉANT

Identity Management and Authorization

Identity Management and Authorization

ESA Single Sign On (SSO) and Federated Identity Management

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AARC Blueprint Architecture and Pilots

RCauth.eu CILogon-like service in EGI and the EOSC

Community AAI with Check-In

AAI in EGI Status and Evolution

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force

Recent Work Deployed federated IdM ∫ testbed –Extensive evaluation (>2 yrs ago) of available tech –Chosen: Contrail code (presented at VAMP Helsinki, 0-1 Oct. 2013) – fed idm, fed AA, multi-LoA, deleg’n, XACMLVAMP Helsinki Met most requirements, but not always prod’n ready –Updated with Unity ( Replacing some Contrail proof-of-concept code with more mature Extended attribute management (EUDAT as Attribute Authority) –CLARIN integrated a long time ago – others todo Not enough effort on community end (or other priorities of people with the right skills) Moving to preproduction

Future Wishes/Plans EUDAT2 – multi-LoA authentication in prod’n –Social media Id –Standalone IdPs (e.g. EGI SSO, Umbrella, CLARIN) Not necessarily Shibboleth IdP – could be e.g. OpenID Connect, LDAP –National (academic) federations (+eduGain, IGTF) Authorisation: –EUDAT as AA –Making use of ext’l AAs – VOMS, LDAP, other SAML –Attributes “harmonised” – scoped, translated, etc. User control (or at least visibility) –Can see delegations (with Contrail, via OAuth) –Can define ARP (combines with fed’n and community) –Can see what attributes do? Revoke use of attribute?

H2020 AAI Something we can use – so we don’t have to reinvent the wheel again once more –Need to recognise EUDAT as a stakeholder EUDAT’s communities are diverse, need flexibility Interoperable, standards based Deliver usable infrastructure –Secure, reliable, trustworthy –Easy to use, multi-technology support (e.g. X.509 and Shib) –Good performance Lower the barriers for us to get new international communities on board –Portal toolkit/HOWTO? –Command line support?