Presentation is loading. Please wait.

Presentation is loading. Please wait.

European Life Sciences Infrastructure for Biological Information www.elixir-europe.org European Life Sciences Infrastructure for Biological Information.

Published byAnnis Jefferson Modified over 8 years ago

Similar presentations

Presentation on theme: "European Life Sciences Infrastructure for Biological Information www.elixir-europe.org European Life Sciences Infrastructure for Biological Information."— Presentation transcript:

1 European Life Sciences Infrastructure for Biological Information www.elixir-europe.org European Life Sciences Infrastructure for Biological Information www.elixir-europe.org ELIXIR AAI Miroslav Ruda, on behalf of Mikael.Linden@csc.fiMikael.Linden@csc.fi 1

2 Terms and concepts Identity – there is a researcher called Bob@ELIXIR Authentication – Bob@ELIXIR has logged in using his password Authorisation Based on his membership in ELIXIR, Bob@ELIXIR can use ELIXIR serviceBob@ELIXIR Based on his membership in „ELIXIR HoN“ group, Bob@ELIXIR can access the Head of Nodes Wiki spaceBob@ELIXIR Based on his Data Access Application approved by the appropriate Data Access Committee, Bob@ELIXIR can access dataset EGAD00000000123 2

3 ELIXIR TF-AAI Use cases (Finished)Finished  Requirements (stabile draft)stabile draft  Design (first draft)first draft  Technical Use Cases document – Prioritization with ELIXIR -EXCELERATE user groups  Small pilots in spring 2015  Deployment in ELIXIR Excelerate project 3

4 ELIXIR AAI design (draft) 4 ELIXIR AAI External authentication (e-infrastructures) Relying services eduGAIN IdPsCommon IdPs ELIXIR Proxy IdP ELIXIR Directory Bona fide management Dataset authorisation management Group/role management Credential translation EGAwiki CloudIntranet … Data archive …… Attribute self-management

5 ELIXIR identity 5 ELIXIR AAI External authentication (e-infrastructures) Relying services eduGAIN IdPsCommon IdPs ELIXIR Proxy IdP ELIXIR Directory Bona fide management Dataset authorisation management Group/role management Credential translation EGAwiki CloudIntranet … Data archive …… Attribute self-management Each user has one ELIXIR identity e.g. ”tommi@elixir-europe.org” ELIXIR Proxy maps external authentication providers to it e.g. nyronen@csc.fi (eduGAIN) e.g. tommioffinland@google (Google) e.g. 0000-0002-3634-3756 (ORCID) Also local username/password possible Each user has one ELIXIR identity e.g. ”tommi@elixir-europe.org” ELIXIR Proxy maps external authentication providers to it e.g. nyronen@csc.fi (eduGAIN) e.g. tommioffinland@google (Google) e.g. 0000-0002-3634-3756 (ORCID) Also local username/password possible tommi@elixir-europe.org nyronen@csc.fitommioffinland@google

6 Step-up authentication 6 ELIXIR AAI External authentication (e-infrastructures) Relying services eduGAIN IdPsCommon IdPs ELIXIR Proxy IdP Step-up authentication wiki Human data tommi@elixir-europe.org nyronen@csc.fitommioffinland@google External authentication: Authentication with password Less sensitive services: password enough More sensitive service: Step-up authentication server asks for second factor (e.g. one-time password by SMS) More sensitive service: Step-up authentication server asks for second factor (e.g. one-time password by SMS)

7 Technical Use Cases Basic Technical Use Cases defined by AAI, Cloud and Data TFs Workshop in Amsterdam 12-13/3/15 – 45 participants: Elixir, e-Infrastructure & Other Service Providers – Discuss requirements of the Scientific Use Cases Initial Prioritisation and Grouping Analysis – 0: Federated ID, Other ID – 1: Elixir ID – 2: Credential Translation, Group/Attribute Management, Endorsed Personal Data Attributes

8 AAI milestones in ELIXIR-Excelerate EXCELERATE Milestone 4.1: (M12) Demonstrator I. Some ELIXIR Technical Services are operating and are usable to support aspects of the ELIXIR-Excelerate Use Cases. ELIXIR Identity established based on fedeated Identity Credential translation Bona fide researcher qualification management EXCELERATE Milestone 4.2 (M24) Demonstrator II. Most ELIXIR Technical Services operating and in more robust and sustained manner and capable of supporting most aspects of the ELIXIR-Excelerate Use Cases. group/attribute management, endorsed attribute Other external Identity 8

9 Pilot implementation Two pilots/use-cases Intranet usage – access to project documents, including group management Connect EGA archive to authorized Cloud services Reliable and fast enough data transfer from archive to Cloud storage Cloud authentication protocol uses ELIXIR AAI Provide a secure protocol for Cloud users to access EGA datasets based on DAC permissions Prototype Cloud VM data access rules that comply to EGA access regime. Tools, dependencies EduGAIN IdPs + Google/ORCID ProxyIdP - SURF ELIXIR directory, group management - Perun DAC - REMS Several tools discussed for credential translation (SAML2 to X.509 certificates, Kerberos...) 9

Download ppt "European Life Sciences Infrastructure for Biological Information www.elixir-europe.org European Life Sciences Infrastructure for Biological Information."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.

Resource Entitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.

Agenda Project beginnings and funding. Purpose of the federation. Federation members. Federation protocols. Special features in our federation. Pilot.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
European Life Sciences Infrastructure for Biological Information ELIXIR FI for BBMRI IT Morris FIMM and THL Tommi Nyrönen.

European Life Sciences Infrastructure for Biological Information ELIXIR FI for BBMRI IT Morris FIMM and THL Tommi Nyrönen.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.

Federated Identity and the International Research Community Dr Ken Klingenstein Director, Internet2 Middleware and Security.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org Life science community update for the 7 th Federated Identity Management.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org META-pipe WP6 Kick-off Lars Ailo Bongo, ELIXIR-NO.

European Life Sciences Infrastructure for Biological Information META-pipe WP6 Kick-off Lars Ailo Bongo, ELIXIR-NO.
Resource Entitlement Management System Mikael Linden CSC – IT Center for Science.

Resource Entitlement Management System Mikael Linden CSC – IT Center for Science.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Similar presentations

Ads by Google