Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to AAI Services

Published bySamuel Lawson Modified over 7 years ago

Similar presentations

Presentation on theme: "Introduction to AAI Services"— Presentation transcript:

1 Introduction to AAI Services
Christos Kanellopoulos EOSCPilot WP5Workshop September 13th, 2017

2 Advanced Research and Education (R&E) needs advanced IT services
Research Communities The way researchers collaborate within scientific communities can vary significantly from community to community The ability to access and share resources is crucial for the success of any collaboration Advanced Research and Education (R&E) needs advanced IT services The way researchers collaborate within scientific communities can vary significantly from community to community.  On the one hand, there are highly structured communities with thousands of researchers who can be virtually anywhere in the world. Typically, these communities have been working together for a long time, they want to share and have access to a wide range of resources.  On the other hand, one finds a diverse number of smaller research communities working within specific or across scientific disciplines. Typically, these are either nascent communities being established around new scientific domains, or they are communities in specific domains that did not require wide spread and close collaboration among the researchers.  And of course, in between these two extremes, there are many scientific communities of varying size, structure, history etc.  Regardless, if we are talking about large-scale, well-structured collaborations or about loosely coupled collaborations centred around the individual researcher, they all need to share and access resources. The ability to access and share resources is crucial for the every day research. Advanced research needs equally advanced IT services.

3 GÉANT Network – A global infrastructure enabling collaboration on a global scale
GÉANT and the NRENs connect over 50 million users at 10,000 institutions across Europe Interconnecting with all world regions, reaching to over 100 countries. A global infrastructure enabling European researchers to collaborate on a global scale Nowadays, we tend to take many things for granted, but it is important to always take a step back and try to think how research would be taking place if the GEANT network was not there. Today, GEANT and the NRENs connect 50M users and institutions across Europe.  Through the GEANT interconnections with all the major world regions, European researchers can collaborated on daily basis with fellow researchers in more than 100 countries. A global infrastructure enabling European researchers to collaborate on a truly global scale.

4 eduGAIN – A global network of academic identities
Interconnects identity federations around the world, simplifying access to content, services and resources Researchers can use a single digital identity provided by the home organization At the same time, the NRENs started to experiment with federated authentication, establishing the first national academic federations, which allowed users to use their institutional accounts in order to access mainly web based services. Although the potential of federated ID was clear from the very beginning to the people involved it was not until 2010, that it could show its true potential. In 2011/2012, GÉANT brings to production the eduGAIN service, which interconnects mainly the identity federations in Europe. Very soon, other federations across the globe start connecting to eduGAIN, making eduGAIN a truly global identity network.  eduGAIN has been growing and evolving ever since with the continues support from GEANT and the international community of federation operators. 

5 eduGAIN – A global network of academic identities

6 Federated Identity Management for Research
Access services using identities from their Home Organizations when available. Secure integration of guest identity solutions and support for stronger authentication mechanisms when needed. Access to the various services should be granted based on the role(s) the users have in the collaboration. Users should have one persistent identity across all community services when needed. Ease of use for users and service providers. The complexity of multiple IdPs/Federations/Attribute Authorities/ - technologies should be hidden. Of course, you can understand how compelling such a service is to the research community. Leveraging eduGAIN, researchers can rely on the institutional accounts in order to access and share services. No more need for certificates, no need to operate costly infrastructures just to offer and manage user accounts so that researchers can collaborate. But eduGAIN and the Identity Federations do not come without their own limitations. Indeed, using eduGAIN is not just a switch that can be flipped. In most of the cases, although the identity network is there, the home institutions acting as identity providers, require that they approve the connection of each and every new service provider. Things look quite OK for local services, but what about international Service Providers? How the research community can benefit from this service? In 2012, many scientific communities come together, forming a working group called Federated Identity Management for Research, which investigate the current state FIM and its potential within their domains. After a series of workshops, they published the FIM4R paper, which highlights the importance of eduGAIN and the identity federations and the role they can play.  

7 EUDAT B2ACCESS Service Enables communities to use federated identities to access EUDAT services Connects to eduGAIN to enable users use their existing accounts at their home organisations Supports social ID logins and integration with token translations services for enable non-web access Communities can connect their community management systems as Attribute Authorities

8 EGI Check-In Service Enables communities to use federated identities to access EGI services Connects to eduGAIN to enable users use their existing accounts at their home organisations Supports social ID logins and integration with token translations services for enable non-web access Communities can connect their community management systems as Attribute Authorities

9 INDIGO AAI Enables communities to use federated identities to access services using OIDC Connects to eduGAIN to enable users use their existing accounts at their home organisations Supports social ID logins and integration with token translations services for enable non-web access Communities can connect their community management systems as Attribute Authorities

10 GÉANT eduTeams Enables communities to use federated identities to access services using OIDC Connects to eduGAIN to enable users use their existing accounts at their home organisations Supports social ID logins and integration with token translations services for enable non-web access Communities can connect their community management systems as Attribute Authorities

11

12 A Blueprint Architecture for authentication and authorization
AARC Blueprint Architecture - Enabling an ecosystem of solution on top of eduGAIN A Blueprint Architecture for authentication and authorization A set of architectural and policy building blocks on top of eduGAIN eduGAIN and the Identity Federations A solid foundation for federated access in Research and Education

13 AARC Blueprint Architecture
Guidelines and support documents Best practices for managing authorisation Expressing group membership and role information Scalable attribute aggregation Implementation of token TTS Credential delegation Non-web access Social media IdPs Use cases for account linking Use cases for LoA elevation via step-up authentication

14 AARC Blueprint Architecture
Policy recommendations & frameworks Security Incident Response Trust Framework for Federated Identity – Sirtfi Scalable Negotiator for a Community Trust Framework in Federated Infrastructures – Snctfi Recommendations on Minimal Assurance Level Relevant for Low-risk Research Use Cases Differentiated LoA recommendations for policy and practices of identity and attribute providers Recommendations and template policies for the processing of personal data by participants in the pan- European AAI

15 AARC 2nd edition – Working closer together

16 AARC Engagement Group for Infrastructures
Representatives from research and e- Infrastructures who operate AAI services for the communities they support A communication channel with and across the infrastructure providers Promote a consistent vision for federated access Facilitate activities so that infrastructures implement harmonised solutions and avoid ’re-inventing the wheel”

17 Community Engagement Forum
Engage with the research communities, within and outside of AARC using FIM4R as the reference point. Raise awareness and increase visibility of the AARC results by showcasing the AARC pilots and offering training to participating communities Identify gaps and new requirements and channel them back to AARC. Support and promote the work of FIM4R by ensuring the continuous engagement of the participating communities

18 Community Engagement Forum
BBMRI-ERIC CERN/HNSciCloud CTA DARIAH EISCAT ELIXIR EPOS INFRAFRONTIER INSTRUCT Liber LifeWatch LIGO WLCG

19

Download ppt "Introduction to AAI Services"

Similar presentations

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.

Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Www.eudat.eu b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.

b2access.eudat.eu B2ACCESS The simple and secure authorisation and authentication platform of EUDAT This work is licensed under the Creative.
Networks ∙ Services ∙ People www.geant.org Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Similar presentations

Ads by Google