Presentation is loading. Please wait.

Presentation is loading. Please wait.

eduTEAMS platform for collaboration Niels Van Dijk

Published byAmber Floyd Modified over 6 years ago

Similar presentations

Presentation on theme: "eduTEAMS platform for collaboration Niels Van Dijk"— Presentation transcript:

1 eduTEAMS platform for collaboration Niels Van Dijk
eduTEAMS Technical Lead SURFnet, The Netherlands DI4R Conference, Krakow, Poland, Sept. 28, 2016

2 Introducing eduTEAMS Service Design Test & Deployment In Depth
Market Analysis Service Offering Test & Deployment Pilots Production deployment In Depth Membership management Guest Identities Walk trough phases of creating eduTEAMS service Goals and requirements Design Highlight 2 components Pilots and production Goals & Requirements

3 Challenges for Collaborative Organisations
Challenges in Authentication space Collaborative organisations work with people outside scope of R&E communities as well Requires Collaborative organisations to peer with other non R&E Identity providers or maintain an additional Identity provider Challenges in Authorization space Services run by Collaborative organisations often need attribute or group related information in the context of their collaboration, which are not issued by Identity providers Requires Collaborative organisations to manage and provide additional attributes and groups towards their services, independently from the Identity provider AuthN: people not in eduGAIN AuthZ: groups, attributes, in context of VO audit trail: who, when, by who

4 GEANT VO Platform as a Service Project
Goal Investigate the conditions that would allow GÉANT to provide services to support Collaborative organisations Focus on delivery of technical services Out of scope: Technical development Policy & LOA development Activities Gather requirements and priorities with/from communities Look at existing tools and technologies Look into delivery model Investigate business case & sustainability Pilot with communities Operations and Market Virtual Organisation Platform as a Service Project in GEANT: Create and Run a service to support Collaborative Organisations Requirements from communities Use existing software Create a sustainable service Run the service

5 Market Analysis The FIM4R paper (April 2012) was one of the first to articulate collective requirements for using Federated AAI for VOs. The VOPaaS has performed a survey among several small and large Pan-European VOs to (re-)validate the requirements. Conducted Market Analysis including FIM4R paper Interview Vos include AARC findings

6 Market Analysis Results

7 eduTEAMS deployment model
eduTEAMS: a suite of services that supports AAI for Virtual Organisations Basic Services For Collaborative Organisations with generic AAI requirements Operated by GÉANT Multi tenant service Also for Collaborations that are not legal entities Advanced Services Aimed to support Collaborative Organisations with advance AAI requirements Operated by GÉANT on behalf of a VO Single tenant service Somebody – a legal entity - must take responsibility for that data Enter eduTEAMS Complements eduGAIN A suite of services, which can grow/change/improve over time 2 flavors: Basic Advanced

8 eduTEAMS Basic Services
eduTEAMS Membership Management service VO specific workflows for onboarding members Registry for VO persistent Identifier Limited set of attributes Accessible through eduGAIN eduTEAMS Identity Hub One persistent (SAML) IdP for many ‘Guest’ Identity Providers Social (Google, Twitter, Linkedin, Facebook) NREN operated & Commercial Guest IdPs (UnitedID.org, eduID.se) eGOV (STORK) and BankID Provides Account recovery Available and accessible through eduGAIN Supports Research and Scholarship Entity Category Membership management

9 eduTEAMS Membership Management
For R&E communities Manage your own onboarding workflows, Helps to formalize membership management, Gather additional attributes beyond identity providers Distribute authorization on membership to the right people For Federation Operators Many Federation have no support for Collaborative Organisations in their communities eduTEAMS may be offered and supported trough the Federation Federations may offer additional services on top of eduTEAMS to enhance collaboration (inter)nationally for their communities

10 eduTEAMS Identity Hub Leverage External Identity Provider ‘patchwork’
Let the user choose favorite ID provider Provides one integration point with many Guest ID solutions Use from within eduGAIN Offers persistent identifier for user Allows account recovery if Guest ID solution ‘goes away’ Present Level of Assurance( LOA) information on IdP Protects user privacy, as ID provider cannot look beyond the hub

11 eduTEAMS Basic Services ecosystem
IdP VOOT AA SAML AA COmanage eduTEAMS Membership Management Service Provider AuthN: ID + attributes eduTEAMS Identity Hub External IdP

12 eduTEAMS in AARC Reference architecture

13 eduTEAMS Membership Management - flow
(1) Service Provider IdP Authenticate eduTEAMS Identity Hub VOOT AA SAML AA COmanage eduTEAMS Membership Management (2) Get persistent Identifier & VO specific groups and attributes

14 eduTEAMS Identity Hub eduTEAMS Identity Hub Your Service Persistent ID
LOA Account Recovery Zoom in a bit on eduTEAMS Identity Hub Leverage existing patchwork of ID services Let the user choose the IdP it wants to use Persistent identity for the Servcices LOA information

15 eduTEAMS Identity Hub demo
Vanilla SimpleSAMLphp SP Multiple IdPs from eduTEAMS Identity Hub

16 eduTEAMS Login using Google & Account linking
Choose Google Asked if I want to use account linking so I can lateron recover my account

17 eduTEAMS IDHub Account linking
Request and PIN

18 eduTEAMS IDHub Consent
Ask for consent, manageable per attribute

19 eduTEAMS IDHub – back at the SAML SP
Back at the SP

20 Advanced Services Advanced features are provided on a per CO basis:
(advanced) Attribute Management (advanced) Group Management Provisioning - For web and non-web resources also application specific connectors Service Proxy and Attribute Aggregation Accessible through eduGAIN Scenarios for advanced services

21 What's in it for R&E communities and Federation Operators
Deploying AAI is complex and subject matter experts are required By using eduTEAMS you can outsource your R&E AAI So you can focus on research topics, rather than building AAI solutions For Federation Operators Support Collaborative Organisations in which their communities are participating Support their communities in using the eduTEAMS offering Connect and support services connected to eduTEAMS For Infrastructure providers Host your services in eduTEAMS Advances Services Recap: why should you use eduTEAMS?

22 Roadmap Q4 2016 Run pilots with Basic Services, in collaboration with AARC Support application integrations Investigate new services, e.g. SAML Discovery, OpenID Connect gateway 2017 Production service for Basic Services Finalize specification for Advanced Services 2018 Deploy Pilots for Advanced Services Possibly: pick up new services as developed within GEANT, AARC or others

23 Interested to join eduTEAMS pilot or have any queries
Contact us:

Download ppt "eduTEAMS platform for collaboration Niels Van Dijk"

Similar presentations

Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.

Social Identity Working Group Steve Carmody. Agenda Intro to Using Social Accounts Status and Recent News –Current UT Pilot –Current InCommon Pilot with.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos Open Day Event: Towards the European Open.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.

A uthentication & A uthorization for R esearch & C ollaboration Pilots in SA1 Paul van Dijk, SURFnet AARC.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team

Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.

Connect communicate collaborate Trust & Identity EC meets GÉANT 19 June 2014 Brussels Valter Nordh, NORDUnet Federation as a Service Task Leader Trust.
Networks ∙ Services ∙ People www.geant.org Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,

Networks ∙ Services ∙ People Marina Adomeit FIM4R meeting Virtual Organisation Platform as a Service VOPaaS Nov 30, 2015, Austria Task Leader,
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.

Authentication and Authorisation for Research and Collaboration Taipei Taiwan Authentication and Authorisation for Research and.
Networks ∙ Services ∙ People www.geant.org Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.

Networks ∙ Services ∙ People Mandeep Saini TNC15, Porto, Portugal Virtual organisation Authorisation Management Practices in Research and.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.
Networks ∙ Services ∙ People www.geant.org Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.

Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.

Authentication and Authorisation for Research and Collaboration Peter Solagna, Davide Vaghetti, et al. Topics for PY2 activities.

Similar presentations

Ads by Google