Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Authorisation for Research and Collaboration

Published byScarlett Bridges Modified over 5 years ago

Similar presentations

Presentation on theme: "Authentication and Authorisation for Research and Collaboration"— Presentation transcript:

1 OIDC Fed – Use cases from the relying parties: EGI Check-in & EUDAT B2ACCESS
Authentication and Authorisation for Research and Collaboration Nicolas Liampotis JRA1 Integrated AAI Developments/EGI Check-in GRNET Shiraz Memon EUDAT B2ACCESS JSC 42nd EUGridPMA meeting/Prague, CZ 22 Jan 2018

2 EGI Check-in / EUDAT B2ACCESS Overview
Check-in / B2ACCESS: Multi-protocol identity and access management solutions: Developed in close collaboration with the AARC project in order to implement the recommendations of the AARC Blueprint Architecture and Policy Framework Registered in eduGAIN in order to make connected services available to +2,000 universities and research institutes with little or no administrative overhead Allow the use of OIDC as alternative to SAML2 for integrating services: To support modern web standards (REST and JSON) To enable federated access for non- browser based resources, such as CLI tools and APIs

3 EGI Check-in / EUDAT B2ACCESS OIDC Client Registration and Management
Three alternative means of OIDC client registration Approval-based client registration via Approval-based client registration via registration Form Automatic client registration via registration form Only for testing/development environment!

4 EGI Check-in / EUDAT B2ACCESS Approval-based client registration via email
OIDC Client Operators send an containing a registration request to the OP Administrators The request contains redirect/return URI and purpose of the application OP Administrators review the client details and either register or reject the registration request The OP Administrators send encrypted reply containing client credentials and OIDC metadata information

5 EGI Check-in / EUDAT B2ACCESS Approval-based client registration via registration form
OIDC Client Operators fill in registration form accessible via the OP web site The form requires redirect/return URI, purpose of the application, username, password (client id/secret credentials), and other optional information OP Administrators approve/reject the registration request and Client Operators receive an notification

6 Only for testing/devel environment!
EGI Check-in / EUDAT B2ACCESS Automatic client registration via registration form OIDC client operators fill in registration form accessible via the OP web site The form requires redirect/return URI, purpose of the application, username, password (the client credentials), and other optional information The client is registered automatically and operators receive an notification Only for testing/devel environment!

7 EGI Check-in / EUDAT B2ACCESS In a nutshell
OP adopt different approaches depending on the deployment environment: Testing/Development: Automatic registration Production: Approval-based registration Problem: Automatic registration is not a trusted approach Approval-based approaches are trusted but cannot scale (administrators are contacted for every OIDC client registration request) Goal: “SCALABLE” and “TRUSTED” registration mechanism for OIDC clients Approach Trusted Scalable Approval-based ✔️ X Automatic OIDC Fed

8

Download ppt "Authentication and Authorisation for Research and Collaboration"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
CTO My SelfStudy Application Overview Sep 25, 2005.

CTO My SelfStudy Application Overview Sep 25, 2005.
123456789101112…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.

…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.

Technical Break-out group What are the biggest issues form past projects – need for education about standards and technologies to get everyone on the same.
Test your IdP

Test your IdP
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 B2ACCESS LSDMA.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Similar presentations

Ads by Google