AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

Similar documents
AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

WP JRA1: Architectures for an integrated and interoperable AAI

The challenges of (non-)openness:

AARC Blueprint Architecture

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

WP3: Policy and Best Practice Harmonisation

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources

In Section 4 we discuss the proposed architecture and analyse how it can match the identified 2

RCauth.eu / MasterPortal update

Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)

The EGI AAI CheckIn Service

Policy and Best Practice Harmonisation ( NA3 ) from the present to the future

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI

eidas cross-sector interoperability

AAI in EGI Current status

Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

Federated Identities and Services: the CHAIN-REDS vision

Federated Identity Management for Research Collaborations. Bob Jones IT dept CERN 29 October 2013

GÉANT Community Programme

EGI AAI Platform Architecture and Roadmap

Sustainability in Federated Identity Services - Global and Local

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Pilots to support guest users solutions

DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

Guidelines on non-browser access

EU Liaison Update. General Assembly. Matthew Scott & Edit Herczog. Reference : GA(18)021. Trondheim. 14 June 2018

GÉANT Mission and Services

WP6 D6.2 Project website

Deliverable D3.3 Requirements Gathering from e- Infrastructures

Open Science Commons: A Participatory Model for the Open Science Cloud

JRA5: Roaming and Authorisation

EUDAT. Towards a pan-european Collaborative Data Infrastructure

oordination upport Status: February 2017

EUDAT Towards a Collaborative Data Infrastructure

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

User Community Driven Development in Trust and Identity Services

European Open Science Cloud

Stakeholder consultation process and online consultation platform

Research Infrastructures and Horizon 2020

The CHAIN-REDS Project

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

REFEDS Year End Report 2015

Research Infrastructures for All You could be Next! e-infrastructures - WP

Jeremy Olsen (Francis Crick Institute), Jens Jensen (STFC), Steven Newhouse (EBI), Darren

Advancing European R&E through collaboration

EUMEDCONNECT3 and European R&E Developments

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

EUDAT- Towards a Global Collaborative Data Infrastructure

EUDAT - Open Data Services for Research

EUDAT. Towards a pan-european Collaborative Data Infrastructure. Damien Lecarpentier CSC-IT Center for Science, Finland EUDAT User Forum, Barcelona

Research Infrastructures in Horizon 2020

Towards Horizon The Enabling Users

EUDAT. Towards a pan-european Collaborative Data Infrastructure

GÉANT: Supporting R&E Collaboration

GÉANT Services Supporting International Networking and Collaboration

Helix Nebula The Science Cloud

IPv6 Task Force - Phase II. Welcome

UCD Centre for Cybersecurity & Cybercrime Investigation

Poland - e-infrastructure ecosystem and relation to EOSC

FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

EUDAT and Cloud Services

Milestone MS83 (DS5.4.1): Federation as a Service - Market Analysis and Pilot Service Definition

Deliverable D14.1 (DJ3.0.1) Report on the Achievements and Recommendations for any Future Work

Deliverable D9.3 Best Practice for User-Centric Federated Identity

On the EGI Operational Level Agreement Framework

Federated Authentication for E-Infrastructures

education federation CUC 2005, Dubrovnik High-quality Internet for higher education and research

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

GÉANT and other projects Update

1. Publishable Summary

Federated Services and Data Management in PRACE

An introduc/on to Sir0i

Development, testing and quality assurance report

GN3plus External Advisory Committee. White Paper on the Structure of GÉANT Research & Development

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

2. HDF AAI Meeting -- Demo Slides

PROJECT FINAL REPORT. Tel: Fax:

Towards a European Cloud Computing Strategy

Beyond Status and plans

Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

Next-Generation Identity Federations. Andreas Åkre Solberg

EUDAT. A European Collaborative Data Infrastructure. Daan Broeder The Language Archive MPI for Psycholinguistics CLARIN, DASISH, EUDAT

European Cloud Initiative: implementation status. Augusto BURGUEÑO ARJONA European Commission DG CNECT Unit C1: e-infrastructure and Science Cloud

SME License Order Working Group Update - Webinar #3 Call in number:

TOOP Introducing The Once-Only Principle project

Progress towards the EOSC

InfraStructure for the European Network for Earth System modelling. From «IS-ENES» to IS-ENES2

EGI federated e-infrastructure, a building block for the Open Science Commons

Interconnected NRENs in Europe & GÉANT: Mission & Governance Issues

National R&E Networks: Engines for innovation in research

Summary. Strategy at EU Level: Digital Agenda for Europe (DAE) What; Why; How ehealth and Digital Agenda. What s next. Key actions

GN2 JRA5: Roaming and Authorisation

The EuroHPC strategic initiative

A collaboration overview: From TF-VSS to GN2 SA6

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

Greek e-infrastructures Short report

GÉANT network and applications PENS workshop J-L Dorel European Commission

Proposals for EC Funding for BELLA

Transcription:

Authentication and Authorisation for Research and Collaboration AARC Christos Kanellopoulos AARC Architecture WP Leader GRNET Open Day Event: Towards the European Open Science Cloud January 20, 2016

AARC Facts Authentication and Authorisation for Research and Collaboration Two-year EC-funded project 20 partners NRENs, e-infrastructure providers and Libraries as equal partners About 3M euro budget Starting date 1st May, 2015 https://aarc-project.eu/ 2

What AARC does Help research communities to use federated access Address some of the FIM4R requirements Deliver a blueprint architecture to enable users to access services operated by different e-infrastructures Prepare documentation and training on AARC and REFEDS results, key aspect of federated access and edugain etc 3

AARC Structure Management (GEANT) Policy Harmonisation (Nikhef) To define scalable policies and operational models for the integrated AAI Architecture (GRNET) To research ways to deliver the design of an integrated AAI Pilots (SURFnet) To pilot key components of the integrated AAI and policy results Training and Outreach (TERENA) To train, disseminate and reach out Liaison with other relevant user communities, e-infrastructures and international relevant AAI activities 4 4

Training and Outreach Requirements & existing material Repackage and add what is missing - - Value proposition - Federation 101 - Training for SPs - Training on AARC results First document describing the approach to the training: https://aarc-project.eu/documents/milestones/ Report on the identified target groups for training and their requirements https://aarc-project.eu/wp-content/uploads/2015/04/aarc-dna2.1.pdf First online module on federated access https://aarc-project.eu/documents/training-modules/federations-101/ 5

Architecture Design Guest Identities Analysis of requirements Analysis of AA technologies Blueprint Architecture https://goo.gl/mliwix https://goo.gl/p663iz Attribute Authorities Token Translation Sep15 Dec15 Apr16 Jul16 Apr17 6

Architecture Design Analysis of requirements Past Activities FIM4R & TERENA AAA Study AARC Surveys BioVel, CLARIN, D4Science, DARIAH, EISCAT, EUDAT, FMI, PSNC, UMBRELLA, AARC Interviews EGI, ELIXIR, EUDAT, GN4, LIBRARIES (UKB), AARC Requirement Analysis (available end of Sept.) 7

Architecture Design Analysis of requirements 1. User Friendliness 2. Homeless Users 3. Different Levels of Assurance 4. Community based authorization 5. Flexible and scalable attribute release policies 6. Attribute Aggregation & Account Linking 7. Federation solutions based on open and standards based technologies 8. Persistent & Unique User Identifiers 9. User managed Identity Information 10. Up to date identity information 11. User groups and roles 12. Step up authentication 13. Browser and non-browser based federated access 14. Delegation 15. Social media identities 16. Integration with e-government infrastructures 17. Service Provider Friendliness 18. Effective Accounting 19. Policy Harmonization 20. Federated Incident report Handling 21. Sufficient Attribute release 22. Awareness about R&E Federations 23. Semantically harmonized identity attributes 24. Simplified process for joining identity federation 25. Best practices for terms and conditions 8

Architecture Design Analysis of requirements 1. User Friendliness 2. Homeless Users 3. Different Levels of Assurance 4. Community based authorization 5. Flexible and scalable attribute release policies 6. Attribute Aggregation & Account Linking 7. Federation solutions based on open and standards based technologies 8. Persistent & Unique User Identifiers 9. User managed Identity Information 10. Up to date identity information 11. User groups and roles 12. Step up authentication 13. Browser and non-browser based federated access 14. Delegation 15. Social media identities 16. Integration with e-government infrastructures 17. Effective Accounting 18. Policy Harmonization 19. Federated Incident report Handling 20. Sufficient Attribute release 21. Awareness about R&E Federations 22. Semantically harmonized identity attributes 23. Simplified process for joining identity federation 24. Service Provider Friendliness 25. Best practices for terms and conditions 9

Architecture Design Roadmap Continue the interviews with the AARC stakeholders and the parallel work on Guest Identities and Attribute Authorities (AA) & Token Translation Services (TTS) End of October first internal draft release of AARC High Level Architecture End of December: Analysis of available AA technologies February - April: Consultation with stakeholders around the AARC High Level Architecture Arpil: Release work on Guest Identities, AAs and TTS July: 1 st version of the AARC AAI Architecture Framework 10

The Policy Puzzle Many groups and many (proposed) policies, but they leave also many open issues via AARC Policy and Best Practice Harmonisation we try tackling a sub-set of these Levels of Assurance a minimally-useful profile and a differentiated set, for ID and attributes FIM4R IGTF Sustainability models and Guest IdPs how can assurance be offered in the long run? Scalable policy negotiation beyond bilateral discussion Protection of (accounting) data privacy aggregation of PI-like data in collaborative infrastructures Incident Response encouraging expression of engagement by (federation) partners and a common understanding https://wiki.refeds.org/display/groups/sirtfi REFEDS AARC... SCI GN4 SIRTFI 11

Activities in SA1 Pilots: planning DJRA1.1 Requirements MJRA1.1 Existing AAI and available technologies for federated access. guest access pilot M14 first report on pilots M15 attribute provider framework pilot M20 DJRA1.2 Blue Print architecture NA3.1 Differentiated LoA recomm. DNA3.3 Recomm. Sustainable models access to R&E resources pilot M23 Q4-2015 Q1-2016 Q2-2016 Q3-2016 Q4-2016 Q1-2017 Pre-pilot work: access to library resources Guest access: Library proxy (?) Guest access: Social IDs Guest access: egov IDs Integration test: Community A Inter-community sharing of resources Pre-pilot work: e-gov/social ID Guest access: Community IDs Guest access: Reputation service? Integration test: Community B Pre-pilot work: attribute management orcid SP (SN + IDEM) vopaas (COmanage) on boarding Integration test: Community C Pre-pilot work: token translation Attributes: COmanage/other? Attributes: Aggregation Pre-pilot work: commercial provider Token translation: CI-logon Attributes: SP consuming attributes? Token translation & attributes: CI-logon + VOMS (other sources?) Pre-pilot work:? Commercial service:? Orcid as an AA CI-logon2 + COmanage (aas) (pre-)pilot components pilot integration of different components 12

AARC2 13

The call for AARC 2 and its implications Development of a pan-european identity federation services for researchers, educators and students Stimulate AAI services supporting communities involved in the emerging data-rich science era to manage and share their resources Ø (Some) AAI innovation with user communities can happen in AARC2 (TRL6 as starting point) Ø More user-communities should be in AARC2 Ø There should be specific pilots to support user-community use-cases and/or to integrate AARC results into existing e-infrastructures 14

Partners and Budget Budget = 3 M Euro Partners = currently 20 (2 of which unfunded) No more unfunded partners, they will become MoUs No more than 25 partners New partners should be research communities GEANT Ams to remain the leading partner Plans are to maintain the same activity leaders 15

Structure of AARC2 NA1: Management NA2: Training and Outreach To deliver training on AARC1 final results To deliver training for user-communities NA3: Policy and Best Practice harmonisation To work on reference policy templates To define policies for IdPs-SPs proxies To define policies for attribute providers JRA1: Integrated architectures for e-infrastructure AAI To address the integration and interoperability (based on the AARC pilots) of the e-infrastructure AAIs, including the integration with international e-infrastructures To look at SP Architectures and Authorisation in multi-sp environments To research the integration of non R&E identities into existing federations SA1 To pilot the integration of the blueprint architecture into existing AAIs To support specific community use-cases 16

Deadlines End dec: - Consortium - Main usecases End Jan: - First Draft of Proposal and budget Mid March: - Final version proposal End March: Submit 17

Thank you Any Questions? skanct@admin.grnet.gr GEANT on behalf of the AARC project. The research leading to these results has received funding from the European Union s Horizon 2020 research and innovation programme under Grant Agreement No. 653965 (AARC).

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback