EGI Check-in service. Secure and user-friendly federated authentication and authorisation

Similar documents
The EGI AAI CheckIn Service

AAI in EGI Current status

AARC Blueprint Architecture

WP JRA1: Architectures for an integrated and interoperable AAI

The challenges of (non-)openness:

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

EGI AAI Platform Architecture and Roadmap

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

RCauth.eu / MasterPortal update

Pilots to support guest users solutions

WP3: Policy and Best Practice Harmonisation

2. HDF AAI Meeting -- Demo Slides

EUDAT - Open Data Services for Research

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

Deliverable DJRA1.1. Use-Cases for Interoperable Cross- Infrastructure AAI

Deliverable DSA1.4: Pilots to improve access to R&E-relevant resources

GÉANT Community Programme

eidas cross-sector interoperability

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)

DARIAH Update. 9th FIM4R Workshop. Vienna, Novemer 30, Peter Gietz, DAASI International GmbH.

In Section 4 we discuss the proposed architecture and analyse how it can match the identified 2

Sustainability in Federated Identity Services - Global and Local

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Guidelines on non-browser access

SELF SERVICE INTERFACE CODE OF CONNECTION

Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

Management der Virtuellen Organisation DARIAH im Rahmen von Shibboleth- basierten Föderationen. 58. DFN- Betriebstagung, Berlin, 12.3.

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

Authentication & Authorization systems developed for CTA

Prof. Christos Xenakis

Prof. Christos Xenakis

Policy and Best Practice Harmonisation ( NA3 ) from the present to the future

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Deliverable D9.3 Best Practice for User-Centric Federated Identity

EGI Applications Database VM Operations dashboard

Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

Géant-TrustBroker Dynamic inter-federation identity management

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

INDIGO-Datacloud Identity and Access Management Service

EGI-Engage: Impact & Results. Advanced Computing for Research

SWAMID Person-Proofed Multi-Factor Profile

INDIGO AAI An overview and status update!

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

SLCS and VASH Service Interoperability of Shibboleth and glite

Deliverable D14.1 (DJ3.0.1) Report on the Achievements and Recommendations for any Future Work

Deliverable D10.1 Launch and management of dedicated website and social media

Federated access to e-infrastructures worldwide

An introduc/on to Sir0i

Higher Education external Attribute Authority. Mihály Héder István Tétényi (MTA SZTAKI) 19-May-2015

edugain Policy Framework SAML Profile

EUDAT. Towards a pan-european Collaborative Data Infrastructure

DARIAH-AAI. DASISH AAI Meeting. Nijmegen, March 9th,

Connect. Communicate. Collaborate. GN2 JRA5 update. Jürgen Rauschenbach (DFN), JRA5 team 04/02/08 Marseille. JRA5 Team

EGI-InSPIRE. Security Drill Group: Security Service Challenges. Oscar Koeroo. Together with: 09/23/11 1 EGI-InSPIRE RI

Trust and Identity Services an introduction

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

REFEDS Year End Report 2015

irods Security Aspects Willem Elbers CLARIN-ERIC, Netherlands

GÉANT Mission and Services

Extending Services with Federated Identity Management

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

GÉANT Services Supporting International Networking and Collaboration

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

BECOMING A DATA-DRIVEN BROADCASTER AND DELIVERING A UNIFIED AND PERSONALISED BROADCAST USER EXPERIENCE

STORK Secure Identity Across Borders Linked

Warm Up to Identity Protocol Soup

Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service

EUDAT & AAI. Daan Broeder MPI for Psycholinguistics

Configuration Guide - Single-Sign On for OneDesk

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

Federation Operator Practice: Metadata Registration Practice Statement

Standards-based Secure Signon for Cloud and Native Mobile Agents

The EUReID Observatory. Brussels 2009_09_29

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Trusting External Identity Providers for Global

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Storage Management in INDIGO

SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES

Tutorial: Building the Services Ecosystem

The SciTokens Authorization Model: JSON Web Tokens & OAuth

Introducing Shibboleth. Sebastian Rieger

Technical Overview. Version March 2018 Author: Vittorio Bertola

Next-Generation Identity Federations. Andreas Åkre Solberg

Research Collaboration IAM Needs

Interagency Advisory Board Meeting Agenda, August 25, 2009

Cracking the Access Management Code for Your Business

Multi-Factor Authentication (MFA) Interoperability Profile. Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016

Federation Operator Practice: Metadata Registration Practice Statement

The EUDAT Collaborative Data Infrastructure

eidas-node Error Codes

SAML-Based SSO Solution

GrIDP: Grid IDentity Pool Federation

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

Facilitating the Attribute Economy. David W Chadwick George Inman, Kristy Siu 2011 University of Kent

Federation Operator Practice: Metadata Registration Practice Statement

Work Package 4, Milestone 4.2: First deployment of the consolidated platform

Introduction to SciTokens

Prototype DIRAC portal for EISCAT data Short instruction

Transcription:

EGI Check-in service Secure and user-friendly federated authentication and authorisation

EGI Check-in Secure and user-friendly federated authentication and authorisation Check-in provides a reliable and interoperable AAI solution that can be used as a service for third parties. Check-in enables single sign-on to services through edugain and other identity providers. Users without institutional accounts can access services through social media or other external accounts, including Google, Facebook, LinkedIn or ORCID. Services connected to Check-in can be made available to +2,000 universities and institutes with little or no administrative overhead Secure operates under the strict security policies of the EGI federation Simple hides the complexity of dealing with multiple authentication providers and sources of authorisation information Low overhead lowers the bureaucratic burden of integrating multiple identity providers and attribute authorities Interoperable implements the AARC blueprint architecture and is compliant with edugain, REFEDS RnS and Sirtfi policies Polyglot translates SAML 2.0, OpenID Connect, OAuth 2.0 and X.509 credentials

Check-in for service providers Check-in acts as an identity provider proxy. Service providers can configure it as a normal SAML or Open ID Connect identity provider and let Check-in handle external identity providers. Checkin will provide all the required authentication and authorisation information to service providers in a single assertion. Advantages for EGI service providers > Access to the entire edugain identity provider federation > Automatically become available to new identity providers as they are progressively configured in Check-in > Be able to link between accounts > Have all required information to handle user authentication and authorisation including: EGI UID, GOCDB roles, Virtual Organisation/group membership information, Level of Assurance, X.509 certificate DN if associated to the other identities Advantages for external service providers Non-EGI service providers can benefit from Check-in as well. Both SAML- and OpenID Connect-based services can be integrated with Check-in with very little effort to enable users to authenticate with their own credentials. As an authentication service Check-in will: > Enable edugain identity providers > Enable social media credentials > Enable X.509 certificate credentials > Enable users to link their accounts

Check-in for research communities Sets up an AAI from scratch Authentication Check-in accepts federated identity credentials to enable users to re-use institutional log-ins > IdP/SP proxy to aggregate authentication information from multiple sources, including edugain IdPs, social media credentials, and ad-hoc configured IdPs upon request Authorisation Check-in manages group membership information according to services > Built-in group management tools to create and manage a Virtual Organisation (VO) and subgroups, add and remove users, and manage user consent and the VO acceptable usage policy Improves existing AAI tools A community who already operates a group management tool does not need to change any of their workflows to be interoperable with Check-in. Check-in can play different roles based on the requirements of the community: > Use it as an identity provder proxy to enable federated access to the community group management tool > Integrate it with the group management tool of the community to implement community-based authorisation in the EGI services

Contacts Acknowledgements Website: This publication was prepared by the Operations and the Communications Team of the EGI Foundation, with contributions from GRNET. https://www.egi.eu http://go.egi.eu/checkin The EGI Check-in service provided for the EGI Community by GRNET, the Greek national e-infrastructure Copyright: EGI-Engage Consortium, Creative Commons Attribution 4.0 International License. The EGI-Engage project is co-funded by the European Union (EU) Horizon 2020 program under grant 654142. The content of this publication is correct to the best of our knowledge as of July 2017.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback