Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012.

Published byRoland Fowler Modified over 7 years ago

Similar presentations

Presentation on theme: "Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012."— Presentation transcript:

1 Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012

2 Overview FIM4R –“Federated Identity Management for Research” Some background FIM4R workshops and our paper Communities –And some use cases Vision and Common Requirements –More details later today Advert: other activities in IGTF and Grids 6 Sep 12FIM4R Overview, Kelsey2

3 About me Head of Particle Physics Computing Group at STFC-RAL, UK Many roles in Grids, Security, AAI, IdM etc –Including EGI, GridPP, WLCG, IGTF, SCI, TERENA, FIM4R 6 Sep 12FIM4R Overview, Kelsey3

4 Background Issue of IdM raised by IT leaders from EIROforum labs (Jan 2011) –CERN, EFDA-JET, EMBL, ESA, ESO, ESRF, European XFEL and ILL These laboratories, as well as national and regional research organizations, are facing similar challenges –Scientific data deluge means massive quantities of data –needs to be accessed by expanding user bases in dynamic collaborations across organisational and national boundaries “Facebook” generation demands all the tools (work & social) integrate smoothly Also encouraged by EEF and eIRG Global problem, not just EU “Science” changed to “Research” to include Humanities 6 Sep 12FIM4R Overview, Kelsey4

5 Federated IdM for Research (FIM4R) A collaborative effort started in June 2011 Not just EIROForum. include many ESFRI projects and providers and infrastructures –Be inclusive Involves photon & neutron facilities, social science & humanities, high energy physics, climate science, life sciences and fusion energy Workshops included participation by HTC and HPC infrastructures, TERENA, IGTF, Geant/eduGAIN, middleware developers … 6 Sep 12FIM4R Overview, Kelsey5

6 Workshops (2) 4 workshops to date –link to Jun 2012 agenda below (other links contained within) https://indico.cern.ch/conferenceDisplay.py?confId=191892 Prepared a paper that documents common requirements, a common vision and recommendations –To research communities, identity federations, funding bodies Paper: CERN-OPEN-2012-006: https://cdsweb.cern.ch/record/1442597 https://cdsweb.cern.ch/record/1442597 6 Sep 12FIM4R Overview, Kelsey6

7 The communities 6 Sep 12FIM4R Overview, Kelsey7

8 Life Sciences Large community – millions of scientists ELIXIR (an ESFRI project) –Infrastructure for secure collection, storage and management of bio data Enable linking of bimolecular data to biomedical/clinical data Challenges of ELSI data (restricted access because of ethical, legal, societal or other reasons) – Data Access Committees (DAC) –E.g. European Genome-phenome Archive (EGA) - ~ 50 DACs Pilot projects –Users authenticate with FIM to access ELSI data –Automated electronic workflow for authenticated user to be granted access to a dataset by a DAC 6 Sep 12FIM4R Overview, Kelsey8

9 Photon & Neutron Facilities > 30,000 users at ~24 facilities Largest community is structural biology – all protein structures for drug development, determined here Significant commercial activity Confidentiality and fine-grained access control essential Users are very mobile – facilities highly overbooked Increasingly complex analysis Data archival and curation should not be left to end users Need to manage all aspects, including proposals, travel etc EU PaNdata and CRISP both working on a federated open infrastructure for this large community Umbrella system being developed –Federated IdM system with all facility User Offices linked More details in the local web-based User Office 6 Sep 12FIM4R Overview, Kelsey9

10 Humanities Several infrastructure projects identified the need for AAI, SSO & federated IdM –CLARIN, DARIAH, CESSDA, DASISH, Project Bamboo Small numbers of users but growing fast CLARIN is valiantly making contracts with national Identity Federations –Challenges of negotiating attribute release (ePPN or ePTID + cn, mail, o,...) –Many IdPs do not release (IDF has no control) –Some IDFs require opt-in – does not scale –Many “homeless” researchers (either country or institute) 6 Sep 12FIM4R Overview, Kelsey10

11 Climate Science Researchers use data from many sources Management of access control and IdM between multiple domains –Is a barrier – many datasets underused CMIP5 – international coupled models –Tackling many of these issues –~50 modeling centres Earth System Grid Federation (ESGF) –Deployed to meet needs of CMIP5 –Includes a complete FIM solution OpenID for browser-based interactions and MyProxyCA and short-lived certificates SAML used for attribute management and AuthZ –Access control essential for wider use by Earth Sciences community New UK Climate and Environmental Monitoring from Space (CEMS) will use cloud technologies and dynamic trust & credentials 6 Sep 12FIM4R Overview, Kelsey11

12 High Energy Physics > 10,000 physicists in >60 countries WLCG, EGI, Open Science Grid and others provide a very successful federation (for Grid apps) with SSO and delegation –National CA accredited by IGTF and growing use of the TCS –VOMS Attribute Certs for AuthZ HEP community has many other collaborative tools (wikis, portals, mail lists, etc) where Federated IdM would help a lot Credential translation will be needed –E.g. the EMI Security Token Service Need to tackle LoA Concerned about security risks and establishing Trust –Role for IGTF (or others) in defining best practice 6 Sep 12FIM4R Overview, Kelsey12

13 A recent example use of the WLCG infrastructure (CERN event 4 July 12) –2 slides (ATLAS & CMS) 6 Sep 12FIM4R Overview, Kelsey13

14 Combined results: the excess 5σ5σ Expected from SM Higgs at given m H Global significance: 4.1-4.3 σ (for LEE over 110-600 or 110-150 GeV) Maximum excess observed at Local significance (including energy-scale systematics) m H = 126.5 GeV 5.0 σ Expected from SM Higgs m H =126.54.6 σ Probability of background up-fluctuation 3 x 10 -7 Expected from SM Higgs at given m H

15 6 Sep 12FIM4R Overview, Kelsey15

16 Speedy analysis of so much data only possible because of the success of WLCG, EGI, OSG and other related infrastructures –Including the Grid AAI !! –Not forgetting the accelerator, the experiments, the physicists, the engineers etc etc! 6 Sep 12FIM4R Overview, Kelsey16

17 Common vision statement A common policy and trust framework for Identity Management based on existing structures and federations either presently in use by or available to the communities. This framework must provide researchers with unique electronic identities authenticated in multiple administrative domains and across national boundaries that can be used together with community defined attributes to authorize access to digital resources 6 Sep 12FIM4R Overview, Kelsey17

18 Common Requirements User friendliness –Many users use infrequently Browser and non-browser federated access Bridging between communities Multiple technologies and translators –Translation will often need to be dynamic Open standards and sustainable licenses –For interoperability and sustainability Different Levels of Assurance –When credentials are translated, LoA provenance to be preserved Authorisation under community and/or facility control –Externally managed IdPs cannot fulfil this role Well defined semantically harmonised attributes –For interoperable authorisation –Likely to be very difficult to achieve! 6 Sep 12FIM4R Overview, Kelsey18

19 Requirements (2) Flexible and scalable IdP attribute release policy –Different communities and different SPs need different attributes –Negotiate with IdF not all IdPs – for scaling Attributes must be able to cross national borders –Data protection/privacy considerations Attribute aggregation for authorisation Privacy and data protection to be addressed with community- wide individual identities –We need to identify individuals E.g. ethical committees can require names, addresses, supervisors to grant access 6 Sep 12FIM4R Overview, Kelsey19

20 Operational Requirements Risk analysis Traceability –Audit trails include IdPs Security incident response –To include all IdPs and SPs Transparency of policies –To gain trust of SPs and users Reliability and resilience Smooth transition (from today’s production) Easy integration with local SP –SP likely to want to support multiple AuthN technologies 6 Sep 12FIM4R Overview, Kelsey20

21 Legal, Policy & Trust Contracts or SLAs between communities and IDFs must be scalable –Include maximum number of participants –Bi-lateral agreements will not scale Standards of Trust (or Codes of Conduct) similar to IGTF approach is an attractive scalable solution 6 Sep 12FIM4R Overview, Kelsey21

22 Other efforts to build Trust International Grid Trust Federation –Guidelines for Attribute Authority Service Provider Operations –http://www.eugridpma.org/guidelines/aaops/http://www.eugridpma.org/guidelines/aaops/ Grids (EGI Security Policy Group) –VO Membership Management Policy –https://documents.egi.eu/document/79https://documents.egi.eu/document/79 6 Sep 12FIM4R Overview, Kelsey22

23 Questions? 6 Sep 12FIM4R Overview, Kelsey23

Download ppt "Research Community Requirements (FIM4R) David Kelsey (STFC-RAL) VAMP Workshop 6 Sep 2012."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.

Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.

CLARIN Infrastructure Vision (and some real needs) Daan Broeder CLARIN EU/NL Max-Planck Institute for Psycholinguistics.
EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop , CERN,
JASMIN and CEMS: The Need for Secure Data Access in a Virtual Environment Cloud Workshop 23 July 2013 Philip Kershaw Centre for Environmental Data Archival.

JASMIN and CEMS: The Need for Secure Data Access in a Virtual Environment Cloud Workshop 23 July 2013 Philip Kershaw Centre for Environmental Data Archival.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org Life science community update for the 7 th Federated Identity Management.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Similar presentations

Ads by Google