Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Published byJean Black Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October."— Presentation transcript:

1 http://aarc-project.eu Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October 2015 AARC Coordinator https://aarc-project.eu/

2 http://aarc-project.eu 2 AARC Facts Two-year EC-funded project 20 partners NRENs, e-Infrastructure providers and Libraries as equal partners About 3M euro budget Starting date 1st May, 2015 https://aarc-project.eu/ Authentication and Authorisation for Research and Collaboration

3 http://aarc-project.eu AARC Vision and Outputs 3 Impact Create a cross-e-infrastructure ‘network’ for identities Reduce duplication of efforts in the service delivery Improve the penetration of federated access Outputs Design of integrated AAI built on federated access Harmonised policies to easy cross-discipline collaboration Pilot selected use-cases Offer a diversified training package Avoid a future in which new research collaborations develop independent AAIs

4 http://aarc-project.eu Integration, policy harmonisation, piloting and training 4 Approach Use existing e- infrastructures in the delivery chain Work with e-infras and user communities to solve existing challenges, pilot use-cases and get feedback on the results Design an integrated AAI built on production infrastructures

5 http://aarc-project.eu 5 AARC Work areas

6 http://aarc-project.eu 6 First Results

7 http://aarc-project.eu Many groups and (proposed) policies, but leaving many open issues This WP aims to deal with the open issues: By liaising with existing groups and and work Work to address different areas: “Levels of Assurance” – a minimally-useful level and a differentiated set, for ID and attributes “Incident Response”– encouraging ‘expression’ of engagement by (federation) partners and a common understanding “Sustainability models and Guest IdPs”– how can a service be offered in the long run? “Scalable policy negotiation” – beyond bilateral discussion (and more IGTF style ?) “Protection of (accounting) data privacy” – aggregation of PI-like data in collaborative infrastructures 7 Policy and Best Practices Harmonisation

8 http://aarc-project.eu Security Incident on FIM To agree on a generic security incident response procedure for federations Work done in collaboration with Sirtfi To ensure global acceptance of the results First version of the Sirtfi framework ready for consultation via REFEDS Sirtfi WG: https://wiki.refeds.org/display/GROUPS/SIR TFI 8 Policy and Best Practices Harmonisation – so far LoA work To agree on a sustainable LoA framework AARC looks at LoA needs of SPs and RPs: https://wiki.geant.org/display/AARC/LoA+ survey+for+SP+communities GN4 and R&E federations (and IdPs) looking at the ‘service aspect’ of providing assurance Key challenges: cost of operations and who bears this costs

9 http://aarc-project.eu 9 Architecture Design Analysis of requirements Analysis of AA technologies Guest Identities Attribute Authorities & Token Translation Blueprint Architecture Sep15Dec15Apr15Apr17Jul16 First Draft high level architecture End Oct Aim: Design of an integrated AAI framework based on federated access to enable users to seamlessy access services offered by all R&E e-infrastructures

10 http://aarc-project.eu 1.User Friendliness 2.Homeless Users 3.Different Levels of Assurance 4.Community based authorization 5.Flexible and scalable attribute release policies 6.Attribute Aggregation & Account Linking 7.Federation solutions based on open and standards based technologies 8.Persistent & Unique User Identifiers 9.User managed Identity Information 10.Up to date identity information 11.User groups and roles 12.Step up authentication 10 Architecture Design – Analysis of requirements 13.Browser and non-browser based federated access 14.Delegation 15.Social media identities 16.Integration with e-Government infrastructures 17.Service Provider Friendliness 18.Effective Accounting 19.Policy Harmonization 20.Federated Incident report Handling 21.Sufficient Attribute release 22.Awareness about R&E Federations 23.Semantically harmonized identity attributes 24.Simplified process for joining identity federation 25.Best practices for terms and conditions

11 http://aarc-project.eu 1.User Friendliness 2.Homeless Users 3.Different Levels of Assurance 4.Community based authorization 5.Flexible and scalable attribute release policies 6.Attribute Aggregation & Account Linking 7.Federation solutions based on open and standards based technologies 8.Persistent & Unique User Identifiers 9.User managed Identity Information 10.Up to date identity information 11.User groups and roles 12.Step up authentication 11 Architecture Design – Analysis of requirements 13.Browser and non-browser based federated access 14.Delegation 15.Social media identities 16.Integration with e-Government infrastructures 17.Effective Accounting 18.Policy Harmonization 19.Federated Incident report Handling 20.Sufficient Attribute release 21.Awareness about R&E Federations 22.Semantically harmonized identity attributes 23.Simplified process for joining identity federation 24.Service Provider Friendliness 25.Best practices for terms and conditions

12 http://aarc-project.eu Aim: Pilot key components of the integrated AAI, the policy and best practices results and make reccomandations regarding their deployabity. Different pilots: Guest users/guest IdPs Attribute management Pilot technical and policy results from the other activities To address libraries’ requirements CIlogon for EU To address federated to non-web applications Plus extensions to support community attributes Initial beta version deployed 12 Pilots

13 http://aarc-project.eu 13 About today’s event

14 http://aarc-project.eu Preliminary results available Gain feedback on our work: To better address libraries and communities needs (at the least of those we are aware of) To shape a more effective training package If possible help up reach out more communities 14 Goals

15 http://aarc-project.eu © GEANT on behalf of the AARC project. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 653965 (AARC). Thank you Any Questions? Licia.Florio@geant.org

Download ppt "Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October."

Similar presentations

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service 2012-02-27 Federated Identity Systems.

Innovation through participation Interfederation through eduGAIN - steps and challenges eduGAIN interfederation service Federated Identity Systems.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.

Updates Licia Florio, TERENA REFEDS Meeting 5 Sept 2012.
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org Life science community update for the 7 th Federated Identity Management.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
7 th FIM 4 R meeting 23-24 April 2014 ESRIN Frascati.

7 th FIM 4 R meeting April 2014 ESRIN Frascati.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.

Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.

Authentication and Authorisation for Research and Collaboration Christos Kanellopoulos GRNET Proposed Pilots for Libraries and eGov.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Similar presentations

Ads by Google