EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Introduction of Grid Security

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

GT 4 Security Goals & Plans Sam Meder

TNC 2008 / Short Lived Credential Service Implementation Based on National AAI Short Lived Credential Service Implementation Based on National AAI Emir.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Federated access to e-Infrastructures worldwide

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI GGUS user authentication Tiziana Ferrari/EGI.eu Peter Solagna/EGI.eu

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

European Life Sciences Infrastructure for Biological Information Life science community update for the 7 th Federated Identity Management.

Kerberos and Identity Federations Daniel Kouřil, Luděk Matyska, Michal Procházka, Tomáš Kubina AFS & Kerberos Best Practices Worshop 2008.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

WLCG Laura Perini1 EGI Operation Scenarios Introduction to panel discussion.

Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI strategy and Grand Vision Ludek Matyska EGI Council Chair EGI InSPIRE.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EMI is partially funded by the European Commission under Grant Agreement RI Security Token Service (STS) Simplified Credential Management Henri.

INDIGO – DataCloud Security and Authorization in WP5 INFN RIA

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

EGI-Engage EGI Webinar - Introduction - Gergely Sipos EGI.eu / MTA SZTAKI 6/26/

Authentication and Authorisation for Research and Collaboration Peter Solagna, Nicolas EGI AAI integration experiences AARC Project.

Authentication and Authorisation for Research and Collaboration AARC/CORBEL Workshop for Life Sciences AAI AARC Draft Blueprint.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI A pan-European Research Infrastructure supporting the digital European Research.

DARIAH EU AAI consideration K. Skala, D. Davidović, Z. Šojat Lisbon, 22 May 2015.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE Software provisioning and HTC Solution Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI An Introduction to European Grid Infrastructure (EGI) March An Introduction to the European Grid Infrastructure.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI solution for high throughput data analysis Peter Solagna EGI.eu Operations.

The IGTF to eduGAIN Bridge

WLCG Update Hannah Short, CERN Computer Security.

AENEAS WP6 first conference call

EGI Updates Check-in Matthew Viljoen – EGI Foundation

AAI for a Collaborative Data Infrastructure

User Community Driven Development in Trust and Identity

EMI Interoperability Activities

CheckIn: the AAI platform for EGI

Check-in Nicolas Liampotis

EGI-Engage Engaging the EGI Community towards an Open Science Commons

Solutions for federated services management EGI

EGI Webinar - Introduction -

Pilots in AARC Arnout Terpstra (AARC2) / Paul van Dijk (AARC1)

AARC Blueprint Architecture and Pilots

David Kelsey (STFC-RAL)

Pre-OMB meeting Preparation for the Workshop “EGI towards H2020”

AAI in EGI Status and Evolution

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager Gergely Sipos Technical Outreach Manager European Grid Infrastructure 1

EGI-InSPIRE RI European Grid Infrastructure European –Over 35 countries Grid –Secure federation of IT resources, computing storage and applications Infrastructure –More than 340 resource centres –HTC and cloud services –For European researchers and their international collaborators EDG  EGEE  EGI –Supporting research for over 10 years –More than 200 user communities, 20k users 2 EGI.eu

EGI-InSPIRE RI Authentication: –X.509 personal certificates from IGTF Certification Authorities CA available in every country –Supported by several Registration Authorities distributed Terena Certificate Service for eduGAIN users Catch-all CA provided by EGI.eu Authorization: –Based on attributes provided by the user communities Virtual Organization membership Roles and groups within the VO Authentication and Authorization in EGI - 1

EGI-InSPIRE RI Authentication and Authorization in EGI - 2 Virtual Organization TRUST

EGI-InSPIRE RI The key is: collaboration Authentication and Authorization workflows scale with the number of service providers and users –User identity is verified by the IGTF Certification Authorities who release the X509 certificates –The certificate enable uniform authentication of the user across resource centres User communities have the tools to manage the membership of their users and their structure –Collaborate to the trust chain and to integrate the information provided by the Identity Providers –Authorization is based on the Virtual Organization membership and attributes not on the single user identity –The user capabilities based on groups and roles within the VO are reflected into uniform access rights across the sites that support the VO

EGI-InSPIRE RI Extend the X509 mechanism For some users approaching EGI the X509 mechanism is a barrier –They do not have easy access to a Certification Authority –They would prefer to continue using their institutional credentials –VOs and Resource Providers implement portals to ease the access to the resources The most effective solution is to bridge other identity federations (eduGAIN, institutional IdP) with the EGI AAI –Technical bridge: credentials translation, support in the middleware for other AuthN protocols –Policy bridge: build trust between SP and IdP, enable different level of trust

EGI-InSPIRE RI Extend federated AuthZ Provide tools to the users to manage their user communities –Distributed Attribute Authorities connected with the user’s IdPs –Can be used also within application-specific environments for user authorization Maintain uniform authorization across multiple service providers –Based on the attributes provided by the user communities Apply the collaborative trust approach of EGI to new authentication technologies

EGI-InSPIRE RI Enable interoperability E-infrastructures should collaborate in this evolution process Enable SSO for users who has access to multiple infrastructures –Enable a European Authentication and Authorization Infrastructure that can be used by multiple resource federations and application specific frameworks