Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan scoping and approach Integration with Commercial Services 2-4 November 2015 AARC SA1.3 Poznan Supercomputing and Networking Center
To pilot SSO access for commercial (cloud) services for research community and consider both technical/architectural solutions (in collaboration with JRA1) and legal and policy aspects (in collaboration with NA3). This work will build on the results of the service activity “Support to cloud" that is part of the GN3plus. The commercial services will be selected together with the user community and we will work together with eduGAIN/GEANT4 to ensure a sustainable service delivery model. 2 Aim of the task According to the Technical Annex
User community How to select the community? Who we shall contact?
Problem statement DJRA1.1 section on GN41 Cloud Activity - making CSP service’s available through eduGAIN Awareness and understanding of eduGAIN Need for development environment and guidelines CSP often even have SAML endpoints, but don’t know how to perform IdP service discovery Lack of infrastructure services CSP are used to simple, manual integration with single IdP, but not to automatically handle a large number of IdPs Need for a Discovery Service Confusing registration procedure Registering to a national federation instead of eduGAIN (esp. For pan-European providers) Different policies in federations Need to reach out and to negotiate with individual IdPs regardless joining eduGAIN The set of available attributes from the eduGAIN IdPs is too limited for delivering personalized service, at least globally unique id for each user is required.
Scope of commercial services pilots We shall cooperate with NA2 to involve the commercials, they need explanations and support Define pilot solution with service discovery The aim is not connecting a CSP to eduGAIN, it is a kind of operational work of eduGAIN/Geant, not AARC. Our focus will be to improve the technical enrolment of commercial service providers The solution must be generic The pilot must be usable for the community Questions: What types of commercial services? Web-SSO only? Focus on Authentication only, or authoritative attributes as well? How many SP?
Selection of suitable providers Source: Helix Nebula project and HN Marketplace Canopy, CLOUDEO, CloudSigma, Cloudwatt, DataCentered, DEAC, DBCE, Exoscale, Prologue, SixSq, T-Systems, Ultimum Technologieshttp:// GEANT Cloud Catalogue CloudSigma, Advania, Axess Systems, Ultimum Technologies, Zettabox Selection criteria: already involved in public-commercial cooperations medium-size (big enough to have required potential, small enough to be ready to talk with us) Cooperate with the community Questions: Are the above criteria ok. (e.g. some people have experience with bigger players)? Anyone have experience or contacts with listed SPs? Someone in the audience have other leads? Shall we limit to those based/operating in Europe?
Discovery Service Delivery modes By SP By VO By national node (NREN) By European instance (eduGAIN) Question: Which mode we shall suggest to CSP (and use in the pilot)?
Discovery Service Possible solutions SURFconext offers a test environment with test IdPs where SPs can test their setup before the whole contractual phase is started Similar solutions may be available also in NRENs. DiscoJuice -flexible User Interface JS library for implementing an IdP Discovery Service. Shibboleth Discovery Service -standard Java web application rvice rvice MAGIC Deliverable D3.2: Assessment of Group Management Standards, NREN tools and value services –to be checked
Workplan for the next 6 months Involve user community Define possible scope of the pilot (with comunity representatives) Contact candidate providers Setup pilots involving at least 2 CSPs
© GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No (AARC). Thank you Any Questions?