Presentation is loading. Please wait.

Presentation is loading. Please wait.

AAI for a Collaborative Data Infrastructure

Published byJanis Crawford Modified over 6 years ago

Similar presentations

Presentation on theme: "AAI for a Collaborative Data Infrastructure"— Presentation transcript:

1 AAI for a Collaborative Data Infrastructure
EUDAT AAI for a Collaborative Data Infrastructure - Challenges and Approaches - Mark van de Sanden, EUDAT EGI H2020 workshop Amsterdam, 5 December 2013

2 Outline Intro to EUDAT EUDAT Services 2 use case
EUDAT AAI requirements

3 The CDI concept Collaborative Data Infrastructure
User-focused functionality, data capture & transfer, VREs Trust Data Curation Data Generators Users Data discovery & navigation, workflow creation, annotation, interpretability Community Support Services Persistent storage, identification, authenticity, workflow execution, mining Common Data Services

4 Initially six research communities on Board
EPOS: European Plate Observatory System CLARIN: Common Language Resources and Technology Infrastructure ENES: Service for Climate Modelling in Europe LifeWatch: Biodiversity Data and Observatories VPH: The Virtual Physiological Human INCF: International Neuroinformatics All share common challenges: Reference models and architectures Persistent data identifiers Metadata management Distributed data sources Data interoperability

5 Communities and Data Centers
Identifying basic requirements Identify commonalities, common data services

6 What community users see …
Today Community portal, single credential type Community Layer Community specific authentication, authorization & single sign-on commutity data

7 What community users see …
Tomorrow EUDAT portal, for non-affiliated users, many credential types Various community portals, different credential types common metadata exploration common data stage-in and stage-out services data services for the long tail data, also from citizen scientists common replication services with access to distributed storage Unified Authentication, Authorization & Single Sign-On data community data commutity data useful Other very

8 EUDAT Services services to come Metadata Catalogue AAI PID
Aggregated EUDAT metadata domain. Data inventory Network of trust among authentication and authorization actors Identity Integrity Authenticity Locations Safe Replication Data Staging Simple Store Data curation and access optimization Various flavors Dynamic replication to HPC workspace for processing Researcher data store (simple upload, share and access) Semantic Anno checking & referencing EUDAT Box Dynamic Data Workflow Engine services to come dropbox-like service easy sharing local synching immediate handling executing WFs

9 VPH use case

10 DRIHM Bridge between citizen and community scientists
Community Domain Specific Metadata Describe Citizens

11 Communities * 𝚷 𝛀 𝛀 𝚫 𝚿 * AuthN IdP A B C D AtP 1 2 3
eID shib OpenID x.509 Identity credential conversion Different types of Identity Providers AuthN zoned credential conversion service unique user Ids, project-wise mapped to attribute based access control information 𝚷 𝛀 𝛀 consolidated credentials AtP 1 2 3 Communities 𝚿 𝚫 Attribute Provider AuthZ either community-managed or ( ) attributes provided by user’s home IdP are reused *

12 EUDAT AAI Requirements
Support different authentication methods (e.g. OpenID, OAuth, X.509, Shib, …) Support fine grained access control – VO and Role approach does not work A minimum set of semantically standardized attributes for user identification and access control Communities retain control on authorization decisions Attributes can be provided by Universities, Scientific institutes or Community organizations as IdP or AtP Support different Access Methods (e.g. HTTP, GridFTP, Web Portals, Workflows) Technics for bridging between community, Institute, NREN, e-Infrastructure providers (e.g. EGI, PRACE and EUDAT) and public/private (e.g. Helix Nebula, ..) domains Need for broadly accepted use and data privacy policies (e.g CoC, LoA)

13

14 EUDAT AAI SAML is used for authentication (possibly translated from OpenID) OAuth2 is used for delegation - internally, within the federation XACML is used for access control policies. Communities retain ultimate decisions on authorizations, EUDAT enforces these authorization rules across the federation An X.509 certificate with authorisation attributes is generated and managed internally and thus it is not exposed to or accessible by the user. Its purpose is threefold: (a) to ensure that non-HTTP services can be accessed (i.e., outside the OAuth delegation workflow), such as GridFTP and iRODS, and (b) to allow fine-grained authorisation, and (c) to allow command line access to services for expert users. In OAuth, the authorisation server remains the central hub where access is delegated. Since EUDAT needs finer grained access, the generated X.509 certificate carries also authorisation attributes which are checked against pre-defined access policies. The system used for this EUDAT AAI pilot was built by the Contrail project. The Contrail Security (ConSec) code is reused and tools are developed for this pilot project. ConSec was chosen after an evaluation of options, where ConSec promised most of the features required by the EUDAT communities. A ConSec authentication service is currently running at Juelich. EUDAT is currently not running an authorisation infrastructure.

15 EUDAT Sites community centres general data centres repositories
(replica) storages

Download ppt "AAI for a Collaborative Data Infrastructure"

Similar presentations

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.

Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.
EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force.

EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force.
EUDAT Towards a pan-European Collaborative Data Infrastructure Ari Lukkarinen CSC-IT Center for Science, Finland APA Conference, November 6th, 2012.

EUDAT Towards a pan-European Collaborative Data Infrastructure Ari Lukkarinen CSC-IT Center for Science, Finland APA Conference, November 6th, 2012.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Federated A(A(A))I Jens Jensen hepsysman, RAL, 20110701.

Federated A(A(A))I Jens Jensen hepsysman, RAL,
Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.

WebFTS File Transfer Web Interface for FTS3 Andrea Manzi On behalf of the FTS team Workshop on Cloud Services for File Synchronisation and Sharing.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
EUDAT: Data sharing and management in a collaborative data infrastructure Rob Baxter, EPCC, University of Edinburgh.

EUDAT: Data sharing and management in a collaborative data infrastructure Rob Baxter, EPCC, University of Edinburgh.
Www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065 B2ACCESS LSDMA.

EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No B2ACCESS LSDMA.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EUDAT operations perspective and initial achievements Johannes Reetz EGI Technical Forum 2012 EGI/EUDAT/PRACE operations workshop Prague, 18 Sep 2012 eudat.eu.

EUDAT operations perspective and initial achievements Johannes Reetz EGI Technical Forum 2012 EGI/EUDAT/PRACE operations workshop Prague, 18 Sep 2012 eudat.eu.

Similar presentations

Ads by Google