Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,

Published byAlfred Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,"— Presentation transcript:

1 EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN, Geneva, Switzerland

2 EMI INFSO-RI-261611 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop 2 Content Background AAI WG use cases Security Token Service (STS) Current work plan

3 EMI INFSO-RI-261611 3 Background AAI workshop held at EGI TF (Sept. 2010) [1] Questionnaires for projects crossing national boundaries and National Grid Initiatives (NGIs) – 3 User communities Biomed, Earth Sciences, HEP – 5 ESFRI projects CLARIN, Lifewatch, ELIXIR, EuroFEL, ILL – 2 NGIs Italy, U.K. 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

4 EMI INFSO-RI-261611 4 Results for the questionnaire [2] Grid users do not want to handle credentials themselves Grid users would like to obtain X.509 credentials and VOMS attributes from other credentials and vice-versa Projects would like to use federated identities Projects recognize that both national and international identity federations will become more important User identities and actions on a Grid should be protected (anonymized) Projects realize that access to the majority of Grid infrastructures requires and will require in the future X.509 credentials 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

5 EMI INFSO-RI-261611 5 AAI WG use cases [2] Use- case DescriptionStatus 1X.509 issuance based on AAI (another security domain) „Solved“ (but needs improvement!) 2AAI-enabled portals to Grid infrastructures Solutions exist SAML delegation new 3AAI-enabled Grid information portals Low priority 4Security Token Service (STS)New, general purpose service, high priority 5Use of AAI attributes in GridInteresting, potentially very important 6VO registration using AAI (identity vetting) Low priority 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

6 EMI INFSO-RI-261611 6 STS functionality overview Security Token Service (STS) is defined in the WS-Trust specification [3] – Authenticates and “authorizes” users based on security tokens – Transforms the security token into another security token – Aggregates required information from external sources – Establishes a trust relationship between different application domains 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

7 EMI INFSO-RI-261611 7 STS Example Use Case (1/2) 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

8 EMI INFSO-RI-261611 8 STS Example Use Case (2/2) 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

9 EMI INFSO-RI-261611 9 (Some) issues in the previous sequence SAML token must be targeted for both Portal and STS Who generates the key pair and stores the private key? – Depending on the online CA, key pair can be theoretically generated by any party WS-Trust [3] profile definitions How about if the STS is accessed directly via a (non-browser) client tool? 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

10 EMI INFSO-RI-261611 10 Current work plan Continue the WS-Trust interoperability profile [4] effort started in EGEE-III Define the other profiles missing in the sequence – E.g. for SAML, the building blocks include SAML delegation and ECP profile STS service- and client-side implementations – Service implementation is based on the upcoming Shibboleth Identity Provider v3 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

11 EMI INFSO-RI-261611 11 References [1] EGI TF 2010: AAI needs of the DCIs – https://www.egi.eu/indico/sessionDisplay.py?sessionId =11&confId=48#20100914 https://www.egi.eu/indico/sessionDisplay.py?sessionId =11&confId=48#20100914 [2] EMI AAI Working Group – https://twiki.cern.ch/twiki/bin/view/EMI/EmiJra1T4AAI https://twiki.cern.ch/twiki/bin/view/EMI/EmiJra1T4AAI [3] OASIS Standard: WS-Trust 1.3 – http://docs.oasis-open.org/ws-sx/ws-trust/200512 http://docs.oasis-open.org/ws-sx/ws-trust/200512 [4] Chad La Joie / SWITCH: WS-Trust 1.3 Interoperability profile – http://www.switch.ch/grid/support/documents/ http://www.switch.ch/grid/support/documents/ 09/06/2011 John White at Federated Identity Systems for Scientific Collaborations Workshop

12 EMI is partially funded by the European Commission under Grant Agreement RI-261611 Thank you!

Download ppt "EMI AAI Strategy & Plans John White / Helsinki Institute of Physics Federated Identity Systems for Scientific Collaborations Workshop 09.06.2011, CERN,"

Similar presentations

Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop 7.7.2011 London, UK.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
EMI INFSO-RI-261611 Session Summary AAI Needs for DCIs John White, HIP Christoph Witzig, SWITCH

EMI INFSO-RI Session Summary AAI Needs for DCIs John White, HIP Christoph Witzig, SWITCH
2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.

2006 © SWITCH SWITCH Plans for Shibboleth and Grid GGF16 Feb 14, 2006 Christoph Witzig (Thomas Lenggenhager, Valery Tschopp, Placi Flury) SWITCH.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:

ESA EO Federated Identity Management Initiatives A. Baldi ESA: M. Leonardi RHEA:
EMI INFSO-RI-261611 European Middleware Initiative (EMI) Standardization and Interoperability Florida Estrella (CERN) Deputy Project Director.

EMI INFSO-RI European Middleware Initiative (EMI) Standardization and Interoperability Florida Estrella (CERN) Deputy Project Director.
Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Similar presentations

Ads by Google