Presentation is loading. Please wait.

Presentation is loading. Please wait.

Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Published byFrank Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans."— Presentation transcript:

1 https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans JRA1.1 Requirements gathering JRA1.1 Task leader EGI.eu

2 https://aarc-project.eu DJRA1.1 overview Interviews with the stakeholders Analysis and next steps MJRA1.1 Technologies analysis 2 Overview

3 https://aarc-project.eu 3 DJRA1.1 Requirements analysis

4 https://aarc-project.eu Already available requirements: FIM4R TERENA AAA study Surveys Circulated among the AARC communities, FIM4R ML, and other targets Open questions inspired to the hot topics of the existing documentation Interviews Focused interviews for the DJRA1.1: EGI ELIXIR EUDAT GÉANT Project Dutch consortium of the National and University Libraries To be continued.. 4 Requirements gathering: the process DJRA1.1

5 https://aarc-project.eu AAI Current status What is your community’s current experience with AAI? Benefits, perceived barriers and user experience Technical solutions adopted Current coverage of federated AAI in the community Requirements Type of IdPs relevant for the community How AAI penetration can be improved? Technical requirements Preferred technology, attribute release, LoA management, unique identifiers, group management, type of access 5 Survey topics

6 https://aarc-project.eu BioVel DARIAH EISCAT WLCG EPOS Photon and neutron (Umbrella) ELIXIR CLARIN EGI EUDAT D4Science PSNC FMI Libraries and education 6 Surveys received

7 https://aarc-project.eu How the deliverable is structured: Inputs from the stakeholders: Summary of the requirements available before AARC Summary of the requirements gathered through the surveys Summary of the individual interviews Requirements analysis Architectural and technical requirements Policies and best practices 7 Requirements analysis in DJRA1.1

8 https://aarc-project.eu FIM4R High priority Medium priority TERENA AAA Study Technical recommendations Actions required Main stakeholders Policy recommendations Actions required Main stakeholders 8 DJRA1.1: Summary of the requirements from past activities

9 https://aarc-project.eu 9 DJRA1.1: current status, barriers

10 https://aarc-project.eu 8 out of 10 communities answered in the survey that they have already a technical solution in place 10 DJRA1.1: current status, technologies

11 https://aarc-project.eu 11 DJRA1.1: requirements, type of requirements

12 https://aarc-project.eu Guest Identities / Levels of Assurance/ R2 Homeless users R3 Different Levels of Assurance R13 Step-­up authentication R16 Social media identities R17 Integration with e-­ Government infrastructures User Identification R8 Persistent user identifiers R9 Unique user identities R10 User-­managed identity information Source: Attributes: Groups and Authorisation R4 Community-­based authorisation R5 Flexible and scalable attribute release policies R12 User groups and roles R_P_5 Semantically harmonised identity attributes Attributes: Release R6 Attribute aggregation / Account linking R_P_3 Sufficient attribute release 12 MJRA1.1: The requirements 1/2

13 https://aarc-project.eu Technology requirements R7 Federation solutions based on open and standards R14 Browser & non-­browser based federated access R15 Delegation Privacy, legal issues, and policies R10 User-­managed identity information Source R18 Effective accounting R_P_1 Policy harmonisation R_P_2 Federated incident report handling R_P_7 Best practises for terms&conditions Training R1 User and Service Provider friendliness R_P_4 Awareness about R&E federations R_P_6 Simplified process for joining identity federations The bureaucracy involved in joining identity federations should be reduced 13 MJRA1.1: The requirements 2/2

14 https://aarc-project.eu Surveys, interviews and previous documentation produced a consistent set of requirements Still manageable and non contradicting To discuss within JRA1 how much these requirements need to be prioritized, if any need to be discarded. Prioritization by popularity is one factor to be considered Individual interviews with the stakeholders are another useful tool for periodization Document user stories to analyze how critical the requirements are for the workflows of a stakeholders 14 How can requirements be prioritized?

15 https://aarc-project.eu 15 Individual interviews with the AARC stakeholders

16 https://aarc-project.eu Open discussion with the stakeholders, not limited by the boundaries of a survey But surveys have been a useful tool to gather quickly and consistently material for the deliverable. Describe the user stories What the users need to do What the service providers need to know How the workflows of the services are using authentications/authorization Describe the expectations for AARC outputs 16 Why individual interviews

17 https://aarc-project.eu Interviews part of the DJRA1.1: EGI EGI Workflows EGI critiacl/non-critical requirements EGI AAI plans for evolution ELIXIR Requirements and use cases on which the ELIXIR AAI is being designed EUDAT Plans for the EUDAT AAI B2Access Requirements GÉANT Project VO aaS Cloud Activities Enabling user experience Dutch consortium of the National and University Libraries Status and penetration of AAI 17 Already performed interviews

18 https://aarc-project.eu JRA1.1 plans to continue with the open interviews until the end of the year The outputs of these interviews will be summarized on the JRA1.1 wiki Candidates for the future interviews: CERN Libraries ESFRIs EGI is in contact with the ESFRIs participating to the Competence Centres … 18 Next steps with the interviews

19 https://aarc-project.eu Who else should we interview? Which questions are critical and should be asked explicitly? 19 Feedback needed-1!

20 https://aarc-project.eu 20 MJRA1.1 Technologies analysis

21 https://aarc-project.eu Table of content available on google doc: Existing AAI and available technologies for federated access. Assessment on the AAI technologies operated by the R&E: Research Infrastructures, e-infrastructures Goal of the document: Provide information about the technologies supporting AAI Standards and implementations Tools Provide comparative analysis of these technologies grouped by capability Where to start? Technologies and tools reported in the surveys Interviews and other sources of information to gather the AAI plans of the research infrastructures/e-infrastructures AARC knowledge base 21 MJRA1.1: AAI technologies analysis

22 https://aarc-project.eu Authentication standards and implementation Authorization and group management technologies Interoperability enabling tools Attribute aggregators Token translations services Existing documentation and sources of information: Magic deliverable: Assessment of the existing Group Management Standards and Value Services for Global Communities GÉANT Voaas market analysis GÉANT omparison of Authentication and Authorization Infrastructures for Research 22 MJRA1.1: The topics

23 https://aarc-project.eu Relevant standards SAML2 X.509 certificates and proxies OpenID Connect/Oauth XACML ABAFB (Moonshot) SCIM VOOT CIFERm Implementations SimpleSAMLPHP (SAML2) Moonshot (ABAFB) LCMAPS (X.509) Shibboleth 23 MJRA1.1: Authentication technologies

24 https://aarc-project.eu Attribute management HEXAA UNITY PERUN OpenConext VOMS Comanage Grouper Policy management ARGUS 24 MJRA1.1: Authorization and attributes management services

25 https://aarc-project.eu Attribute aggregators (aggregating IdPs and Attribute authorities) OpenConext SimpleSAMLPHP Unity Perun HEXAA Token translation services CILOGON TCS STS Unity (?) SImpleSAMLPHP (?) 25 MJRA1.1: Interoperability-enabling tools

26 https://aarc-project.eu Compare by: Features/capabilities JRA1.1 requirements: tools supporting the use cases License Sustainability Additional features, e.g.tools supporting multiple standards Compare by: Usability This is the next step after MJRA1.1 Usability will be tested in the pilots under SA1 26 MJRA1.1: How to compare technologies and tools

27 https://aarc-project.eu Milestone due for the end of the year Still some contributors needed for some the tools/technologies. Currently writing the sections of the TOC/Preparing the summary comparison tables. First draft: mid November Final version: mid December 27 MRA1.1 timeline

28 https://aarc-project.eu Are the topics comprehensive? Should technologies/tools be added or removed from the TOC? Would you like to contribute to the document? 28 Feedback needed-2!

29 https://aarc-project.eu 29 Thanks! For any comment or question, please contact me: peter.solagna@egi.eu

Download ppt "Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans."

Similar presentations

EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Www.egi.eu EGI-Engage www.egi.eu EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.

EGI-Engage EGI-Engage Engaging the EGI Community towards an Open Science Commons Project Overview 9/14/2015 EGI-Engage: a project.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.

BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)

Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader Enabling Users

Connect communicate collaborate GÉANT3plus Enabling Users Pilots Lukas Hämmerle Task Leader "Enabling Users"
Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.

Authentication and Authorisation for Research and Collaboration Licia Florio (GÉANT) Christos Kanellopoulos (GRNET) Service orientation.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.

Authentication and Authorisation for Research and Collaboration Pilots on the Integrated R&E AAI Paul van Dijk, Activity Lead Pilots.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Report and plans Attribute.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Milan.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.

Authentication and Authorisation for Research and Collaboration Milan, Italy Training and Outreach Authentication and Authorisation.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.

JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

Similar presentations

Ads by Google