Page History

• Analysis of user- community requirements
• Existing AAI and available technologies for federated access
• First Draft of the blueprint architecture (still work in progress, but preliminary work available here)

Image Added

Pilots started 

Based on the guiding documents of the AARC architecture (JRA1) and the AARC policy harmonisation (NA3) activities we commenced a the first cycle cycles of pilots:

• In task 1 "Guest Access" we started a pilot to involve Libraries in the identification and hands-on implementation of relevant solutions to support their migration from IP-based authentication against publishers' online resources to a SAML/federated bases approach based approach. This work focuses on embracing all possible users that need access to library resources (including so-called walk-by users which may be citizen scientists) and all relevant service providers, including those who only support IP-address based access control. With this pilot we want to show that it is possible to apply the principle of inclusiveness and at the same to hide complexity for the user.
  More details on the status of this work are available here
  
  
• In task 2 "Attribute Management" a we pilot aiming at testing the usability use of SAML based attribute authorities to regulate service access authorization has started. In the specific case of this pilot the services to be approached are Cloud services. The Attributes Authority provide authoritative information e.g. to be consumed by cloud services at EGI. The Attributes Authorities (AAs) used in this context is PERUN developed by CESNETare PERUN and COmanage (or even ORCID as an AA). Attribute aggregation components used are OpenConext and SimpleSAMLphp. At later phase we aim to address and pilot scenarios where attributes from multiple attribute authorities (and probably multiple VOs) flow into service. E.g. consider a cloud provider that wants to serve several Virtual Organizations, managed by different Virtual Organization Manager Entities.
  
  
• In task 3 "Access to Resources" quite some progress has been made in establishing token translation pilot services. One pilot focuses on the application of CI-Logon components + add-ons to bridge the gap between the world of SAML based authentication (NRENs) and that of certificate based authentication (GRID and e-infrastructure providers). A description of our intermediate results are available in this blog and this presentation. In a second pilot on access to resources, we assess the feasibility to enable non-web single sign-on based on LDAP Facade, developed by the Karlsruhe Institute of Technology. At the same time we started to engage a number of service providers to pilot with provisioning their services as a service provider or attribute authority. One example is ORCID. ORCID.org offers researchers a persistent life long digital ID. Providing access to ORCID with a federated account and including ORCID as an Attribute Authority may provide interesting clues for Research Communities & AAIs. Read more about the pilot with ORCID in AARC: see powerpoint

With these efforts we already identified interesting clues , challenges and future paths for development but also a number of challenges we need to solve to be able to bridge different research infrastructures and communities. By performing these pilots we will be able to assess suitability of the chosen components in practice and how well they match with user and security requirements. A brief overview of all ongoing and planned pilots is available here. Further details and updates will follow soon.

More details per task are available here: