Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 This IdP solution will be used for the following purposes:

  • To give access to restricted LW services. The services may be restricted because of processing power or storage demands.
  • To protect user data and scripts that are stored on the infrastructure (unix home folders etc)
  • To give access to data not yet in the public domain. (data in databases , project moratorium period )
  • To distinguish between users uploading data to the system (RvLab , eLab, data explorer)
  • To give access to openstack configuration interface and computing resources at infrastructure layer.
  • To manage roles/groups and authorize them to access specific services.

Currently, the different user apps manage their own users. The institutional credentials could be federated in the Identity Provider. Also, it should manage the following roles/users:

  • IT administrator who have access at infrastructural level.
  • Developers/Solver who have access to computing/storage resources to develop new Vlabs/VREs.
  • LifeWatch ERIC research users
  • Citizen Science (to have access to concrete applications)

The architecture suggested by AARC based on the blueprint is a promising approach to be adapted to the European framework, in particular for the European Open Science Cloud.



Description

Main objective of this section is to report detailed informations about pilot. 

Some questions:

...

How this pilot works

...

Reason to prefer this pilot instead of other existing tool

...

Detailed Scope

This Pilot, which is based on the AARC BP architecture, deploys a Keycloak instance to work as LifeWatch ERIC IdP, which will b the official user manager solution. It will be deployed on production as a High-Availability service on LifeWatch ERIC ICT resources.

...

Keycloak satisfy all the expected functionalities, since is is compatible with the most used technologies (SAML, OIDC), it allow IdP federation and allows user group management and attribute mapping. The characteristics provided make Keycloak a promising solution to be adopted instead other available.

Components

This section will contain a lists of components used for this pilot.

...