Versions Compared

Old Version 3

changes.mady.by.user Hannah Short

Saved on

compared with

New Version 4

changes.mady.by.user Hannah Short

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Support the development of shared AAI components to meet the requirements of WLCG
  • Contribute AARC best practices to definition of the JWT Profile for token content

Description

Main objective of this section is to report detailed informations about pilot. 

Some questions:

  • How this pilot works

  • Reason to prefer this pilot instead of other existing tool

  • Detailed Scope

  • others

How the pilot works: it is effectively a full implementation of an advanced AAI in line with the AARC BPA.

Scope: the pilot should cover all aspects of a robust AAI, including membership management and token provisioning

Why do we need a pilot? WLCG would like to reuse software and contribute to limiting the number of disparate deployments out there, but no tools currently fulfil all of our requirements. There was sufficient interest from EGI-Check-in and INDIGO IAM to enhance their software. The work on EGI-Check-in is officially supported by AARC.

Components

The components are as follows:

ComponentDescriptionWhy did we choose it?Link
RCAuthToken Translation. Used to generate x509 certificates for access to legacy servicesEU wide, sustainable infrastructure componenthttps://rcauth.eu
VOMSAttribute Authority & Membership Management. Legacy authorisation database for WLCG, must be integrated for backwards compatibilityPre-existing. Backwards compatibilityhttps://italiangrid.github.io/voms/
CERN HR DBAttribute Authority. CERN's source of identity vetting informationPre-existing. Backwards compatibilityN/A
INDIGO-IAMOne option for the proxy and membership management componentImplements multiple components, easier maintenance. Product used by other communities.https://www.indigo-datacloud.eu/identity-and-access-management
EGI-Check-inThe second option for the proxy and membership management componentImplements multiple components, easier maintenance. Product used by other communities.https://www.egi.eu/services/check-in/


Architecture

This section will provide 2 important parts:

...

Graphic representations of pilot architecture

...

Graphic representations of workflow

The architecture includes every component of the AARC BPA. 

Simplified version:

Image Added


AARC BPA version:

...

Image Added



Use Cases

This section should explain how this pilot works through use cases (at least 2).

...