Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We describe here the set up of the Social Identities pilot

 

PIlot on Attribute Management and Guest integration is carried out in collaboration by Task1 and Task2 of SA1; Its goals are to demonstrate the actual inclusion of Guest Identities in the provisioning and consuming of Federated services.

More specifically, the main goal is to actually demonstrate how a user, provided with a Social Identity or an ORCID ID, can be Authorized to use a Cloud service ( Openstack Keystone configured as a SAML SP) provided her/his identity is known to a specific Virtual Organization ( or Collaboration).  The fact that a Social ID is registered inside a directory ( or an Attribute Authority)  ensures the user has been going through a process of vetting, succesfully passed, allowing her/him to be registered by an AA operated by a Collaboration. This contributes to enhance the LoA associated to the Social ID, and enables users to be Authorized on a specific SAML SP of relevance for the Collaboration itself.

 

The Pilot has been conceived to make use of Social Identities ( Google ID, FB ID..), an IDP/SP proxy bridgning OAuth2/OIDC and SAML,  an Attribute Authority (COMANAGE), providing additional attributes to the ID, and, on the Service Provider side, Openstack Keystone configured as a SAML Service Provider.

 

 

ComanageGuestPilot.gifImage Added

 

Social Identities need to be linked to eduGAIN federated ones;  Subsequently, they need to be enriched with Attributes entitling users to be authorized to SAML Service Providers.

...