Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Scientific research is at the heart of every European University. Nowadays, such research is no longer an isolated activity. With the capabilities of the internet to connect not only people but also resources, sciences have evolved into e-Science where individual participants in an experiment, paper collaboration or users of specific Research Infrastructures come together from a wide range of countries and organisations.

Authentication and authorisation infrastructures (AAI) are required to regulate who can gain access to resources in such distributed environments. While federated identity and eduGAIN go a long way to enabling such access policies, in many cases, research groups of all sizes need additional specialised infrastructure built on top of eduGAIN to manage group and authorisation information, and also to integrate users from a wide range of environment, connecting them to their services, and also to other generic services such as storage and compute provided by any eInfrastructure provider or even commercial entity. It is a key goal of eduTEAMS that it is possible to integrate with services provided by any eInfrastructure, Research Infrastructure or long tail simple collaboration.

eduTEAMS is being designed and piloted by GÉANT in two variants to meet those needs:

Phases 1: Basic service:

  • includes Membership management, Identity Hub for non eduGAIN users, Basic Groups, and Basic Provisioning
  • allows end users of eduGAIN members to be able to login
  • has infrastructure operation provided by GÉANT 
  • is offered to users at no additional cost

Phase 2: Advanced service:

  • includes the same features as  the basic offering, plus Advanced Groups, Attribute Management, Advanced (de-)Provisioning, SP proxy, Attribute Aggregation
  • Is private to eScience community operators and end users authorised by them
  • Includes operations and consultancy provided by GÉANT
  • Is offered on the basis of a per community contract and cost

<Suggested graphic - something wooshy connecting groups of people to information>

How eduTEAMS Works

Who benefits from eduTEAMS

...

eduTEAMS benefits national identity federations by enabling their infrastructures to more easily serve complex federated authorization needs without increasing individual national investment.

How eduTEAMS Works

The Basic eduTEAMS service combines work flow components provided by COmanage with a SAML Attribute Authority, the VOOT Protocol and Oauth in order to provide information to the service provider to make an authorisation decision. It also provides a choice of authentication possibilities, from a classic federated Identity Provider within eduGAIN to a social identity such as a Google ID via the Identity Hub.

Image Added

The operator of the research collaboration uses the membership management facility delivered by COmanage in order to on-board participants and assign them roles in particular groups. (What does the SAML AA do exactly). (What does Oauth do?). When a user authenticates, either via their IdP (identity provider within eduGAIN) or via the Identity Hub, <something something persistent identitfier>. The VOOT protocol correctly communicates the collaboration specific information in a standardised way to the SP that can then make the decision.

At each stage privacy is preserved by....and security maintained by....

Use Cases

A simple collaboration Use Case:

...

When Bob logs into the wiki service, the wiki service queries both the Membership management service to get Bob's Persistent VO Identifier and the Simple Groups service to find that Bob has the correct role, "wiki space editors", which allows him to edit content in the wiki space. 

 

How is eduTEAMS being created?

...

When will eduTEAMS go live?

<Put roadmap here, with feature list and contact details>

 

eduTEAMS News

Use this item for updates about pilot transitions etc.

...