Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Basic eduTEAMS service combines work flow components provided by COmanage with a SAML Attribute Authority, the VOOT Protocol and Oauth in order to provide information to the service provider to make an authorisation decision. It also provides a choice of authentication possibilities, from a classic federated Identity Provider within eduGAIN to a social identity such as a Google ID via the Identity Hub.

 

COmanage delivers the VO Membership service which features:

 

  • a registry for research collaboration persistent Identifier
  • research collaboration specific Workflows for onboarding
  • a limited set of custom attributes
  • access through eduGAIN IdPs & Identity Hub

The SAML Attribute Authority implements the SAML attribute Query protocol which...? What does the SAML AA do exactly?

The VOOT Attribute Authority is a RESTfull, OAuth2 shielded resource providing group and attribute information stored in the <which?> using the VOOT protocol towards the Service Provider.

The Identity Hub proxies multiple external identity providers to one single persistent SAML2 IdP. This allows research collaborations to use one endpoint for all Guest/External Id scenarios, while at the same time allowing the endusers to choose the service they prefer.

All these components are packaged and presented as a unified service to the research collaboration.

From the perspective of an example use case, the operator of the research collaboration uses the membership management facility delivered by COmanage in order to on-board participants and assign them roles in particular groups. (What does the SAML AA do exactly). (What does Oauth do?). When a user authenticates, either via their IdP (identity provider within eduGAIN) or via the Identity Hub, <something something persistent identitfier>. The VOOT protocol correctly communicates the collaboration specific information in a standardised way to the SP that can then make the decision.

...