Task Leader: PSNC Maciej Brzeźniak
This This task aims at improving access to relevant research and education non-web resources located outside the home organization of the user. The main improvement is making to make use of existing AAI AAIs that provide verified institutional user credentials and (external) authorization attributes instead of local user management. While many successful implementations exist already for web portals, the technology for non-web scenarios is still immature.
A number of pilots is going to be setup in order to investigate emerging non web SSO solutions and workarounds. The selection of software to be piloted is going to be discussed with JRA1 in order to focus on tools that fit with the requirements of the research community and the blueprint architecture (JRA1.3 and JRA1.4). Also the requirements gathered by JRA1.1. will be used as input material for the assessment of technologies used in the pilots. Finally, the experience gathered while running the pilots and the performed analyses will be used as feedback for the final shaping of the blueprint architecture in JRA1 and best practices recommendations in NA3.
Therefore we focus on suitable approaches and services for token translation. In addition, we will pilot and analyse the usage of user credentials and attributes coming from different AAIs in the second year of this project.
To address the token translation topic we have started two pilots and a third pilot is currently in preparation:
- LDAP Facade - The pilot aims at providing access to non-web resources (e.g. sftp, ssh console) for non-grid users by exploiting the existing AAIs, without the need to obtain user certificates.
- CILogon - The CILogon pilot has started to test the feasibility to provide a more advanced online service for producing certificates based on a institutional login and to delegate a proxy certificate to a non-web back-end service without bothering the user with certificate related complexity
- Unity - Unity-IdM is the 3rd solution we aim to assess to bridge SAML based identities and attributes to non-web resources. This work will likely be performed in collaboration with the EUDAT AAI team and is currently in preparation
In addition, we aim to pilot access to cloud resources. In this context we started to explore and pilot:
- ORCID.org as a service provider - to be piloted with our AARC research community. Further work includes the feasibility to use ORCID as an attribute authority but this work will take place in SA1 Task 2 (attribute management)
- OwnCloud and LibreOffice to demonstrate the integration of Libre Office Online with Owncloud as a service that is available through eduGAIN. We will assess its usefulness within the DARIAH community and others
- Integration opportunities that may arise from services being added to the GN cloud catalogue
- Work plan
View file name AARCSA1.3 workplan.pdf height 250 Commercial Service Providers - potential partners for AARC SA1.3
View file name commercial service providers 2.pdf height 250