Table of Contents |
---|
Functional Architecture VO membership Service
source: VOpaas_architecture_v2.odp
COmanage
COmanage delivers the VO Membership service which features:
...
Next to the CO-DB and AA-DB, a ACL-DB is filled to let the VO managers select which SPs should get what data from the VO. THis information is used to filter the data in the AAs.
SAML AA
The SAML AA implements the SAML attribute Query protocol. It is basically a Shibboleth IdP which reads attribute data from MySQL.
(Example implementation, see https://wiki.surfnet.nl/display/ORCIDAA/Technical+Setup, chapter 2)
VOOT AA
the VOOT AA is a RESTfull, OAuth2 shielded resource providing group and attribute information using the VOOT protocol. Example implementation (https://github.com/OpenConextApps/php-voot-provider)
As its resource the AA-DB and ACL-db are used. To manage autherization, APIS can be used, however, for the pilots, it is proposed to use basic authentication (which is provided by the php-voot-provider by default)
TEIP (Transparent External Identity Proxy)
The TEIP service proxies multiple external identity providers to 1 single persistent SAML2 IdP. This allows VOs and federations to use 1 endpoint for all Guest/External Id scenarios, while at the same time allowing the endusers to choose the service they prefer.
TEIP functional overview. Note that Authentication sources shown are examples, and may not be present in actual setup.