Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Consortium members Login

Study on AAA Platforms For Scientific Resources in Europe

Image Added

In December 2011, a consortium of four partners and a number of external experts was awarded a contract by the European Commission to carry out a study into AAA (authentication, authorisation

Introduction

The Consortium composed of the following four partners:

  • Trans European Research and Education Networking Association, hereafter called TERENA, the leading partner;
  • Ligue des Bibliothèques Européennes de Recherche - Association of European Research Libraries, hereafter called LIBER;
  • Universiteit van Amsterdam hereafter called UvA;
  • University and National Library of Debrecen hereafter called DEENK

has been awarded by the European Commission the grant to do a study on “AAA (authentication, authorization and accounting) platforms and services for scientific data/information resources”.

Aim of the Study

Supporting and promoting scientific research and innovation as well as opening up access to scientific information are key priorities for the European Commission and for the Member States.

The rapid development and adoption of Information and Communication Technologies (ICT) have enabled the provisioning of e-Infrastructures, a distributed environment to share resources (hardware, software and content) and access them wherever required for research purposes; this has changed the way researchers work, enabling almost instantaneous collaboration regardless of physical location and has provided access to an enormous amount of scientific information that can be processed on powerful computational platforms.

Research addresses different aspects and as a result the data produced is very heterogeneous, so is the demand to access, store, protect and preserve them. A platform able to handle different levels of access to heterogeneous content is referred to as the Scientific Data e-Infrastructure (SDI).

The goal of the SDI is to ensure access to different types of content and to allow for flexible, reliable, efficient, cross-disciplinary and cross-border access; at the same time it is important to protect data integrity and ownership and ensure data authenticity as well as data confidentiality. It is also important to ensure that data access is available to everybody, in light of open exchange of knowledge that has been and remains one of the main drivers for research.  

The goal above presents at the same time opportunities and challenges, mostly related to data access, data management and governance, data curation and long-term preservation.

The SDI requires sophisticated mechanisms for authentication, authorization and accounting (AAA). Such mechanisms are already deployed in the existing e-Infrastructures, although further evolution is required to satisfy all requirements. Offering the SDI by simply creating a new AAA platform without any assessment of the state-of-the art would not be desirable from a cost perspective or from a usability perspective. Furthermore, the existing infrastructures already offer, to a large extent, the necessary functionality.

The key objective is thus to enable inter-operability among existing e-Infrastructures as much as possible to offer high quality services for researchers, funding agencies and the public at large in a cost effective way.

The study will assess existing AAA-infrastructures; it will identify use-cases for the SDI as well as the ability for the existing AAA-infrastructures to address these use-cases. The study will also examine the gaps in providing the necessary infrastructure to support the use-cases and explore the work that is being done in the existing AAA-infrastructures to address those needs.

General Study Organization

The study will be organized in two parts/stages:

Part I - Assessment of the state-of-the art of the current Authentication and Authorisation Infrastructures (AAI) for e-Science 

This part will cover the rationale (mostly in the context of the added value for science and society) for building an AAI and will compare scalability, governance (and stakeholders), policies and the widely used technologies; an evaluation of how existing AAI deployed for research and education (in Europe and beyond) could also be used to support other sectors will be provided as well.

During this phase of the study, use-cases will be identified via interviews with different user-groups, such as R&E communities, Information Services providers (data centres, libraries), e-Science users and so on.

The outcome of this part of the study will result in:

  • A complete overview of the AAA landscape in Europe (with references to US and/or other regions) and the main current trends;
  • A description of the inter-operability features of the AAA systems surveyed in light of their suitability as elements of integrated infrastructures.
  • An evaluation of the user-friendliness of the considered AAA infrastructures.

Part II - Existing and emerging infrastructures analysis to address identified use-cases.

A strengths and weaknesses study (SWOT Analysis) of the existing infrastructure to support the identified use-cases will be carried out.

This part of the study will also describe scenarios that would benefit from an integrated AAA and evaluate options to deliver an integrated and manageable AAA/AAI for SDI (or e-Infrastructure).

The results of the SWOT analysis will also be used to address data protection, access issues, trust issues, and access policies at pan-European level.

The outcome of this part of the study will:

  • Describe the rationale for the integrated SDI and its added value to access, store and preserve heterogeneous data; 
  • Provide recommendations for adapting the existing, widely used platforms and services to be fully compliant with the requirements posed by the use of data/information resources (papers, catalogues, raw data, images, etc).
  • Provide recommendations on how the European regulations could support such an integrated SDI;
  • Provide technical recommendations for developers to favour specific technologies to ensure future inter-operability;
  • Address the (organizational, legal and technical) challenges to provide pan-Europe AAA/AAI for SDI/e-Infrastructure.

The following objectives and factors will be addressed in the study:

  •  consolidation and federation of existing e-Infrastructures to comply with the requirements posed by the use of data and information resources - this will be led by an analysis of use-cases;
  • integration with e-Government AAA initiatives ;
  • ease of access to data and information resources not only for the scientific community but for the wider public as well;
  • the use of e-Infrastructure as a cost-efficient platform for large-scale technological experimentation;
  • the role of new technologies and standards under development in relevant bodies such as IETF, OGF, OASIS, ISO/ITU-T, IEEE  and how these can be used to provide the SDI;
  • the role of industry technologies such as those used by social networks (i.e. Facebook), Google and Microsoft in creating e-Infrastructure.

A pan-European trustworthy infrastructure for access to research data will stimulate the exchange of information and will give a boost to students’ and researchers’ mobility. It will support libraries and data centres in their core business: making sure that data can be easily made available not only now but also in the near or far future.

Role of libraries in providing access to scientific information and data

Libraries provide free access to large amounts of information resources, but there are also large amounts of copyright material licensed from rights holders; medical research needs to share images or data in a way to preserve privacy; physicists share not only data but also resources (such as machines, storage and so on). In all cases, mechanisms and infrastructures to manage access are needed, for example to avoid misinterpretation or misuse of data, to identify the person requesting access, to identify his/her privileges and to log usage of data, to respect privacy regulations, to deal with ethical issues, to guarantee data quality and integrity etc.

resources. The study, led by TERENA, was concluded in September 2012.   

The AAA Study Final Report is now available as pdf.


    

                                                                                                                                                                                                                                                                                                 

Aim of the AAA Study

The goal of the study was to evaluate the feasibility of delivering an integrated Authentication and Authorisation (and possibly accounting) Infrastructure (AAI) to help the emergence of a robust platform (Scientific Data Infrastructure(SDI)) for access to and preservation of scientific information.

The targeted actors in the study were the research and education communities, information service providers (data centres, libraries) and e-Infrastructure providers.      

     Image Added

The study was organised in two parts (see picture on the righhand side):  

  1. Collection use-cases to derive the AAI requirements;
  2. Evaluation of existing AAI as well as their gap analisys to identify their strengths and their challenges. The legal aspects of the different AAIs was also assessed.

The output of the study consists of a set of recommendations for the delivery of an integrated AAI to be used for SDI.

The recommendations highlight the following priorities:

  • The general assumption confirmed by this study is that an AAI for SDI should be built on standard technologies, using mechanisms to translate between various authentication and authorisation technologies, and that federated access plays an important role;
  • To fully benefit from federated access, more funding is needed to improve the reach of national identity federations in research an education;
  • Further research is needed to enhance authorisation and accounting mechanisms;
  • A common policy and trust framework for identity management is needed, as well as clarity on data protection laws – these should be coordinated at European level;
  • Relevant organisations such as eIRG, REFEDS (Research and Education Federations), IGTF, the EC and consortia of libraries and data centres should all work towards these goals.

Read more on the Organisation of the Study...

Results of the Study

The tables below summarises the list of high-priority recommendations as identified by the team.

Image Added

Image Added

 

Image Added

 

 

 

Image Added


The recommendations target different stakeholders:

  • The EC for the definition of a possible directive;
  • Developers to encourage them to use standard technologies to achieve interoperability;
  • Member States for creating the conditions for such an infrastructure at a national level;
  • Policy makers, particularly those involved in the Data Protection Directive, to create awareness of the impact of legislation on cross-boundary access management.

The involved stakeholders should act timely to address these points.

 

Milestones

...

and Meetings

The study will be done in the period from January 2012 till August 2012 with the following deliverables and timetable.

D1 - Inception report (February 2011) will elaborate on the methodology that will be used to carry out the study, will provide details on the resources and articulate the objectives.

D2 - Interim study report (April 2012) will cover the intermediate results for the objectives listed above, specifically:

Objective 1: the state-of-the-art survey will be in its final stage and complete.

TERENA and UvA will lead the work to assess the state-of-the art of the existing AAA infrastructures used by the research and education community.

Objective 2: some technical, organisational and legal obstacles will be identified in the analysed AAA Infrastructures and initial proposals will be formulated, specifically on how to overcome the barriers to effectively move towards the provision of common cross-domain and European-wide AAA services suitable for information resources.

The interim report will include initial set of use-cases collected by partners, in particular:

(i) LIBER and DEENK will collect the requirements from the library, the archive and the humanity communities on data access, data management and governance, data curation and long-term preservation as well as on AAA.

(ii) TERENA and UvA will collect to requirements from the e-Science and to the networking communities.

The initial requirements for the AAA infrastructure will be derived by the use-cases; the assessed AAA infrastructures will also be evaluated against the collected use-cases. A SWOT analysis of these infrastructures will be provided as part of this report.

D3 - Final study report (June 2012), including an executive summary, covering the final results for the objectives listed above. The final study report will take into account the discussions at the Final workshop (planned for July 2012) and final meeting as well as the use-communities identified and consulted by the consortium. An annex to the final study report will contain the raw data used in producing the study.

D4  - Technical report (July 2012) which will describe the use of resources in the performance of the contract including e.g. time-sheets on man/days consumption, travel details, use of consumables, etc.

...

NameDeadlineDescription
Draft Final Study ReportJune 2012

Draft AAA-Study-Report - To provide the draft final report of the study for comments. 

This version of the report was circulated before the final workshop (see below).

Partners' liaisons (i.e. REFEDS, TF-EMC2 and other relevant groups) were also consulted.

Beside the report, the consortium has made available an additional document 'FIM and Law'

This document covers  legal issues in federated access management.

Final WorkshopJuly 2012

To present the preliminary results to the study and receive feedback during the workshop.

The workshop was organised at the Commission’s premises in Brussels.

...

Final Study ReportSep 2012To include the feedback received during the final workshop.
Technical ReportAug 2012To report on the use of resources in the performance of the contract.

 

Contacts

If you have any question please do not hesitate to contact the study coordinator Licia Florio (florio@terena.org) or TERENA (secretariat@terena.org)

Consortium

TERENA (http://www.terena.org) has extensive and consolidated experience in leading pan-European initiatives and large-scale studies. TERENA operates under a model in which experts with the appropriate competence and experience from the national academic networks and the research community collaborate in the well-established initiatives operating under the TERENA’s umbrella, such as the Research and Education FEDerationS (REFEDS) initiative, the task-force on European Middleware Coordination and Collaboration (TF-EMC2) and the task-force on Mobility and Network Middleware (TF-MNM). Through the leadership of these groups (who have committed to participating in this study) and through TERENA’s participation in the GÉANT project, TERENA can provide extraordinary resources and knowledge for the task at hand: assessing the AAA-infrastructures operated by (and for) the European R&E community, define the requirements of this community for the next decade and propose recommendations to build the Scientific Data infrastructure (SDI).

LIBER  (http://www.libereurope.eu) offers a network of 425 institutions (major research libraries in Europe) in more than 40 countries, which will prove very useful for consultation, dissemination and awareness raising; LIBER is also well positioned to offer a more political level consultation and outreach via the League of European Research Universities (LERU) and other major research institutes. Large scale survey experience is another main asset that LIBER will bring to the Consortium.

UvA (http://www.science.uva.nl/research/sne/) will contribute to the project study with expert knowledge in the area of Authentication and Authorisation Infrastructure (AAI) and emerging security models for Cloud and on-demand infrastructure services provisioning to achieve federated Authentication, Authorisation and Attributes management in heterogeneous distributed e-Science applications. Existing expertise will be effectively used for proposing a common integrated and/or federated AAA infrastructure for all components and layers of the Scientific Data infrastructure (SDI). UvA has developed generic authentication, authorisation and accounting (AAA) architecture and AAA Authorisation frameworks (described in RFC2903-2906) and provided practical implementation with the open source GAAA (Generic AAA) Toolkit Library used in a number of EU funded projects like GEYSERS (Generalised Architecture for Dynamic Infrastructure Services), Phosphorus (Lamba User Controlled Infrastructure for European Research), EGEE (Enabling Grid from E-sciencE) and others. UvA is active in many standardisation bodies including OGF (http://www.ogf.org), IETF (http://www.ietf.org) and NIST (http://www.nist.gov).

DEENK (http://www.lib.unideb.hu) is one of the leading university libraries with important national tasks in Hungary. DEENK operates the infrastructure of the National Document Supply System including the electronic document service. It provides technical support for the Hungarian Open Repository Network (HUNOR) and brings to the consortium a key role in open access initiatives both on national and international levels as well as the experience gained in developing an electronic archive to store scholarly outputs as one of the first universities in Hungary. It hosts the Open Access National website containing up-to-date information about open access events and projects.

External experts

A number of external experts have already been engaged in the preparation of this offer, namely:

Diego Lopez (Telefonica I+D), former (till October 2011) chair of the TERENA task-force on European Middleware Coordination and Collaboration and also member of the High Level Expert Group on Scientific Data e-Infrastructures;

Nicole Harris (JISC Advance) and co-coordinator for REFEDS;

Klaas Wierenga (Cisco Systems) and chair of the TERENA task-force on Mobility and Network Middleware as well as chair of the European Committee for Academic Middleware (ECAM), and

Torbjörn Wiberg (Umeå University) responsible for the Swedish Alliance of Middleware Infrastructure; they have committed to participate in the study as well.