Pilot Description
Main objective of this section is to provide a briefly high-level description of related pilot. The idea is to provide basic information, so that the reader can easily understand it.
Pilot goals
Some questions to answer:
What are the goals of this pilot?
Why is it in AARC project?
How this pilot will improve AARC community?
Why should I use this pilot instead of other solutions?
Description
Main objective of this section is to report detailed informations about pilot.
Some questions:
How this pilot works
Reason to prefer this pilot instead of other existing tool
Detailed Scope
others
Components
This section will contain a lists of components used for this pilot.
It is not required to add a detailed description for each component, but 3 important parts are:
- Add Link to component web page
- Add a short description to explain its function (not more than 1 raw)
- Explain why these components have been chosen
An example:
- Component A - Service provider
- Component B - Bring order to chaos
- Component C - Hide my precious treasure
The components are as follows:
| Component | Description | Why did we choose it? | Link |
|---|---|---|---|
| RCAuth | Token Translation. Used to generate x509 certificates for access to legacy services | EU wide, sustainable infrastructure component | https://rcauth.eu |
| VOMS | Attribute Authority & Membership Management. | Pre-existing. Backwards compatibility | https://italiangrid.github.io/voms/ |
| EGI-Check-in | The second option for the proxy and membership management component | Implements multiple components, easier maintenance. Product used by other communities. | https://www.egi.eu/services/check-in/ |
COmanage Modules configuration
You need admin privileges to perform the following:
Select <collaboration> -> Configuration -> Pipelines -> Add Pipeline
See screenshot below for configuration settings
Select <collaboration> -> Configuration -> Organisational Identity Sources -> Add Organisational Identity Source
See screenshots below for configuration settings
Select <collaboration> -> Configuration -> Enrollment Flows -> Add Enrollment Flow
See screenshots below for configuration settings
| Environment | Issuer DN |
|---|---|
| AARC pilot (e.g. LS AAI, WLCG) | {{/O=AARC/OU=AAI-Pilot/CN=AARC Simple Demo CA}} |
| Production | {{/DC=eu/DC=rcauth/O=Certification Authorities/CN=Research and Collaboration Authentication Pilot G1 CA}} |
Select <collaboration> -> Configuration -> Provisioning Targets -> Add Provisioning Target
See screenshots below for configuration settings
Architecture
This section will provide 2 important parts:
Graphic representations of pilot architecture
Graphic representations of workflow
Lists of all components of related pilot
AARC BPA version:
Use Cases
This section should explain how this pilot works through use cases (at least 2).
Use cases can be represented in the form of a table, where:
- The title is the use case
- Each line is a step
- 2 columns available, first with text and description, second with a screenshot
(Here's a valid example LINK)
User links x509 certificate to user's COmanage profile and gives access to SP if the user belongs to an authorized group
Select <collaboration> -> Configuration -> Enrollment Flows -> Add Enrollment Flow
<Name>, e.g. Confirm request for accessing EGI resources <Status> => Active <Petitioner Enrollment Authorization => Authenticated User <Identity Matching> => None <Email Confirmation Mode> => None <Terms and Conditions Mode> => Explicit Consent <Finalization Redirect URL> => The URL of the enrollment petition to follow. For this case the enrollment to follow is the RCAuth enrollment
See screenshots below for configuration settings
See screenshots below for co persons profile after finishing DARIAH Enrollment
Demo Videos can be found here
- User accessing Dariah service
- Expunging a user from Group Management Framework removes the user from VOMS as well
Further information
Last part contain a list of information, link or anything related to the pilot that was not mentioned in ahead seciton.