This page contains the details of the surveys and interviews that are being performed by JRA1.1 with user communities, research infrastructures, e-infrastructures, and other stakeholders of the AARC project.

Surveys

BioVel

BioVel supports researchers in the domain of ecology, biodiversity and ecosystems science.

The same requirements reported by BioVel in this document are also more in general applicable to the majority of the environmental sciences.

The use case of BioVel can be described with the following two trust relations:

1. Relation between the end-users (for example the researcher) and service providers providing specialized domain specific data and analytical services.
2. Relation between service providers mentioned in (a) above and the multi domain e-infrastructure providers like EGI.eu, EUDAT, PRACE, as well as commercial providers as AWS.

The first trust relation has to be secured (typically) by a username/password oriented SSO authentication and authorization mechanism. Service providers are unrelated to one another so a mechanism like that used with e-journals access has to be deployed i.e., persistence of sign-on available to multiple Service Providers for a timed period. Additionally, the persistent sign-on has to be capable of being delegated (automatically) to workflows / agents acting on the users’ behalf at the machine-to-machine level. Such workflows/agents may initiate transactions to multiple SPs in sequence.

The second trust relation between each community SP and a non community-specific service provider(s) is unique to each SP/FP pairing. There is no requirement for persistence across pairings.

The trust model, as has been initially described in the section 2.1.1 BioVel users need to access data repositories to search, access and upload data, and to access computing services to elaborate the data and then store back the results of their analysis. The BioVel community is leveraging on both internal service providers, for example for the data repositories, and on the European multi disciplinary e-infrastructures, for example to access computing capacity.

The community is accessing a number of heterogeneous service providers, single sign on (SSO) capabilities are fundamental to enable scalable workflows, together with an uniform authorization infrastructure. The workflows requires also to delegate the authorization of one user to a service to access data or perform actions on the user’s behalf.

BioVel foresee also to interact with citizen scientist, therefore some use cases may require the integration with low level of assurance credentials such as social media credentials.

AAI technologies

The community is still at the beginning of adopting federated identity/authorization solutions. Working closely with EGI and other service providers using X509 certificates as an authentication mean, the community is relying on the IGTF certification authorities federation. The overhead of obtaining and maintaining a personal certificate could though be seen as an excessive overhead by many new users. This solution is also not feasible for homeless users.

Penetration of federated identity management

Although BioVel management understands the need for federated identity management, the community has limited experience with federated AAI solutions. The research community has not already an AAI solution for the community in place, and therefore there is still need to acquire the needed knowledge.

Most of the users have credentials from their institutional IdPs, but the percentage of these federated in eduGAIN or other federations has not been assessed.

Currently the AAI federations, and AAI coordination activities, have been focusing on the end-user to Service provider direct interaction, in other words enabling simple SSO capabilities on the services. This approach is necessary but not sufficient to fulfil (probably) the BioVel requirements, which envisage a more complex relation between service providers, which need to interact to enable the workflows of the community. Delegation and uniform authorization across service providers will be fundamental bricks of the BioVel infrastructure.

The main barrier for BioVel is the lack of information and knowledge, and the community would benefit from a reliable and organized source of information, in form of online documentation, which can be consulted to take informed decision. Possibly integrate with trainings. Currently the information is very scattered and it is challenging to get the full picture that includes the IdPs documentation, the IdPs federations and the SP federations requirements and best practices.

The training and the documentation should be integrated with a support service and troubleshooting tools, to maximise the efficiency of the federations.