JRA1: Architectures for an integrated and interoperable AAI
Work Package Leader: GRNET, Christos Kanellopoulos (grnet)
Existing AAIs serve the needs of the R&E community worldwide on a segmented basis. These are well established within their local communities, but individually they lack the ability to form an interoperable AAI. Some examples of these include
eduGAIN to offer Single Sign-On for web applications;
Libraries that still use IP-based access;
PRACE and EGI that use digital certificates,
Government spaces that rely on national e-IDs and STORK. A citizen who is also a student or an educator could in principle link a government identity with an educational one, with the possibility to access different context providers during the different ages, i.e. at the education stage and at the university stage.
This work package will investigate the obstacles that prevent users, educators and researchers from using their credentials to access services offered by the various e- Infrastructures, libraries and research communities.
This work package will carry out research to:
Facilitate access to resources and collaboration between researchers, students and educators;
Reduce duplication of efforts for developing and deploying AAI services common to many e-infrastructures;
Explore the technical elements needed for the integrated AAI: attribute frameworks and deployable non-web technologies;
Expand the coverage of national identity federations for network, services and applications by supporting research institutions with low levels of technical or organisational preparedness by delivering easy-to-use solutions for them to enable federated access.
The output of this work package will be the technical design of the integrated AAI framework. All research aspects and architectural design will be carried out in this JRA1, NA3 will provide the necessary policies, while any implementations and pilots are done in SA1. The JRA1 final results will be informed by feedback from SA1’s pilot results.
JRA1.1 Requirements gathering
Task Leader: EGI.eu, Peter Solagna (peter.solagna@egi.eu)
Goals of the task:
- Describe the authentication and authorisation technologies used by the different e-Infrastructures, including research communities, libraries and educational service providers and identify the existing gaps that prevent their interoperability. Explore how the current e-Infrastructures can support broader cross-domain collaboration, for instance when dealing with commercial services and or with e-Government initiatives.
- Prioritise the work to undertake on the basis of the community requirements, results of pilots carried out by the GN3plus project and FIM4R group and on the technical analysis of existing pilots to support groups, token translation and SSO for non-web.
- Explore how the current e-Infrastructures can support broader cross-domain collaboration, for instance when dealing with commercial services and or with e-Government initiatives.
- Gather information on the penetration of AAIs and eduGAIN in R&E sector, libraries and e-Government.
- Gather information on the interoperation experiments between R&E federations (including eduGAIN) and eGOV in the different European countries. Determine the maturity level and portability of the solutions enabling non-Web SSO, which is important when access to computing and storage services in several e-Infrastructures and cloud is considered.
- Document relevant standards bodies and other interoperation activities and their role in supporting AAI
...
JRA1.2 - Blueprint Archtectures
Task Leader: KIT, Marcus Hardt
First action was to start the discussion about the points raised at the JRA1 presentation in the kickoff.
...
JRA1.3 - Guest identities
Task Leader: STFC, Jens Jensen - STFC UKRI
Guest identities are about making use of external IdPs. The basic idea is to accept social media logins:
...
JRA1.4 - Models for implementing Attribute Providers and Token Translation Services
Leader Task Leader: GARR, Andrea Biancini.
Within this task we will evaluate how Attribute Providers and Token Translation services could be used to extend the current scope of existing identity federations to existing communities of users and projects.
...