The AARC project activities have consisted of research of technology and interviews with the stakeholders to understand their requirements and their solutions. In addition to the information gathered in the first part of the project, the AARC consortium already had a large knowledgebase based on previous experiences at the beginning of the project.

This document summarises the technologies and solutions available to implement AAI, focusing on the software most common in the research and education (R&E) environment, which features are more likely to fulfil the use cases of the R&E communities.

Both standards and software implementing the standards are individually analysed, and at the end of the document tools and software are compared in tables to make easier for a potential user to choose which one best fits their use case.

The readers who are reading the document to choose one or few tools to implement their use case are invited to first check the comparison tables, and then use the information in section 3 to get more information about the software that suits their requirements.

The milestone does not select preferred solutions, since depending on the use case users or communities may choose different tools to implement their AAI capabilities. This document will provide an overview, hopefully covering most of the interesting aspects that can be considered to choose a software solution for AAI use cases, to facilitate the architectural design of AARC, and the development of AAI capabilities by infrastructures and user communities.

Introduction

This milestone is a summary of the available technologies to support AAI use cases that are used or that can

be used by the research and education community. The content is structured in the following sections.

The “Relevant Standards” section provides an overview of the standards relevant for the AAI use cases analysed by AARC1. The protocols and standards described in the section cover all the technologies used by the research infrastructures and e-infrastructures active in the international research and education ecosystem.

The “Authentication and authorization technologies and tools” section collects a summary description of the software and tools that are used by the communities, or that directly address the use cases of research and education. Most of the services have been mentioned in the surveys and the interviews carried out among the AARC stakeholders in the first part of the project, or are widely used tools that are relevant for the communities. The section is not structured by use case, since many tools have functionalities that cover more than one use case. To avoid repetitions the section has been kept with a flat structure.

The “Comparison of authentication and authorization technologies” section is structured in sub-sections for every use case or feature, and the tools supporting the use cases are compared in comparison tables. Here the comparison is made versus relevant features both common and specific for the use case. The goal of the tables is to provide a quick overview how every tool implements specific functionalities or requirements, or how the tools implement the most relevant features of the use cases.

Every section describing the individual standard or the technology will conclude with an overview of the requirements identified in the DJRA1.1 deliverable2. Among the many requirements captured by the previous document, the following are the most relevant for AAI technologies and standards:

• User and Service Provider friendlines
• User-managed identity information
• Different Levels of Assurance
• Community-based authorisation
• Attribute aggregation / Account linking
• User groups and roles
• Step-up authentication
• Browser & non-browser based federated access
• Delegation
• Federation solutions based on open and standards-based technologies
• Social media identities
• Integration with e-Government infrastructure

Other requirements, for example policy related ones, are not directly implemented by the services, and therefore could not be applied to the content of this milestone document.

This document is not a fully comprehensive summary of all the standards and technologies that can enable authentication and authorisation. The focus of this milestone is to provide information and to have a review of the standards and technologies that are most relevant for the research & education community.

Existing AAI and available technologies for federated access in PDF