Versions Compared

Old Version 19

changes.mady.by.user Christos Kanellopoulos (grnet)

Saved on

compared with

New Version 20

changes.mady.by.user Christos Kanellopoulos (grnet)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Work Package Leader: GRNET, Christos Kanellopoulos (grnet)

 

The high-level objectives of this activity are:

  • analyse how much has been developed to leverage federated access with other authentication systems used in

Existing AAIs serve the needs of

  • the R&E

community worldwide on a segmented basis. These are well established within their local communities, but individually they lack the ability to form an interoperable AAI. Some examples of these include

  • eduGAIN to offer Single Sign-On for web applications;

  • Libraries that still use IP-based access;

  • PRACE and EGI that use digital certificates,

  • Government spaces that rely on national e-IDs and STORK. A citizen who is also a student or an educator could in principle link a government identity with an educational one, with the possibility to access different context providers during the different ages, i.e. at the education stage and at the university stage.

 

This work package will investigate the obstacles that prevent users, educators and researchers from using their credentials to access services offered by the various e- Infrastructures, libraries and research communities. 

This work package will carry out research to:

  • Facilitate access to resources and collaboration between researchers, students and educators;

  • Reduce duplication of efforts for developing and deploying AAI services common to many e-infrastructures;

  • Explore the technical elements needed for the integrated AAI: attribute frameworks and deployable non-web technologies;

  • Expand the coverage of national identity federations for network, services and applications by supporting research institutions with low levels of technical or organisational preparedness by delivering easy-to-use solutions for them to enable federated access.

The output of this work package will be the technical design of the integrated AAI framework. All research aspects and architectural design will be carried out in this JRA1, NA3 will provide the necessary policies, while any implementations and pilots are done in SA1. The JRA1 final results will be informed by feedback from SA1’s pilot results.

  • communities, in the eGov space and in the commercial sector;

  • research a possible solution to link identities in the contest of higher levels of assurance, attribute providers and guest identities;

  • assess existing technologies to provide SSO for non-Web applications (cloud, storage and so on) and offer recommendations for their usage;

  • develop a risk-based model for existing AAI solutions;

  • propose models for supporting guest identities (NRENs’ in-house solutions vs commercially-offered solutions should be explored);

  • define a blueprint architecture to enable web and non-web SSO capabilities across different infrastructures, integrating attribute providers/group management tools operated by user-communities;

  • provide models for federated authorisation: how to integrate attributes and permissions from diverse communities, making them available at the federation level in a consistent and secure way.

 

The activity is structured in four tasks:

Task IDTaskLeader
Task 1 (JRA1.1)Requirements GatheringPeter Solagna (EGI.eu)
Task 2 (JRA1.2)Blueprint ArchitecturesMarcus Hardt (KIT)
Task 3 (JRA1.3)Guest IdentitiesJens Jensen - STFC UKRI (STFC)
Task 4 (JRA1.4)Models for implementing Attribute Providers and Token Translation ServicesDavide Vaghetti (GARR)

 

Activity StructureImage Added

 

 

 

 

 

 

 

 

JRA1.1 Requirements gathering

...