Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Pilots started (status January 2016)

Based on the guiding documents of the AARC architecture (JRA1) and the AARC policy harmonisation (NA3) activities we commenced a first cycle of pilots:

  • In task 1 "Guest Access" we started a pilot to involve Libraries in the identification and hands-on implementation of relevant solutions to support their migration from IP-based authentication against publishers' online resources to a SAML/federated bases approach 
  • In task 2 "Attribute Management" a pilot aiming at testing the usability of SAML based attribute authorities to regulate service access authorization has started. In the specific case of this pilot the services to be approached are Cloud services. The Attributes Authority used in this context is PERUN developed by CESNET
  • In task 3 "Access to Resources" quite some progress has been made in establishing token translation pilot services. One pilot focuses on the application of CI-Logon components + add-ons to bridge the gap between the world of SAML based authentication (NRENs) and that of certificate based authentication (GRID and e-infrastructure providers). In a second pilot we assess the feasibility to enable non-web single sign-on based on LDAP Facade, developed by the Karlsruhe Institute of Technology.

With these efforts we already identified interesting clues, challenges and future paths for development to bridge different research infrastructures and communities. By performing these pilots we will be able to assess suitability of the chosen components in practice and how well they match with user and security requirements. Further details and updates will follow soon.

 

More details per task are available here:

 

Task Leader: GARR, Mario Reale

This task deals with the pilot activities to be set up for AARC in the domain of Guest Identities;  It will mostly liaise with JRA1  and NA3 of AARC in order to effectively demonstrate the validity of the selected components and architecture designed in JRA1 and the best practices and recommendations identified in NA3.  

Task Leader: EGI, Peter Solagna

 

This task deals with piloting of solutions to manage attributes on a central and cross application level. An integrated framework of identity providers, attribute and group providers, attribute aggregation platforms and shared e-infrastructure services that are able to consume attributes will be demonstrated and tested.

Access to resources (TSA1.3)

Task Leader: PSNC Maciej Brzeźniak

 This task aims at improving access to relevant research and education non-web resources located outside the home organization of the user. The main improvement is making use of existing AAI that provide user credentials and authorization attributes instead of local user management. While many implementations exist already for web portals, the technology for non-web scenarios is still immature.

 

A number of pilots is going to be setup in order to investigate emerging non web SSO solutions and workarounds. The selection of software to be piloted is going to be discussed with JRA1 in order to focus on tools that fit with the requirements of the research community and the blueprint architecture (JRA1.3 and JRA1.4). Also the requirements gathered by JRA1.1. will be used as input material for the assessment of technologies used in the pilots. Finally, the experience gathered while running the pilots and the performed analyses will be used as feedback for the final shaping of the blueprint architecture in JRA1 and best practices recommendations in NA3.

 Compatibility between the technologies piloted within this task and technologies used for collecting attributes within task SA1.2 will be checked. Attribute requirements for non-web SSO, authorization and provisioning will be investigated and defined. Usage of user credentials and attributes coming from different AAIs, including guest IdPs proposed by SA1.1 will be analyzed as well.