Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • focus on the integration aspects of the blueprint architecture 

  • provide recommendations and guidelines for implementers, service providers and infrastructure operators on implementing scalable and interoperable AAIs across e-infrastructures and scientific communities

  • work in close collaboration with the policy, pilots, and the training and outreach activities of AARC2

  • work on the evolution of the blueprint architecture, with a focus on identity provider / service provider (IdP/SP) proxies, scalable authorisation solutions for multi-service provider environments and other solutions for integrating with R&E federations and cross-sector AAIs

 

Documents

 AARC1 Documents  – Shouldn't we move the old stuff to the bottom?

IDTitleSummaryLinksStatus
AARC-JRA1.4AGuidelines on expressing group membership and role information

Information about the groups a user is a member of is commonly used by SPs to authorise user access to protected resources. Apart from the group information that is managed by the user’s home IdP, research communities usually operate their own group managing services. Such services often act as Attribute Authorities, maintaining additional information about the users, including VO membership, group membership within VOs, as well as user roles. It is therefore necessary that all involved SPs and IdPs/AAs can interpret this information in a uniform way. Specifically, the following challenges are addressed by this document:

    • Standardising the way group membership information is expressed, both syntactically and semantically
    • Indicating the entity that is authoritative for each piece of group membership information
    • Expressing VO membership and role information
    • Supporting group hierarchies in group membership information

AARC-JRA1.4A (201710) [PDF]

Older versions

AARC-JRA1.4A (1.0) [PDF]

Status
colourGreen
titleFINAL

AARC-JRA1.4BGuidelines on attribute aggregation
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4CGuidelines on token translation services
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4DGuidelines on credential delegation
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4E

Best practices for managing authorisation


PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4FGuidelines on non-browser access
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4GGuidelines for implementing SAML authentication proxies for social media identity providers
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4HAccount linking and LoA elevation use cases and common practices for international research collaboration
PDF

Status
colourGreen
titleFINAL

AARC-JRA1.4IBest practices and recommendations for attribute translation from federated authentication to X.509 credentials
PDF

Status
colourGreen
titleFINAL


 AARC2 Documents

Deliverables

IDTitleSummaryLinksStatus
AARC2-DRJA1.1



Anchor
AARC2_DJRA1._2
AARC2_DJRA1._2
AARC2-DRJA1.2

Authorisation Models for SPs

This deliverable describes possible authorisation models for SAML-SPs and OIDC-RPs in a proxied environment. We provide an overview about available and upcoming technologies currently in use or development for community and research infrastructures.

Input is taken from the AARC pilots, such as the pilot for the Life Science AAI, experiences at WLCGCERN with VOMS as well as their current move towards token based approaches, and further examples from the federated research infrastructure / research community space. These user-community views are complemented by the experience of the first year of the AARC2 project, in which different levels of assurance, LoA step-up, account linking and various authorisation models have been analysed.

wiki

doc

Status
colourRed
titleHOT

Due:   

Documents

...