...
Main objective of this section is to provide a briefly high-level description of related pilot. The idea is to provide basic information, so that the reader can easily understand it.
EISCAT_3D is a community which developed tools to share datasets and provide access to computing resources by means of a Portal. The Portal currently provides access to selected datasets by means of IP-based Authentication and Authorization of users.
The goal of the Pilot has beed to onboard the EISCAT-3D community to Federated AAI and eduGAIN. The current system has been replicated onto a new pilot infrastructure providing an IdP, a Service Provider protecting the Master portal, and a Data server actually exposing the data. The pilot infrastructure thus provides the same functionality to E3D users, but making use of their Federated Identity.
The pilot has been developing a comprehensive Docker-based installationa and configuration suite, in order to automate and ease as much as possible its deployment.
Pilot goals
Some questions to answer:
What are the goals of this pilot?
Why is it in AARC project?
How this pilot will improve AARC community?
Why should I use this pilot instead of other solutions?
The main goal of the pilot is to onboard the E3D community to federated AAI. It demonstrated making use of current E3D data access model by means of a different technology for AAI.
It is in the AARC project given the central goal of AARC to support new communities in adopting federated technologies. E3D added additional interesteing features and aspects to the library use case already dealt with by AARC. This pilot will make its reasults public and interesting for similar communities seeking for solutions to adopt Federated AAI models.
The pilot has been tailored around the actual, current need of the E3D community and implemented a data flow model matching exactly what E3D currently needs and does.
Description
Main objective of this section is to report detailed informations about pilot.
...
How this pilot works
Reason to prefer this pilot instead of other existing tool
Detailed Scope
others
A registered E3D user on the provided IdP will actually reach the E3D data portal by simply opening a specific web page ( currently: https://portal-eiscat-aarc.pa1.garrservices.it/schedule/schedule.cgi ).
From there he will be able to select a given data set he is interested in downloading.
Once identified the dataset, he will click on the web page providing access to that dataset, and will be requested to authenticate to be able to download the dataset. Only users with the required attributes, after succesful authentication on the IdP, weill be able to access the file download option and actually download the data locally on their machines.
The system therefore replicates the current E3D system but has totally get rid of any IP-based reference in the code, no IP-based white or blacklisting required. Everything works based on attributes released by eduGAIN IdPs as desired.
Components
This section will contain a lists of components used for this pilot.
...
- Component A - Service provider
- Component B - Bring order to chaos
- Component C - Hide my precious treasure
The system is made up by the following components:
- E3D Master Portal
- E3D Data Server
- E3D Pilot IdP
An additional component which might be deployed by the pilot is the KeyCloak IdP/SP proxy, which would provide two additional components:
- E3D IdP/SP proxy (Community Proxy)
- Catch All IdP to register individual E3D users
Architecture
This section will provide 2 important parts:
Graphic representations of pilot architecture
Graphic representations of workflow
Lists of all components of related pilot
The overall architecture of the pilot, without the KeyCload proxy is as follows:
Use Cases
This section should explain how this pilot works through use cases (at least 2).
...