Versions Compared

Old Version 1

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version Current

changes.mady.by.user Michael Schmidt

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

#Use this template to capture proposal for a new Incubator Activity - delete this line after using the template#

Participants

Panel
titleProposers


#Enter the persons who are submitter of the Activity - delete this line after using the template#
NameOrganisation

Slavek Licehammer

CESNET



Panel
titleGN4-3 project team


#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#

NameOrganisationRole

Adrian Rosinec

CESNETDeveloper, TIM

Slávek Licehammer

CESNETMentor



#Enter the persons who are internal projects or external stakeholders of this Activity - delete this line after using the template#
Panel
titleStakeholders


Name

Organisation

Role 

...

Marcus Hardt

Uros Stevanovic

KITRelated topic Instant User Provisioning and Deprovisioning

Christos Kanellopoulos

GÉANTeduTEAMS Service Owner

Slávek Licehammer

CESNETeduTEAMS Developer



Panel
titleDescriptionStakeholder engagements


DateName(s)OrganisationNotes
21.11.19

Christos Kanellopoulos

GÉANTInitial stakeholder kick-off
17.12.19--Sprint Demo 2.1
19.03.20--Sprint Demo 2.3
05/20Christos KanellopoulosGÉANTOngoing discussion to make the WinConnector available through eduTEAMS.
06/20-Faculty of informatics MUCommunity use case
02.07.20--Sprint Demo 2.6


Activity overview

Panel
titleDescription

Identity provisioning and deprovisioning are a necessity for building modern authentication and authorization infrastructures. They are straightforward yet technically complicated part of identity and access management. The basic idea is to deliver identity and authorization information to the managed services, which is complicated by a lack of applicable standards in this area. Therefore, most of the Identity and access management solutions rely on a custom solution for provisioning.
This activity extends existing IAM capabilities by implementing a connector to easily provision data to services hosted on Windows OS based on SSH.

#Please describe the high-level goal of the incubator Activity, provide an overview of the anticipated work and needed resources and skills. Please also describe how commitment from various partners is warranted. - delete this line after using the template#

<Enter here>


Panel
titleActivity goals

#Please describe the goals of Activity, including what needs to be delivered, participants, the community(ies) that require a solution. Describe when the Activity is done and how to measure the success of it, in a SMART way. - delete this line after using the template#

<Enter here>

The goal of this activity is to create a production ready prototype based on the existing proof of concept, integrate it with eduTEAMS and provide it as an open source tool to the community.

Activity Details

Panel
titleTechnical details

Identity and access management components used in GÉANT eduTEAMS are not an exception. Thus they rely on custom connectors to deliver authorization data to managed services, usually utilizing standardized protocols like SSH or LDAP. Although this solution is not technically ideal, it works for most services operated on Unix-based operating systems. For services operated on Windows OS, there might be a problem to transfer the required data to the machines unless the service itself has an API for that, which is not always the case.
To overcome this obstacle, CESNET and Masaryk University piloted a simple connector for provisioning data to services hosted on Windows OS. The connector uses SSH as a data transfer protocol, which is currently supported by the latest Windows OS. SSH runs Powershell script on a destination which is customized for managed service, and its responsibility is to configure the service with provisioned identity and access control information.

This topic is related to Instant User Provisioning and Deprovisioning. Where possible, technical synergies shall be identified to the benefit of both solutions.

#Please describe the technical details for the Activity. - delete this line after using the template#

<Enter here>


Panel
titleBusiness case

#What is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#

<Enter here>This product eases the way of integration IAM into Windows based systems. It enables identity management systems to interact directly with services hosted on Windows and allows administrators to easily mange these systems. This can not only be used directly by institution with existing IDM in place, but also by GÉANT services like eduTEAMS.


Panel
titleRisks

#Are there risks that influence either the implementation of the activity or its outcomes? - delete this line after using the template#

<Enter here>

  • First time a project was proposed and will be implemented by TIM → unknown outcome


Panel
titleData protection & Privacy
  • The product handles identity, authentication and authorization
  • No or only a few real user data are processed by the prototype developed by the Incubator

#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#

<Enter here>


Panel
titleDefinition of Done (DoD)


RequirementState

A working prototype is implemented based on the POC

(tick)

The concept and implementation is documented

(tick)

The prototype is tested with the eduTEAMS platform

(tick)

The source code it provided to the open source community

(tick)

#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template#

<Enter here>



Panel
titleSustainability

The aim of this project is to create an easy to use, adoptable software solution to provision server users and provide this tool to the community.

As part of a case study the solution will be implemented for a Czech University (Faculty of informatics MU) which will continue to use the solution afterwards.

CESNET will continue to use and maintain the software for the foreseeable future.

Besides this, the solution shall be adjusted to the needs of eduTEAMS. The solution will be provided to the eduTEAMS service task to be integrated into the GÉANT service.

#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template#

<Enter here>

Activity Results

Panel
titleResults

The following results were created and delivered:

#Please provide pointers to completed and intermediary results of this activity - delete this line after using the template#

Meetings

Date

Activity

Owner

Minutes

January 1, 201713 Nov 2019

Kickoff meeting

Michael Schmidt

-
Every FridayWeekly Scrum

Michael Schmidt

-
Every TuesdayWeekly Chat

Michael Schmidt

-

Documents

Attachments