Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description

The GÉANT Trust Broker (GNTB) was developed in response to the Open Call during the GN3plus project.

Aim of the GNTB project is the specification of a new automated metadata exchange service for large-scale authentication and authorization infrastructures, i.e., federations and inter-federations.

Trust Broker allows users to initiate the first-time contact between service providers (SPs) and identity providers (IDPs) to perform required preparations for identity data exchange in a fully automated manner.

This task will be carried out during the first year of GN4 with the aim to finalise any pending work and to prepare for a pilot.

The demo setup looks like following:

Demo setupImage Added

Motivation:

  • manual setup and IDP/SP configuration
  • aggregated metadata file
  • manual user attribute conversion
  • waiting time for users

Our goal:

  • let users trigger metadata exchange
  • extend existing workflows and protocols
  • automate configuration steps
  • standardization of the I-D DAME

Our approach:

GÉANT Trust Broker service

  • automates on-demand metadata exchange across federation borders
  • provides repository for user attribute conversion

Current status:

Further documents

Task Participants

Participants
Area
Daniela Pöhn, LRZ (3 MM)Task Leader
Michael Grabatin (6 MM?)Coding
Stefan Metzger (1 MM?)General Support
Boro Jakimovski (2 MM)General Coding, Support

 

Work Items

Work item number

 

Work item title

Work item description

1

GNTB Enhancement

This work item will work with JRA3 and REFEDS in order to improve GNTB. The work will include:

  • Investigation of possibilities to integrate REEP/PEER
  • Monitoring/Statistics
  • Export functionality

2

Prepare the Pilot

This work item will work with possible pilot users to have a running pilot at the end of Phase 1. The work will include:

  • Improvements of the IDP implementation
  • Improvements of the TTP implementation
  • Documentation and deployment ready
  • Investigating the additional requirements of possible pilot usersDepending on the progress in SA5 T1 integrating LoA

3

Attribute Conversion

This work item will work with HEXAA in order to have solid ways for the integration of AAs. The work will include:

  • Improvements of the TTP implementation
  • Integration of AAs

0

Management

This work item will collaborate with SA5 and REFEDs in order to determine the futural collaboration. The goal of this non-official work item is to manage task 3, but also to explore the future path and improve the I-D together with IETF. The work will include:

  • Contact with SA5 and REFEDS
  • Improvements of the current I-D in collaboration with REFEDS, JRA3 and IETF