#Use this template to capture proposal for a new Incubator Activity - delete this line after using the template#
Participants
#Enter the persons who are submitter of the Activity - delete this line after using the template#
| Name | Organisation |
|---|---|
Mads Freek, Mikkel Hald | Deic |
| Name | Organisation | Role |
|---|---|---|
| Mads Freek | Deic | Stakeholder, developer |
| Mikkel Hald | Deic | Stakeholder |
| Tangui Coulouarn | Deic | Stakeholder |
| Martin van Es | GEANT / Incubator | developer |
| Niels van Dijk | SURF / Incubator | Stakeholder |
| Michael Schmidt | LCZ / Incubator | Scrum master |
#Enter the persons who are internal projects or external stakeholders of this Activity - delete this line after using the template#
| Name | Organisation | Role |
|---|---|---|
Activity overview
Investigate and further develop SSH support for a federated world
To allow easy access to SSH based services DeiC has made a SSH Certificate Authority proof-of-concept that issues short-lived SSH certificates based on a federated login. The system requires no specific client - or service side installed programs and makes it possible for the user to use all standard ssh services - as long at the certificate is valid. Depending on the configuration of the participating services the CA allows the user to use the same username/uid across all services. Optionally it can be combined with systemd-userdb services to allow for fully automated user management. The CA can also optionally issue host certificates so the users do not have to trust the servers on first use (TOFU).
We want to further explore the possibilities for such a system:
- Is it really possible to do it without "xtra" client- or server side programs?
- Is it possible to do it the other way around - use a ssh session for web login?
- Is it possible to use a certificate as an "assertion" - optionally do auto user creation
Upon further interactions with the incubator team alternative solutions were discussed, for example SURF's pam weblogin (https://github.com/surfscz/pam-weblogin) or KIT's OIDC agent (https://indigo-dc.gitbook.io/oidc-agent/).
Initial goal of the activity is to hold a workshop to gather requirements and showcase and discuss existing solutions.
Activity Details
#What is the business case for the Activity? Who would be beneficiaries of the results of the Activity and what would potential business case look like if applicable? - delete this line after using the template#
<Enter here>
#Are there risks that influence either the implementation of the activity or its outcomes? - delete this line after using the template#
<Enter here>
#How do data protection and privacy impact the Activity? Think about e.g. handling of personal data of users - delete this line after using the template#
<Enter here>
#Please describe here the set of criteria that the product must meet in order to be considered finished. - delete this line after using the template#
<Enter here>
#How are the results of the Activity intended to be used? If this requires further engagement, can you describe how you intent to sustain it? - delete this line after using the template#
<Enter here>
Activity Results
Meetings
Date | Activity | Owner | Minutes |
|---|---|---|---|
January 1, 2017 | Kickoff meeting | ||
Documents