EGI-DARIAH Interoperability Pilot

AAI_Logo.png

Pilot Description

This pilot consists of two individual parts:

  1. Implementation of an SP-IdP proxy within the DARIAH AAI. 
    According to the AARC Blueprint Architecture (BPA) communication between infrastructures should happen through dedicated infrastructure proxies. During this pilot,     DARIAH will implement their own proxy solution based on Shibboleth. This proxy will be compliant to all relevant recommendations and guidelines developed within AARC and therefore this pilot can be seen as a real world example of the architecture work within AARC. As as side effect DARIAH-internal services will benefit from this solution as well, as it will move a lot of the previously needed complexity away from the individual services to the central proxy component.
  2. Interoperability pilot between EGI and DARIAH
    To showcase successful implementation of the DARIAH SP-IdP proxy, the second part of this pilot deals with interoperability between the DARIAH research infrastructure and the EGI e-Infrastructure. The goal is to allow DARIAH users to transparently access EGI resources through EGI's own proxy solution (EGI Check-In). As an initial use case, selected DARIAH users should be able to deploy and access virtual machines in the EGI infrastructure.

Results

The first part of the pilot (Implementation of proxy within DARIAH AAI) was completed in mid-2018 with moving the new proxy component in the DARIAH AAI to production. We're successfully moved all DARIAH services behind the proxy and continue to add all new services to the proxy only. The feedback we got from service operations was positive and no major issues has come up. In addition we've promoted the enhances AAI experience with the proxy within the DARIAH community and held a workshop in January 2019 to assist new service operators with connecting their applications to federated AAI using the DARIAH proxy. Further events are planned.

For the second part of the pilot (interoperability with EGI) we've successfully completed the technical connection of the DARIAH AAI with the development instance of EGI check-in. This involves mapping of entitlements and user attributes and provisioning of DARIAH users within EGI. For the later tasks, several plugins for e.g. COmanage have been developed and successfully tested by EGI.

From DARIAH's point of view the technical infrastructure created during the pilot will be part of the core AAI in the future and will provide the basis for integration with other AAIs, e.g. as part of EOSC.

Others

The following diagram shows the interaction between various components in the EGI-DARIAH interoperability use case:

  • No labels