Overall goals and approach of SA1
Work Package Leader: SURFnet, user-e06a9
The SA1 activity aims at facilitating researchers by providing the access management tools and framework to support collaborative research in a distributed environment. To this end, in SA1 we will demonstrate through (pre-) production services that:
existing AAIs and authentication sources can be leveraged to enable (SSO) access with appropriate level of assurance for any natural person (academia and non-academia) to shared resources offered by different e-Infrastructure providers and communities. (task 1)
authoritative decisions and user/group context can be based on distributed group managers and attribute providers. (task 2)
access to non-web and commercial e-infrastructure services can be enabled. This requires the bridging of SAML (NREN world) and token/certificate based (e-infra world). (task 3)
The approach consists of deploying existing components as discussed with and identified by JRA1 and to integrate a selection of these components according to a common architecture that will be drafted in JRA1 as well (by October). To this purpose we will establish a stable pilot environment with solutions to be tried and assessed by representatives of the research communities affiliated with the project.
Guest Access (TSA1.1)
Task Leader: GARR, Mario Reale
This task deals with the pilot activities to be set up for AARC in the domain of Guest Identities; It will mostly liaise with JRA1 and NA3 of AARC in order to effectively demonstrate the validity of the selected components and architecture designed in JRA1 and the best practices and recommendations identified in NA3.
Attribute Management (TSA1.2)
Task Leader: EGI, Peter Solagna
This task deals with piloting of solutions to manage attributes on a central and cross application level. An integrated framework of identity providers, attribute and group providers, attribute aggregation platforms and shared e-infrastructure services that are able to consume attributes will be demonstrated and tested.
Access to resources (TSA1.3)
Task Leader: PSNC Maciej Brzeźniak
This task aims at improving access to relevant research and education non-web resources located outside the home organization of the user. The main improvement is making use of existing AAI that provide user credentials and authorization attributes instead of local user management. While many implementations exist already for web portals, the technology for non-web scenarios is still immature.
A number of pilots is going to be setup in order to investigate emerging non web SSO solutions and workarounds. The selection of software to be piloted is going to be discussed with JRA1 in order to focus on tools that fit with the requirements of the research community and the blueprint architecture (JRA1.3 and JRA1.4). Also the requirements gathered by JRA1.1. will be used as input material for the assessment of technologies used in the pilots. Finally, the experience gathered while running the pilots and the performed analyses will be used as feedback for the final shaping of the blueprint architecture in JRA1 and best practices recommendations in NA3.
Compatibility between the technologies piloted within this task and technologies used for collecting attributes within task SA1.2 will be checked. Attribute requirements for non-web SSO, authorization and provisioning will be investigated and defined. Usage of user credentials and attributes coming from different AAIs, including guest IdPs proposed by SA1.1 will be analyzed as well.