You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Overall goals and approach of Pilots in AARC

Aims

The Pilots activity aims at facilitating researchers by providing the access management tools and framework to support collaborative research in a distributed environment. To this end, in this activity we will demonstrate through (pre-) production services that:

  • existing AAIs and authentication sources can be leveraged to enable (SSO) access with appropriate level of assurance for any natural person (academia and non-academia) to shared resources offered by different e-Infrastructure providers and communities. (task 1)

  • authoritative decisions and user/group context can be based on distributed group managers and attribute providers. (task 2)

  • access to non-web and commercial e-infrastructure services can be enabled. This requires the bridging of SAML (NREN world) and token/certificate based (e-infra world). (task 3)

Approach

The approach consists of deploying existing components as discussed with and identified by JRA1 and to integrate a selection of these components according to a common architecture that will be drafted in JRA1 as well (by October). To this purpose we will establish a stable pilot environment with solutions to be tried and assessed by representatives of the research communities affiliated with the project.    


A detailed description of the aims and approach of the pilots activity is available here: Specify the work to be undertaken in collaboration with JRA1 and NA3
 
As of January 2016, a number of deliverables and milestones documents from AARC architecture and the AARC policy harmonisation activities are available that will guide the pilot work in this activity:

Pilots started (status January 2016)

Based on the guiding documents of the AARC architecture (JRA1) and the AARC policy harmonisation (NA3) activities we commenced a first cycle of pilots:

  • In task 1 "Guest Access" we started a pilot to involve Libraries in the identification and hands-on implementation of relevant solutions to support their migration from IP-based authentication against publishers' online resources to a SAML/federated bases approach 
  • In task 2 "Attribute Management" a pilot aiming at testing the usability of SAML based attribute authorities to regulate service access authorization has started. In the specific case of this pilot the services to be approached are Cloud services. The Attributes Authority used in this context is PERUN developed by CESNET
  • In task 3 "Access to Resources" quite some progress has been made in establishing token translation pilot services. One pilot focuses on the application of CI-Logon components + add-ons to bridge the gap between the world of SAML based authentication (NRENs) and that of certificate based authentication (GRID and e-infrastructure providers). In a second pilot we assess the feasibility to enable non-web single sign-on based on LDAP Facade, developed by the Karlsruhe Institute of Technology.

With these efforts we already identified interesting clues, challenges and future paths for development to bridge different research infrastructures and communities. By performing these pilots we will be able to assess suitability of the chosen components in practice and how well they match with user and security requirements. Further details and updates will follow soon.

 

More details per task are available here:

  • No labels