LifeWatch-ERIC is a European Infrastructure Consortium providing e-Science research facilities to scientists seeking to increase our knowledge and deepen our understanding of Biodiversity organisation and Ecosystem functions and services in order to support civil society in addressing key planetary challenges.
LifeWatch-ERIC was established as a European Research Infrastructure Consortium by the European Commission Implementing Decision (EU) 2017/499 of 17 March 2017.
During its ESFRI stage, LifeWatch was composed by different national initiatives working on different services and solutions for the research community. During this new ERIC stage, LifeWatch ERIC requires a solutions to provide access to the different services in a common way, as well as organize the different defined groups and roles. Currently, the different LifeWatch services, Virtual Laboratories and Virtual Research Environment manage their own local users, with some exceptions that allows institutional IDs. The technology behind depends on the services, but they mainly support web-based authentication, with some exceptions using, for example, HPC resources.
This pilot activity aims to identify and enhance an existing AAI solutions to be adopted by LifeWatch ERIC as IdP, integrating already existing institutional or social identities in a federated way.
During the test phase, the pilot will be integrated with the official LifeWatch ERIC portal to provide access to restringed areas as well as the Virtual Laboratories and services. The IdP based on Keycloak will be integrated with already running services and Vlabs to prove that the solution fullfil the community needs.
The goals proposed for this pilot by the beginning of the project have been achieved since an AAI solution has been selected to act as LifeWatch ERIC IdP and it is being integrated with the service catalog. For those services that are not compatible with technologies like OIDC or SAML, different solutions have been identified in the context of the project, which is suitable to be integrated with the system.
The pilot has been implemented and deployed in a testbed aiming at proving that everything will work as expected. The AARC BPA has been used to identify which components are needed to address the pilot needs. The BPA has also been the model to define the pilot architecture, as the following schema shows:
The pilot will be the official LifeWatch ERIC IdP and it will be used to access the services taking into account the different roles in the community. It will be deployed in a high-availability environment since it will be a critical service for the Research Infrastructure, and it will be one of the keys to integrating LifeWatch ERIC in the context of the European Open Science Cloud, so the sustainability of the pilot is guaranteed.
The deployed solution has integrated different Identity Providers to manage users from different roles: Citizen Scientists (Social IDs like Google or Github), Researchers (Institutional IDs from edugain thanks to rediris SIR2 and ORCID) and administrators (Institutional IDs like IFCA SSO).