LCMAPS | Kerberos | Moonshot | simpleSAMLphp | UNITY | ||
---|---|---|---|---|---|---|
Authentication workflow | Password, RemoteUser, RemoteUserInternal, X509, X509Internal, SPNEGO/Kerberos, IPAddress,External | X.509 proxy certificate | Username/password, OTP,Kerberos ticket | Username/password (any RADIUS EAP- supported mechanism) | Username/password from user repository (SQL/LDAP/ RADIUS), X509 authentication through userCertificate, LDAP, social media | Username/Passwor d, Client Certificate, LDAP, Social Media |
Supported standards | SAML 1.1/2.0, X509, Kerberos, LDAP, SQL | X.509 (RFC5280 and RFC3820), VOMS | RFC 4121,RFC 4120 | RFC3748, RFC5247, RFC7055 | SAML 1.1/2.0, X509, OpenID, OAuth 2.0, Kerberos, VOOT, SQL, LDAP, RADIUS | SAML 1.1/2.0, X.509, OIDC, LDAP |
HA deployment | yes | Deployed in the service | Yes | RADIUS service can be run in HA environments | Yes, through multiple memcached service instances | Yes, relying on database layer |
Licence | Open Source | Open Source | Open Source | Open Source | Open Source | Open Source |
Expected support level | Supported by the Shibboleth consortium | Supported by NIKHEF | Supported by Linux distributions | Supported by Jsic | Collaborative support, large user communities | Supported by ICM, JSC, funded by PLGrid |
ARGUS | LCMAPS | mod_auth_mellon | |
---|---|---|---|
Type of input attributes | SAML2-XACML2 attributes X.509 and VOMS | X.509 proxy certificates with VOMS extensions | SAML2 attributes |
Support for policy management | Yes, ARGUS can import policies from remote PAPs | Config file allows complicated flows of plugins, including callouts to remote services (such as Argus). | Basic policies via Apache HTTP server config files |
LoA support | Supported but needs extra plugins | Yes, via lcmaps-plugins-vo-ca-ap | Yes, if LoA information available through SAML attributes |
HA deployment | Yes | Deployed with the services | Yes |
Licence | Open Source | Open Source | Open Source |
Maintenance | INFN/NIKHEF | NIKHEF | Community support Uninett |
Tools: | VOMS | HEXAA | COmanage | Grouper | Perun | UNITY |
---|---|---|---|---|---|---|
Input Standard | X.509 | SAML2 | SAML (via Apache) | SQL, LDAP, XML | SAML2, X.509 | SAML2, X.509 SAML2, X.509, LDAP, OIDC |
Output Standards | X.509, SAML | SAML2 | VOOT, LDAP, SAML (via Shib IdP) | LDAP, VOOT, SCIM, XML | SAML2, VOOT | OIDC, SAML |
Handle attribute release consent | No | Yes | No | No | No | Yes |
Membership life- cycle management | Yes | No | Yes | No | Yes | No (Planned) |
VO Organization | Yes | Yes | Yes | Yes | Yes | Yes |
Delegated organization of the VO Groups | Yes | No | Yes | Yes | Yes | Yes |
HA deployment | Available | No | Available | Available | Partially Available | Available |
Licence | Open Source | Open Source | Open Source | Open Source | Open Source | Open Source |
Expected level of support | Supported by INFN, bug fixes. | Supported by SZTAKI and NIIFI | Supported by Internet2 TIER, various grants, and other sources | Supported by Internet2 TIER, various grants, and other sources | Supported by CESNET and Masaryk University. Maintenance and development. | Supported by ICM, JSC and Funded by PLGrid |