Pilot Description

The goal of this pilot is to onboard the CTA community on federated identity in a larger, broader meaning - moving from a stand-alone solution based on IdP to a fully federated one as a possible long term goal. In the meanwhile, short terms goals for the pilot are the implmentation of the TIER-like components ( COMANAGE, GROUPER) and a IDP/SP proxy to work in a synergic way for the CTA AAI.

Identity linking between the IDs of the current standalone CTA IDP and the eduGAIN ones are a relevant goal for this pilot.

Pilot goals

Explain why these component have been chosen

The goal of this pilot is to provide a non-invasive solution to simplify access to CTA services from eduGAIN and CTA community.

CTA pilot should provide a solution to CTA administrator that does not upset the mechanisms in use, because they are well know.

With this pilot, new features will be introduce:

Self service registration under administrator approval
Account linking solution, under administrator approval
simple integration and transparency to any future CTA services.

Identity linking between the IDs of the current standalone CTA IDP and the eduGAIN ones are a relevant goal for this pilot.

A long term goal of this pilot is to moving CTA community from a stand-alone solution based on IdP to a fully federated one.

This pilot perfectly fit with AARC goals:

It help to solve issue related to authentication from different IdP but logically related to the same scientific community
The proposed solution uses only existing technologies, without creating new ones
It does not change background of CTA community

Even if this pilot propose a solution for CTA community, its components high flexibility allow to change configuration, so every scientific reality that needs this solution can adapt it to their community, to fit their needs of authentication and authorization.

Description

Main objective of this section is to report detailed informations about pilot.

Some questions:

How this pilot works
Reason to prefer this pilot instead of other existing tool
Detailed Scope
others

Components

This section will contain a lists of components used for this pilot and why they were chosen instead of others

It is not required to add a detailed description for each component, but 2 important parts are:

Add Link to component web page
Add a short description to explain its function (not more than 1 raw)

An example:

Component A - Service provider
Component B - Bring order to chaos
Component C - Hide my precious treasure

CTA Pilot use different components to achieve its goal:

Name	Link	Description
Grouper	https://www.internet2.edu/products-services/trust-identity/grouper/	Grouper is an enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment common to universities. Operating a central access management system that supports both central and distributed IT reduces risk.
COmanage
SaToSa

Architecture

This section will provide 2 important parts:

~~Graphic representations of pilot architecture~~
Graphic representations of workflow

AARC > CTA - Pilot Overview > CTAproxy2 (1).jpg

Use Cases

This section should explain how this pilot works through use cases (at least 2).

Use cases can be represented in the form of a table, where:

The title is the use case
Each line is a step
2 columns available, first with text and description, second with a screenshot

(Here's a valid example LINK)

Further information

Last part contain a list of information, link or anything related to the pilot that was not mentioned in ahead seciton.