Pilot Description

EISCAT_3D is a community which developed tools to share datasets and provide access to computing resources by means of a Portal. The Portal currently provides access to selected datasets by means of IP-based Authentication and Authorization of users.

The goal of the Pilot has beed to onboard the EISCAT-3D community to Federated AAI and eduGAIN. The current system has been replicated onto a new pilot infrastructure providing an IdP, a Service Provider protecting the Master portal, and a Data server actually exposing the data. The pilot infrastructure thus provides the same functionality to E3D users, but making use of their Federated Identity.

The pilot has been developing a comprehensive Docker-based installationa and configuration suite, in order to automate and ease as much as possible its deployment.

Pilot goals

The main goal of the pilot is to onboard the E3D community to federated AAI. It demonstrated making use of current E3D data access model by means of a different technology for AAI.

It is in the AARC project given the central goal of AARC to support new communities in adopting federated technologies. E3D added additional interesteing features and aspects to the library use case already dealt with by AARC. This pilot will make its reasults public and interesting for similar communities seeking for solutions to adopt Federated AAI models.

The pilot has been tailored around the actual, current need of the E3D community and implemented a data flow model matching exactly what E3D currently needs and does.

Description

A registered E3D user on the provided IdP will actually reach the E3D data portal by simply opening a specific web page ( currently: https://portal-eiscat-aarc.pa1.garrservices.it/schedule/schedule.cgi ).

From there he will be able to select a given data set he is interested in downloading.

Once identified the dataset, he will click on the web page providing access to that dataset, and will be requested to authenticate to be able to download the dataset. Only users with the required attributes, after succesful authentication on the IdP, weill be able to access the file download option and actually download the data locally on their machines.

The system therefore replicates the current E3D system but has totally get rid of any IP-based reference in the code, no IP-based white or blacklisting required. Everything works based on attributes released by eduGAIN IdPs as desired.

Components

The system is made up by the following components:

E3D Master Portal
E3D Data Server
E3D Pilot IdP

An additional component which might be deployed by the pilot is the KeyCloak IdP/SP proxy, which would provide two additional components:

E3D IdP/SP proxy (Community Proxy)
Catch All IdP to register individual E3D users

Architecture

The overall architecture of the pilot, without the KeyCload proxy is as follows:

The architecture using the KeyCload proxy is represented in this second diagram:

Use Cases


1.	User access the Master Portal URL at the URL: https://portal-eiscat-aarc.pa1.garrservices.it/schedule/schedule.cgi
2.	User select the required data sets : selects the Year and Month, specifies the "Archived Data" option, then clicks on the QUERY button
3.	Data sets download URLs are displayed and the user clicks on the desired one.
4.	Once clicked on a protected resource, file data and metadata will be displayed to the user for his information A "You are not authenticated" disclaimer is displayed, together with a "Go to Download page" button.
5.	The user is requested to authenticate to access the data set after having clicked on the Download page button. Username and Password authentication on the IdP are requested to the user. Only "info" related to the dataset is available for download without user authentication.
6.	The user provides his credentials to the IdP login page - ( working ones are : professor1, professor1 )
7.	After successful authentication, the user sees a Download button and the display name of the user is displayed on the web page
8.	Clicking on Download the download link is displayed
9.	By clicking on the data link the download starts.