Conveners
AAI Workshop: Overview of Established Solutions
- Peter Solagna (EGI.EU)
- Gergely Sipos (EGI.EU)
AAI Workshop: Emerging Solutions from NGIs and Communities
- Peter Solagna (EGI.EU)
- Gergely Sipos (EGI.EU)
AAI Workshop: General Discussion
- Peter Solagna (EGI.EU)
- Gergely Sipos (EGI.EU)
Description
Resources of the European Grid Infrastructure provide services for research communities through various grid middleware and cloud platforms. These services use X509 certificates for user authentication and authorisation (AA) purposes. A growing number of the existing and potential new user communities of EGI consider personal certificate based access as a main barrier of the infrastructure uptake. Some of these communities – together with their supporting NGIs, NRENs and scientific projects – developed ad-hoc solutions to simplify or hide the certificate based Authentication Authorisation Infrastructure (AAI) from these users. Before such solutions could be widely adopted within EGI they need to be assessed from a number of perspectives. Georgaphical coverage, availability for any scientific discipline, scalability, robustness, integrate-ability with current and emerging EGI platforms, sustainability and simple usage are the main criteria for a AAI to be adopted within the European Grid Infrastructure.
The workshop aims to bring together representatives from existing and potential user communities, their support teams, platform technology providers and resource providers to present and discuss state-of-the-art AAI solutions and next steps towards the wider and harmonised adoption of these within the NGIs, the providers of EGI resources. The workshop will consists of two parts:
First part (Session 1 & 2):
• Presentations by user community representatives, by NGIs, by Technology providers and by projects about AA solutions they developed to simplify access to grid middleware or cloud EGI platforms. (for example Identity federations; OpenID; science gateway frameworks; online certificate storages, robot certificate providers, identity mapping frameworks)
• Presentations by representatives scientific communities about the use cases and requirements for the integration of new AA appriaches into the production infrastructure.
Second part (Session 3):
Open discussion of an architecture that integrates AA services from the EGI community and provides a platform for portal developers who want to create research community specific, web portal based Virtual Research Environment that provide access to resources of the EGI production infrastructure (grid/cloud services) and are integrated with the identity federation(s) used by the research community.
A short document that outlines this platform has been prepared prior to the workshop. This document is available below (look for the link Discussion_document on the page). The document describes a possible architecture of this platform (EGI federated identity platform) and identifies existing software components from the community that could be used to implement the platform. The discussion session of the workshop is used to
1. Refine the vision of the ‘EGI federated identity platform’, and if possible endorse it as a service that the EGI community wants to implement and provide for research collaborations.
2. Identify software providers and service providers from the community that would participate in the implementation and provisioning of a production instance of the platform for the whole community.
3. Identify issues or threats that would make a specific service from the platform, or the platform itself unusable or irrelevant for research communities.
Workshop follow up:
The platform vision document will be updated as soon as possible based on the feedback that have been received during the discussion session. If you wish to provide written feedback on the document then please email this to Gergely Sipos (gergely.sipos@egi.eu).
If you wish to stay involved in the further development of the vision document and the platform implementation, then please email your EGI SSO account name to Gergely Sipos (you can request one at www.egi.eu/sso). You will be added to the email list that will be setup for this purpose after the Technical Forum.