EGI Community Forum 2014 - Helsinki

The Grid IDentity Pool: an example of worldwide cross-domain identity federation

21 May 2014, 16:20

20m

Room 8 (Helsinki University, Main Building)

Sessions contributions Integrated AAI services (Track Leaders: P. Solagna, A. Bonvin, J. Kewley) Authentication & Authorisation

Speaker

Riccardo Rotondo (INFN)

Description

Although identity federations belonging to the education and research world gather more than 17 million users, from about 1,500 organisations, and more than 2,100 services (figure come from REFEDS), there are large areas of the planet, especially in the developing regions, where organisations do not have Identity Providers in place and where scientists thus have less chances to access web-based services that could effectively bridge the gaps in e-Science adoption and e-Infrastructure exploitation. In order to address and overcome these limitations, and as a framework to promote the establishment of Identity Federations and federated identity services in various regions and within different virtual research communities, the Grid IDentity Pool (GrIDP) was created and is in production since about two years. GrIDP is an Identity Federation supporting cross-institutional e-Infrastructure services and communities and providing federated authentication to its members. Through GrIDP, users can access high-level services, such as Science Gateways, either using the credentials provided by the organisations they belong to or those released by catch-all IdPs. In this contribution we intend to present the GrIDP federation, its Identity and Service Providers and the results of the work done in the context of projects such as CHAIN-REDS and eI4Africa to promote the establishment of federated services in the Arab countries, in sub-Saharan Africa and in Latin America.

URL(s) for further info

http://gridp.garr.it and https://refeds.terena.org/index.php/FederationGrIDP

Description of work

The Grid IDentity Pool (GrIDP) is a SAML 2.0 based identity federation which has been created already two years ago to gather all the IdPs which do not already belong to any official federations and all e-researchers who are not (already) registered in any IdPs. This is particularly important and useful in the contexts where it is necessary to authenticate the so-called “citizen scientist” as well as stakeholders and representatives of the general public and let them access the e-Infrastructure for dissemination and self-learning purposes.
So far, inside the GrIDP Federation, which counts 13 partners, there are 11 Identity Providers and about 20 Service Providers. Some of the IdPs are “catch-all” and some others are official services recently established by private and public research organisations, in particular some of the National Research and Education Networks in the Arab countries, in sub-Saharan Africa and in Latin America. Concrete examples will be provided in the presentation.
Furthermore, the activities related to GrIDP are not only aiming at promoting the establishment of identity federations and federated services in various parts of the world, through the deployment of real services, but also at creating local “know-how” and providing training and consultancy. The training materials developed will be shown in the presentation.

Wider impact and conclusions

The Grid IDentity Pool is in line with the recommendations of the “TERENA AAA Study” (https://confluence.terena.org/display/aaastudy/AAA+Study+Home+Page) and relates with several of the findings of the recent document “Enabling Users: Options for Joining eduGAIN” (https://wiki.edugain.org/File:Options-for-Joining-eduGAIN.pdf). GrIDP is not only a worldwide “cross-domain” identity federation but also, and more importantly, a “multi-project” initiative to promote federations and federated services towards National Research & Education Networks and diverse Virtual Research Communities, whose results obtained so far are really noticeable.

Presentation materials

Slides

http://prezi.com/dimueby8eunq/the-grid-identity-pool/