Speaker
Description
Wider impact and conclusions
One of the key objectives of HEXAA to support e-science applications with federated identity management and external attribute authorities. We will present the advantages and the practical results of the integration of WS-PGRADE/gUSE-based science gateways and HEXAA. A federation of e-Science gateways can be easily created on top of HEXAA allowing the different users access to different set of services or tools depending on their own attributes.
Description of work
Higher Education External Attribute Authorities (HEXAA) is a GN3+ open-call project that investigates both the requirements for an external attribute authority and identifies possible use cases within different research user groups. HEXAA builds upon Security Assertion Markup Language (SAML) Attribute Request facility, and relies on the results of the EduGAIN project and considers the requirements of worldwide research communities and federations.
In our view there is a critical deficiency in technical and organizational models of federated attribute handling. The model currently used derives from the concept that Identity Providers (IdP) are the sole sources of the required attributes of the Service Providers (SP). However, this model cannot accommodate real-world requirements.
We propose the use of HEXAA software as an external attribute authority. Using HEXAA will not only protect users’ personal attributes but also facilitate the release of attributes via standardized methods with the user’s full consent and control. This software solution will enable the virtual organization (VO) administrators to maintain a list of supplementary attributes for specific services (i.e., attribute release policy); it will also enable users to maintain some of their own attributes (i.e., user profile); and finally it will enable VO administrators to maintain VO-specific user attributes (i.e., users’ VO profiles). We believe that this model will also significantly increase the ability of IdPs and SPs to join federations.
One of the key objectives of HEXAA to support e-science applications with federated identity management and external attribute authorities. We will present the advantages and the practical results of the integration of WS-PGRADE/gUSE-based science gateways and HEXAA. A federation of e-Science gateways can be easily created on top of HEXAA allowing the different users access to different set of services or tools depending on their own attributes.