Speaker
Mr
Nicolas Liampotis
(GRNET)
Description
The European Open Science Cloud (EOSC) aims to enable trusted access to services, systems and the re-use of shared scientific data across disciplinary, social and geographical borders. The EOSC-hub will realise the EOSC infrastructure as an ecosystem of research e-Infrastructures leveraging existing national and European investments in digital research infrastructures. Check-in, which is the AAI Platform for the EGI infrastructure, will be an enabling service of the EOSC-hub AAI platform aiming to provide researchers from all disciplines with easy, integrated and open access to the advanced digital services, scientific instruments, and data.
Check-in has been implemented based on the blueprint architecture and the policy framework from the AARC project. As such, it has been integrated with Identity Providers from eduGAIN and individual organisations to allow users to access services (web and non-web based) using their own credentials from their home organisations. EGI operational tools and services that are connected to Check-in can become available to over 2000 Universities and Research Institutes from the 46 eduGAIN Federations with little or no administrative involvement. Compliance with the REFEDS Research and Scholarship entity category and the Sirtfi framework facilitate sufficient attribute release, as well as operational security, incident response, and traceability. Complementary to this, users without an account on a federated institutional Identity Provider are still able to use social media or other external authentication providers for accessing services that do not require substantial level of assurance. The adoption of standards and open technologies by Check-in, including SAML 2.0, OpenID Connect, OAuth 2.0 and X.509v3, has facilitated interoperability and integration with the existing AAIs of other e-Infrastructures and research communities, such as ELIXIR. Research communities can leverage Check-in for managing their users and their respective roles. For communities operating their own group management system, Check-in has a comprehensive list of connectors that allows to integrate their systems as externally managed Attribute Authorities.
Check-in will contribute to the EOSC infrastructure implementation roadmap by enabling seamless access to a system of research data and services provided across nations and disciplines. Specifically, together with EUDAT B2ACCESS, EGI Check-in will serve as the initial basis of an integrated EOSC-hub AAI that will allow the use of federated identities to authenticate and authorise users and expand the access to services outside the traditional user base, opening them to all user groups including researchers, high-education, and business organisations. The integration activities will ensure the harmonisation of user attributes, the alignment of the levels of assurance, and the uniform representation of group and other authorisation-related information.
The presentation will provide an overview of the Check-in architecture and the various integration workflows in support of today’s use cases for federated access, with an eye to the integrated EOSC AAI ecosystem.
| Topic Area | Security, trust and identity |
|---|---|
| Type of abstract | Presentation (15 minutes) |
Primary authors
Mr
Nicolas Liampotis
(GRNET)
Peter Solagna
(EGI.eu)
