Speaker
Mikael Linden
(CSC)
Description
ELIXIR is the European research infrastructure for biological data. ELIXIR AAI (authentication and authorisation infrastructure) is the ELIXIR service portfolio for authenticating researchers for the ELIXIR services and assisting the services in deciding what the users are permitted to do in the service. ELIXIR AAI is part of the ELIXIR Compute Platform that was established in 2015 to build distributed cloud, compute, storage and access services for the life-science research community.
ELIXIR AAI enables the researcher to use their home organisation logins, enhanced by a multi-factor authentication, to access the ELIXIR services. ELIXIR AAI augments the user identities with extra roles, group memberships and dataset permissions which are useful for managing access rights in the relying services.
ELIXIR makes it possible for a researcher to have a single login to all services. The service providers can outsource their access management to the ELIXIR AAI, enabling them to focus on provisioning of the service. Centralising the AAI service to the research infrastructure allows the development of a more advanced common AAI service for the whole ELIXIR community with less money. For researchers, this mean for instance shorter lead times to access the services and to start the actual research work.
ELIXIR AAI is developed and operated by the Czech and Finnish ELIXIR nodes and became operational in November 2016. It is based on open source components. By October 2017 there were 987 ELIXIR users from 359 universities or research institutions, belonging to 101 groups and making use of the 61 production or test services that rely on the ELIXIR AAI. The services range from simple collaborative services (like intranet or ticketing) to scientific workflows (like Metapipe for marine metagenomics) and private (community) or public (commercial) clouds.
ELIXIR AAI has been developed in connection with the AARC/AARC2 project and e-infrastructures and is an implementation of the AARC blueprint architecture. The ELIXIR AAI together with other BMS AAIs have inspired the work towards a common Life Science AAI for the Life Science ESFRI domain and a related pilot is starting in AARC2.
**Overview of the proposed presentation**
This presentation describes the requirements and design of the ELIXIR AAI and how it is used on some of the ELIXIR services.
Although the ELIXIR AAI is developed to serve the ELIXIR community, many of the components have been deployed also in other Life Science research infrastructures and are applicable in other ESFRI domains. The presentation will also discuss the need to have wider cross-infrastructure co-operation for deployment and operations of AAI services.
**How does your submission address the conference themes of the conference?**
The presentation fits well the topic area 4 on security, especially “Trust and identity use-cases and how they are addressing them”.
**Who is the intended audience for your presentation/session?**
The intended audience are the developers of access management for research or e-infrastructures and the decision makers who design the future digital infrastructures (like the EOSC) and decide what services they will offer.
| Topic Area | Security, trust and identity |
|---|---|
| Type of abstract | Presentation (15 minutes) |
Primary author
Mikael Linden
(CSC)
Co-authors
Dr
Ilkka Lappalainen
(CSC - IT Center for Science)
Michal Prochazka
(CESNET)
