Speaker
Christos Kanellopoulos
(GÉANT)
Description
eduTEAMS is a suite of AAI services, which enable the integration of users from a wide range of environments, connecting them to specific services (such as instruments), and also to other generic services such as storage and compute provided by eInfrastructure providers or even commercial entities.
The development of Phase 1 of eduTEAMS was completed in July 2016 with the successful delivery of the first stage of eduTEAMS Membership Management Service and Identity Hub. The Membership Management Service provides a platform for managing groups, attributes and enrollment for research collaboration’s participants. The service provides additional attributes and groups information for the participants in the context of the collaborations. The Identity Hub proxies multiple external identity providers to one single, persistent SAML2 IdP. This allows research collaborations to use one endpoint for all Guest/External ID scenarios, while at the same time allowing the end users to choose the service they prefer.
Following identification of requirements in the market analysis conducted by GEANT with different types of communities, features were prioritised and key components to deliver those requirements were evaluated and selected, and two classifications for use eduTEAMS cases – basic and advanced – were identified. The requirements identified by the market analysis are in line with the AARC Blueprint Architecture as part of their wider evaluation of research requirements.
The basic use case classification focuses on long-tail usage of federated identity and group management, while the target users for the advanced use case scenario are large Virtual Organisations having a defined legal status and more complex requirements for group and attribute management, as well as control over VO-specific data.
Approaches to service delivery for the use cases were then defined in terms of software development, platform architecture, service approach and outreach. These include: a development approach that combines existing open source components with glue developed by GÉANT to deliver a platform to meet a range of use cases; a platform architecture composed of flexible interoperable components; and a service operational model which enables this common eduTEAMS software platform to deliver either single-tenant or multi-tenant service instances.
Phase 2 development of eduTEAMS takes place within the parameters of these approaches and will cover the following areas:
- General platform improvements to UIs, manageability and scalability.
- Implementation of additional membership management workflows.
- Support for non-SAML attribute authorities.
- Integration of a wider range of identity providers.
- Migration to enhanced discovery services.
| Topic Area | Security, trust and identity |
|---|---|
| Type of abstract | Presentation (15 minutes) |
Primary author
Christos Kanellopoulos
(GÉANT)
Co-authors
Lukas Haemmerle
(SWITCH)
Niels van Dijk
(SURFnet bv)
