9-11 October 2018
Lisbon
Europe/Lisbon timezone

CTA AAI solution based on the AARC Blueprint

Not scheduled
15m
Lisbon

Lisbon

ISCTE, University of Lisbon
Poster Posters

Speaker

Eva Sciacca (INAF)

Description

Building on the technology of current generation ground-based gamma-ray detectors, the Cherenkov Telescope Array (CTA) will be ten times more sensitive and have unprecedented accuracy in detection of high-energy gamma rays. CTA is designed to detect gamma rays over a larger area with respect to current telescope arrays and a wider range of views. The CTA consortium is an experimental scientific collaboration consisting of over 1350 members working in 32 countries from 210, mostly academic, institutes. The geographical location of consortium members leads to the need of a pervasive federated identity management network (based on the eduGAIN interferation [1]). CTA is implementing a pilot Authentication and Authorization Infrastructure (AAI) based on the AARC Blueprint Architecture (BPA) [2] and a TIER approach [3], including a proxy, an attribute authority (based on COmanage) and a groups management solution (based on Grouper). The goal of this pilot is to onboard the CTA community on federated identity in a larger, broader meaning - moving from a stand-alone solution based on an Identity Provider (IdP) to a fully federated one as a possible long term goal. In the meanwhile, short terms goals for the pilot are the implementation of the TIER-like components and a proxy to work in a synergic way for the CTA AAI. Identity linking between the IDs of the current standalone CTA IdP and the eduGAIN ones are a relevant goal for this pilot. Overall the work carried out within the pilot consisted of: 1. Defining clear user management processes to enable eduGAIN onboarding of all existing and new CTA users - This process defines steps to interface and integrate COmanage and Grouper, provisioning process of users inside COmanage, account linking for users owning both (CTA local and eduGAIN) identities; 2. Setting up all required infrastructural components required to implement the BPA compliant architecture: COmanage, SATOSA proxy; 3. Actual piloting all the foreseen steps for users to exploit all provider Authentication and Authorization scenarios according to their needs. The final goal of the pilot is to demonstrate the solutions designed and implemented to ensure full onboarding on eduGAIN of the CTA user community. For this reason, we have piloted and demonstrated the whole set of different authentication flows foreseen for the users. [1] eduGAIN interfederation: http://www.geant.org/Services/Trust_identity_and_security/eduGAIN [2] The AARC Blueprint Architecture: https://aarc-project.eu/architecture/ [3] Trust and Identity in Education and Research (TIER): https://www.internet2.edu/vision-initiatives/initiatives/trust-identity-education-research/

Summary

The Cherenkov Telescope Array (CTA) is implementing a pilot Authentication and Authorization Infrastructure (AAI) based on the AARC Blueprint Architecture (BPA) and a TIER approach, including a proxy, an attribute authority and a groups management solution. The goal of this pilot is to onboard the CTA community on federated identity in a larger, broader meaning - moving from a stand-alone solution based on an Identity Provider to a fully federated one as a possible long term goal.

Type of abstract Poster

Primary author

Dr Fabio Vitello (INAF)

Co-authors

Alessandro Costa (INAF) Eva Sciacca (INAF) UGO BECCIANI (INAF)

Presentation Materials

There are no materials yet.