EOSC-hub tech-talk: AAI

Gergely Sipos (EGI.eu)
This is the second EOSC-hub tech-talk, focussing on Authentication Authorisation Infrastructure Services. Each EOSC-hub tech-talk is a webinar-meetup with a short presentation about the technical area by topic experts, followed by short presentations of problems/requirements that EOSC-hub communities bring from that area, finishing with Q&As to identify solutions for the problems raised. Tech-talks aim to be consultancy events that bring together technical expert and scientific communities. If you are representative of a scientific community and wish to raise your domain problems/requirements during the tech-talk, then please to prepare 2 slides in advance of the meeting: One slide about your envisaged use of AAI services; and one about the open questions/problems/requirements you have in this topic. Please send the slides at least 2 days before the meeting to gergely.sipos@egi.eu, giacinto.donvito@ba.infn.it, diego.scardaci@egi.eu. Link to connect: https://global.gotomeeting.com/join/248211405 Agenda: - EOSC-hub AAI: High-level Architecture, Use cases, Community requirements - EOSC-hub Community AAI services: * B2ACCESS * IAM * eduTEAMS * Check-in * Perun There is time for Q&A after each talk.

Notes of the EOSC-hub AAI tech-talk, 15/June/2018

Notes by Gergely Sipos

Summary of presentations:

  • The ' AARC AAI proxy architecture' is the way by which EOSC-hub enables user communities to interact with EOSC-hub services. According to this architecture AAI proxies connect user identities (from connected IdPs) - optionally enriched with user profile information (from attribute providers) - and services (connected SPs). IdPs, SPs, attribute providers can be either inside EOSC-hub, outside EOSC-hub (within the 'community space') or mixed.
  • There are 4 AAI proxy solutions offered in the project: Check-In; IAM; B2ACCESS; EduTeam. The 4 technology do more-or-less the same, however there are some differences in their functionality; in the level of their integration with IdPs, SPs and attribute providers of EOSC-hub; in their usage conditions. (Note: Check-in and eduTEAMS use COmanage technology)
  • There are 5 attribute provider solutions available in the project: Perun, COmanage, Unity IDM, HEXAA, VOMS. Perun is developed by CESNET (a project partner).
  • AAI proxies and attribute providers can be deployed by the user community; Or can be operated by EOSC-hub 'as a service' for the user community
  • AAI proxies use data standards to share and exchange data with each other and with the IdPs, SPs (such as this doc about group information: https://aarc-project.eu/wp-content/uploads/2017/11/AARC-JRA1.4A-201710.pdf)
  • Individual presentations followed, describing Check-In; IAM; B2ACCESS; EduTeam and Perun attribute provider technologies

Next steps:

  1. Suggestion from communities: Technology providers to share existing materials (documentation, videos, etc.) about their technology. Add this onto the AAI page in Wiki. --> Nicolas as AAI task leader

  2. Suggestion from communities: AAI team to setup a guide page in the EOSC-hub wiki about the AAI proxy architecture and the 4 supported technologies. The page should guide user communities in choosing the most suitable AAI proxy technology and operational model (in-house/aaS). Suggest the page to have a 'features table' that highlights the main capabilities of the 4 options --> Nicolas to follow up as AAI task leader

  3. WP7-8-9 collect information from their communities about which AAI proxy technology with what deployment option each community prefers to use, or the open questions they still have to decide on a solution. Those that don't have a preference will have to be provided with a catch-all service by the project. --> Gergely, Claudio, Marcin

Initial ideas for the AAI proxy technology features table (Action 2 above):

  • Already compatible services (SPs)
  • Already compatible identity providers (IdPs)
  • Already compatible attribute providers (Comanage and Perun for Check-In)
  • Operational mode (in-house / as a Service / both)
  • Support for non-web access
  • Support for AUP enforcement
  • Current user base
  • Sustainability (esp. Guarantees for operation&support beyond the project lifetime)
  • ...
There are minutes attached to this event. Show them.
The agenda of this meeting is empty