EOSC-hub tech-talk: AAI

Friday 15 Jun 2018, 11:00 → 12:30 Europe/Amsterdam

Gergely Sipos (EGI.eu)

This is the second EOSC-hub tech-talk, focussing on Authentication Authorisation Infrastructure Services. Each EOSC-hub tech-talk is a webinar-meetup with a short presentation about the technical area by topic experts, followed by short presentations of problems/requirements that EOSC-hub communities bring from that area, finishing with Q&As to identify solutions for the problems raised. Tech-talks aim to be consultancy events that bring together technical expert and scientific communities. If you are representative of a scientific community and wish to raise your domain problems/requirements during the tech-talk, then please to prepare 2 slides in advance of the meeting: One slide about your envisaged use of AAI services; and one about the open questions/problems/requirements you have in this topic. Please send the slides at least 2 days before the meeting to gergely.sipos@egi.eu, giacinto.donvito@ba.infn.it, diego.scardaci@egi.eu. Link to connect: https://global.gotomeeting.com/join/248211405 Agenda: - EOSC-hub AAI: High-level Architecture, Use cases, Community requirements - EOSC-hub Community AAI services: * B2ACCESS * IAM * eduTEAMS * Check-in * Perun There is time for Q&A after each talk.

Intro_slides https://docs.google.com/presentation/d/1t_JWcPa8io4uCnuEP0zsIvIu5ahnGHa_NfLRFFiyIcU/edit?usp=sharing

Slides

• 20180615-eduTEAMS-EOSC-hub-Tech-Talk.pptx
• B2ACCESS.pdf
• EOSC-hub_AAI_TeckTalk_-_Check-in.pptx
• https://docs.google.com/presentation/d/1coxGoztnJ6vo3Pz2JAQ1gkxyTHwXCP4Mb3G9BhMljT8/edit#slide=id.p
• https://docs.google.com/presentation/d/1coxGoztnJ6vo3Pz2JAQ1gkxyTHwXCP4Mb3G9BhMljT8/edit#slide=id.p
• IAM-EOSC-Hub-TechTalk-150618.pdf

Notes of the EOSC-hub AAI tech-talk, 15/June/2018

Notes by Gergely Sipos

Summary of presentations:

• The ' AARC AAI proxy architecture' is the way by which EOSC-hub enables user communities to interact with EOSC-hub services. According to this architecture AAI proxies connect user identities (from connected IdPs) - optionally enriched with user profile information (from attribute providers) - and services (connected SPs). IdPs, SPs, attribute providers can be either inside EOSC-hub, outside EOSC-hub (within the 'community space') or mixed.
• There are 4 AAI proxy solutions offered in the project: Check-In; IAM; B2ACCESS; EduTeam. The 4 technology do more-or-less the same, however there are some differences in their functionality; in the level of their integration with IdPs, SPs and attribute providers of EOSC-hub; in their usage conditions. (Note: Check-in and eduTEAMS use COmanage technology)
• There are 5 attribute provider solutions available in the project: Perun, COmanage, Unity IDM, HEXAA, VOMS. Perun is developed by CESNET (a project partner).
• AAI proxies and attribute providers can be deployed by the user community; Or can be operated by EOSC-hub 'as a service' for the user community
• AAI proxies use data standards to share and exchange data with each other and with the IdPs, SPs (such as this doc about group information: https://aarc-project.eu/wp-content/uploads/2017/11/AARC-JRA1.4A-201710.pdf)
• Individual presentations followed, describing Check-In; IAM; B2ACCESS; EduTeam and Perun attribute provider technologies

Next steps:

1. Suggestion from communities: Technology providers to share existing materials (documentation, videos, etc.) about their technology. Add this onto the AAI page in Wiki. --> Nicolas as AAI task leader

2. Suggestion from communities: AAI team to setup a guide page in the EOSC-hub wiki about the AAI proxy architecture and the 4 supported technologies. The page should guide user communities in choosing the most suitable AAI proxy technology and operational model (in-house/aaS). Suggest the page to have a 'features table' that highlights the main capabilities of the 4 options --> Nicolas to follow up as AAI task leader

3. WP7-8-9 collect information from their communities about which AAI proxy technology with what deployment option each community prefers to use, or the open questions they still have to decide on a solution. Those that don't have a preference will have to be provided with a catch-all service by the project. --> Gergely, Claudio, Marcin

Initial ideas for the AAI proxy technology features table (Action 2 above):

• Already compatible services (SPs)
• Already compatible identity providers (IdPs)
• Already compatible attribute providers (Comanage and Perun for Check-In)
• Operational mode (in-house / as a Service / both)
• Support for non-web access
• Support for AUP enforcement
• Current user base
• Sustainability (esp. Guarantees for operation&support beyond the project lifetime)
• ...