Speaker
Arnout Terpstra
(SURFnet)
Description
The AARC2 Service Activity 1 Pilots (SA1) demonstrated the feasibility of deploying Authentication and Authorisation Infrastructures (AAI) for research communities and e-infrastructures that fit the overarching AAI model defined by the AARC Blueprint Architecture (BPA). To this end, this activity demonstrated through (pre-)production pilots that:
- The AARC BPA and the related policy documents can be instantiated to fit research communities’ requirements, deployed and operated in production environments.
- Communities are enabled to design and choose an e-infrastructure provider (or more) that can deliver AAI services compliant with the AARC BPA or operate the AAI by themselves.
- User/group information can be retrieved from distributed group managements and attribute providers. This information in combination with the affiliation that is provided by the user Identity Provider is used for authorisation purposes.
To achieve this, several research communities were brought into the project to closely work together with the AARC BPA experts in order to design and develop their own AAI. The communities who were part of AARC2 are: CORBEL, CTA, DARIAH, EISCAT_3D, EPOS, LifeWatch, HelixNebula, Ligo Scientific Collaboration (LSC) and WLCG. The e-infrastructure providers who were part of AARC2 are: EGI, EUDAT, GÉANT and PRACE.
The AARC2 pilots were driven by three main use cases:
- Research and/or e-infrastructures who need an AAI (including an IdP/SP proxy) to enable federated access to their (Web and non-Web) services. The AARC BPA fits these requirements; SA1 supports these communities to deploy their AAI in the most effective and interoperable way.
- Research communities that require access to services offered by different research or e-Infrastructures and wish to use their existing credentials.
- Validating results from Joint Research Activity 1 (JRA1) and Networking Activity 3 (NA3) in a (pre-)production environment.
The approach used by the pilot team started with elaborate interviews with the research collaborations to review the use-cases, scope and plan the pilots. This led to the next 'implementation' phase in which either the research communities themselves or representatives of the e-infrastructures, with support by the pilot team, started implementing the proposed architecture according to their use case. With the feedback from members of the community, lessons learned and the creation of manuals, SA1 closes a pilot cycle. For most of the pilots, the sustainability model is already built in, since the communities had an active role in building their own AAI with the support of the AARC2 team.
During this session, we will briefly present the approach used by the AARC2 pilot team to design and implement a pilot infrastructure according to the AARC BPA. We will also give an overview of the pilots held in AARC2 and the results that came out of it. With this presentation, we hope to inspire other communities and e-infrastructure providers to ensure their infrastructures are in line with the recommendations by AARC to increase interoperability and contribute to improving research.
| Type of abstract | Presentation |
|---|
Primary author
Arnout Terpstra
(SURFnet)
