Speakers
Description
Driven by the physics communities supported by UKRI-STFC (UK Research and Innovation Science and Technology Facilities Council), the eInfrastructure for Research and Innovation for STFC, or IRIS, is a collaboration of UKRI STFC, science activities and provider entities in the UK. Over the last three years the UK’s IRIS collaboration and IRIS 4x4 project has worked to deploy hardware and federating tools across the range of physics supported by STFC. Providing a coherent framework for accessing HTC, HPC and Open Stack cloud resources the IRIS IAM, a deployment of the INDIGO IAM software, provides federated access to resources based on the AARC blueprint architecture, removing friction for scientific communities and promising to facilitate a new generation of workflows across diverse resources.
Development of the IRIS IAM has been in parallel to other community Authentication and Authorization activities, such as FIM4R and the WLCG authorization project, in order to ensure that the IRIS solution aligns with and supports the work undertaken elsewhere. The IRIS IAM is now an established production service, providing access to a number of IRIS services, including OpenStack clouds, accounting dashboards and security portals. However, work is still underway to enhance the service, including the range and scope of clients the IAM provides access too. This talk shall touch on progress thus far, notable challenges, and next steps and plans for the IRIS IAM service.
The talk will also present recent work investigating methods for supporting federated methods to provide command line access to resources, utilising the IRIS IAM and the OIDC flow. This will include details about the various technologies investigated and an overview of the currently favoured technical solution, an extension of an existing OIDC PAM module to support authorization based on both the preffered_username and the groups scopes.
