Webinar: The EGI AAI Check-In service for scientific communities

by Nicolas Liampotis (AAI Research Engineer GRNET - Greek Research and Technology Network), Valeria Ardizzone (Service Delivery Officer at EGI Foundation)

Zoom webinar

Zoom webinar


Are you curious to learn more about the EGI AAI Check-In service and how it enables access to EGI services and resources?

Objectives of the webinar

  • Learn about about the EGI AAI Check-in service and how it acts as a Service Providers towards an Identity Provider and vice versa

  • Learn more about the guidelines to support the resource providers’ and communities' needs for federated access

  • Learn more about advanced workflows for addressing non-web-based access use cases (e.g. command line and API)

Target audience

Scientific communities and IT-service providers who operate IdP for them.

Webinar programme (1h)

  • Overview about the EGI AAI Check-In service

  • Guidelines for supporting the resource providers’ and communities' needs

  • Q&A

Description about the presentation

The EGI Check-in service (also called EGI AAI proxy) enables access to EGI services and resources using federated authentication mechanisms. Specifically, the proxy service is operated as a central hub between federated Identity Providers (IdPs) residing ‘outside’ of the EGI ecosystem, and Service Providers (SPs) that are part of EGI. The main advantage of this design principle is that all entities need to establish and maintain technical and trust relation only to a single entity, the EGI AAI proxy, instead of managing many-to-many relationships. In this context, the proxy acts as a Service Provider towards the Identity Providers and as an Identity Provider towards the Service Providers.

Through the EGI AAI proxy, users are able to authenticate with the credentials provided by the IdP of their Home Organisation (e.g. via eduGAIN), as well as using social identity providers, or other selected external identity providers (support for eGOV IDs is also foreseen). To achieve this, the EGI AAI has built-in support for SAML, OpenID Connect and OAuth2 providers and already enables user logins through Facebook, Google, LinkedIn, and ORCID. In addition to serving as an authentication proxy, the EGI AAI provides a central Discovery Service (Where Are You From – WAYF) for users to select their preferred IdP.

The EGI AAI proxy is also responsible for aggregating user attributes originating from various authoritative sources (IdPs and attribute provider services) and delivering them to the connected EGI service providers in a harmonised and transparent way. Service Providers can use the received attributes for authorisation purposes, i.e. determining the resources the user has access to.

During this webinar Nicolas and Valeria will give an overview about the service and provide guidelines to support the resource providers’ and communities' needs for federated access through the EGI AAI Check-In service. The webinar will also cover more advanced workflows for addressing non-web-based access use cases (e.g. command line and API). 

In this context techniques for obtaining credentials on behalf of the end-user using OAuth tokens and X509 proxy certificates through online authorities will be presented.

About the speakers

Nicolas Liampotis received his Diploma in Electrical and Computer Engineering from the National Technical University of Athens in 2005. He has participated in numerous national (funded by various public organisations, as well as private companies) and international (EU-funded) research and development projects (Tequila, Daidalos II, PERSIST, SOCIETIES, ECONET, VI-SEEM, EGI-Engage, EUDAT2020, MAGIC, AENEAS, AARC2, SeaDataCloud, EOSC-hub, NI4OS-Europe). His role in these projects was that of an architecture designer, technical contributor, and software engineer, focusing on the design, development, evaluation, and optimisation of solutions for trust management, privacy protection and federated access in distributed infrastructures. He is currently working at GRNET as a Trust & Identity engineer and is leading the development of the EGI Check-in Authentication & Authorisation Infrastructure service that enables access to research data and services provided across the infrastructures participating in EOSC-hub. He is also involved in the architecture working group within the AARC Engagement Group for Infrastructures (AEGIS), which brings together representatives from research and e-infrastructures, operators of AAI services for a more effective uptake of AAI recommendations in their federated access solutions.

Valeria Ardizzone joined the EGI Foundation in September 2019. She has expertise in many domains, moving from the Authentication and Authorization Federated infrastructure to the Operations in Distributed Computing, passing on IT Service Management, the integration of scientific research applications, user community training and project management.

Before EGI, Valeria worked in GARR as a permanent staff of the Compute and Storage Department, in the context of the GEANT4_2 project and as DECIDE project’s Technical Coordinator. Valeria holds a MSc in Computer Science from the University of Catania (Italy).