...
- Analysis of user- community requirements
- Existing AAI and available technologies for federated access
- First Draft of the blueprint architecture (a 2nd revised version is currently in preperation)
Pilots performed
Based on the guiding documents of the AARC architecture (JRA1) and the AARC policy harmonisation (NA3) activities we performed a total number of 18 pilots. A full list of the pilots, their descriptions, showcases etc. is available here:As of March 2017, a large number of pilots have been prepared and lined up as part of the AARC SA1 activity. We assessed the suitability of many different components to handle common issues experienced in R&E. Topics range from handling guest users, managing attributes, to performing token translations. A detailed overview of all components piloted is available here:
Expanding the reach of federated access
Libraries
- LibrariesConsortiumProxy Portal & Hub for library consortia - tested with Greek Heal link consortium
- LibrariesEZproxy Hybrid SAML and IP address based AuthN – tested with IT library community
- LibrariesWalkInUsersPortal Entry for guest users to access library sources – tested with IT library community
Check this flyer with a general overview of the pilots: <Click library pilots pdf leaflet> and give us feedback via this online survey
Guest access
- ORCIDpilot SAML ORCID account linking – in production at ORCID.org
- COmanageORCIDPilot AuthN with ORCID iD and writing it to LDAP for use in collaboration services - tested with Dutch research communities
- SocialIDpilot Include Social Identities (FB/LI/ORCID/Ggl) in the Authentication and Authorization – tested with EGI
- eduTeams Lightweigth proxy to bridge between SAML2 various Authentication Sources (AuthSources) – to be tested with BBMRI
Testing technical and policy components
Attribute management - <Click attribute management pdf leaflet>
AttributeManagementPilot Attribute management and proxying to manage access to OpenStack – tested with EGI
- BBMRIAAIPilot Attribute management and proxying to manage access to BBMRI services – tested with BBMRI
- PerunVOMSCILogonPilot X509 access to Elixir and EGI services with Authz pushed from Perun to VOMS into cert –tested with Elixir
TTS pilots
- IGTF to eduGAIN proxy X509 to SAML in order to access Services published to eduGAIN – tested with EGI, now in production with R&S and SIRTFI
- CILogon-like pilot SAML to certificate – tested with Elixir and EGI community
- COmanageSSHPilot SAML to ssh + workflows and audit trail – tested with NL BBMRI community, EGI....
- WaTTS (SSH-plugin) stand alone p&p TTS using OIDC to generate ssh key – tested with EGI
- WaTTS (RCauth-plugin) using OIDC to generate session inside which an RCauth Certificate is stored – tested with EGI, B2Access, HBP, Indigo
- LDAPfacade Providing access to non-web resources via SAML and PAM– tested at PSNC