Versions Compared

Old Version 9

changes.mady.by.user user-e06a9

Saved on

compared with

New Version 10

changes.mady.by.user user-e06a9

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


Pilots

started 

performed 

  • In task 3 "Access to Resources" quite some progress has been made in establishing token translation pilot services. One pilot focuses on the application of CI-Logon components + add-ons to bridge the gap between the world of SAML based authentication (NRENs) and that of certificate based authentication (GRID and e-infrastructure providers). A description of our intermediate results are available in this blog and this presentation. In a second pilot on access to resources, we assess the feasibility to enable non-web single sign-on based on LDAP Facade, developed by the Karlsruhe Institute of Technology. At the same time we started to engage a number of service providers to pilot with provisioning their services as a service provider or attribute authority. One example is ORCID. ORCID.org offers researchers a persistent life long digital ID. Providing access to ORCID with a federated account and including ORCID as an Attribute Authority may provide interesting clues for Research Communities & AAIs. Read more about the pilot with ORCID in AARC: see powerpoint

    • With these efforts we identified interesting clues but also a number of challenges we need to solve to be able to bridge different research infrastructures and communities. A brief overview of all ongoing and planned pilots is available hereFurther details and updates will follow soon.

     

    More details per task are available here:

  • Guest Access (TSA1.1)
  • Attribute Management (TSA1.2)
    • Access to Resources (TSA1.3)

    Based on the guiding documents of the AARC architecture (JRA1) and the AARC policy harmonisation (NA3) activities we commenced the first pilot cycles:

    In task 1 "Guest Access" we started a pilot to involve Libraries in the identification and hands-on implementation of relevant solutions to support their migration from IP-based authentication against publishers' online resources to a SAML/federated based approach. This work focuses on embracing all possible users that need access to library resources (including so-called walk-by users which may be citizen scientists) and all relevant service providers, including those who only support IP-address based access control. With this pilot we want to show that it is possible to apply the principle of inclusiveness and at the same hide complexity for the user.
    More details on the status of this work are available here
    In task 2 "Attribute Management" we pilot the use of SAML based attribute authorities to provide authoritative information e.g. to be consumed by cloud services at EGI. The Attributes Authorities (AAs) used in this context are PERUN and COmanage (or even ORCID as an AA). Attribute aggregation components used are OpenConext and SimpleSAMLphp. At later phase we aim to address and pilot scenarios where attributes from multiple attribute authorities (and probably multiple VOs) flow into service. E.g. consider a cloud provider that wants to serve several Virtual Organizations, managed by different Virtual Organization Manager Entities.

    performed a total number of 18 pilots. A full list of the pilots, their descriptions, showcases etc. is available here: