1 / 8

AAI in EGI Status and Evolution

Learn about the authentication and authorization workflows in the European Grid Infrastructure (EGI) and how trust, collaboration, and interoperability are key in providing secure access to IT resources for researchers. Explore the use of X.509 certificates, virtual organization membership, and attribute authorities to ensure uniform access rights across multiple service providers. Discover how EGI bridges other identity federations and enables interoperability for user convenience.

bbarrington
Télécharger la présentation

AAI in EGI Status and Evolution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. European Grid Infrastructure AAI in EGIStatus and Evolution Peter Solagna Senior Operations Managerpeter.solagna@egi.eu GergelySipos Technical Outreach Manager gergely.sipos@egi.eu

  2. European Grid Infrastructure • European • Over 35 countries • Grid • Secure federation of IT resources, computing storage and applications • Infrastructure • More than 340 resource centres • HTC and cloud services • For European researchers and their international collaborators • EDGEGEEEGI • Supporting research for over 10 years • More than 200 user communities, 20k users EGI.eu

  3. Authentication and Authorization in EGI - 1 Authentication: • X.509 personal certificates from IGTF Certification Authorities • CA available in every country • Supported by several Registration Authorities distributed • TerenaCertificate Service for eduGAIN users • Catch-all CA provided by EGI.eu Authorization: • Based on attributes provided by the user communities • Virtual Organization membership • Roles and groups within the VO

  4. Authentication and Authorization in EGI - 2 TRUST TRUST Virtual Organization

  5. The key is: collaboration • Authentication and Authorization workflows scale with the number of service providers and users • User identity is verified by the IGTF Certification Authorities who release the X509 certificates • The certificate enable uniform authentication of the user across resource centres • User communities have the tools to manage the membership of their users and their structure • Collaborate to the trust chain and to integrate the information provided by the Identity Providers • Authorization is based on the Virtual Organization membership and attributes not on the single user identity • The user capabilities based on groups and roles within the VO are reflected into uniform access rights across the sites that support the VO

  6. Extend the X509 mechanism • For some users approaching EGI the X509 mechanism is a barrier • They do not have easy access to a Certification Authority • They would prefer to continue using their institutional credentials • VOs and Resource Providers implement portals to ease the access to the resources • The most effective solution is to bridge other identity federations (eduGAIN, institutional IdP) with the EGI AAI • Technical bridge: credentials translation, support in the middleware for other AuthN protocols • Policy bridge: build trust between SP and IdP, enable different level of trust

  7. Extend federated AuthZ • Provide tools to the users to manage their user communities • Distributed Attribute Authorities connected with the user’s IdPs • Can be used also within application-specific environments for user authorization • Maintain uniform authorization across multiple service providers • Based on the attributes provided by the user communities • Apply the collaborative trust approach of EGI to new authentication technologies

  8. Enable interoperability • E-infrastructures should collaborate in this evolution process • Enable SSO for users who has access to multiple infrastructures • Enable a European Authentication and Authorization Infrastructure that can be used by multiple resource federations and application specific frameworks

More Related