1 / 9

Here Come the Feds

Explore the principles behind Federated Identity Management (AAI) and its importance in EUDAT's data e-infrastructure to support various user communities like CLARIN, ENES, EPOS, and more. Learn about the challenges, requirements, and findings in implementing scalable and secure authentication and authorization systems.

jalila
Télécharger la présentation

Here Come the Feds

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Here Come theFeds Federatedidentitymanagement: theconsumer’sperspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013

  2. Background – EUDAT in nuce • EUDAT is building a data e-infrastructure • Support user communities (ESFRI) • CLARIN (linguistics, heterogeneous + long tail) • ENES (climate) • EPOS (Earth obs) • VPH (human physiology) • LifeWatch (biodiversity) • Move data in and out of EUDAT: PRACE, EGI, … • Move data between sites (replication) • Data storage for individual users

  3. Principles: AAI • Authentication • Make use of existing infrastructures • SSO whenever possible • Make use of existing code - pragmatic • Authorisation • Link to community rôles (users can be in more than one community) • Infrastructure • Like the grids, secure with IGTF+commercial

  4. Requirements Scalable (10**7 users) Easy enough to use for “non-technical” users Support long tail researchers (aka homeless) Portal and command line login Mature, robust, performant Standards-based Work with existing community practices (if pos.) Communities manage authorisation policies

  5. Premise • Support existing user communities • CLARIN already using Shib (note the ePTID problem) • ENES already use OpenID (in ESGF) • Provide “authentication services” • Federated identity management • Must work with iRODS for data storage • Must work with GridFTP (and GlobusOnline) for data movement • Must work with Invenio (ORCID)

  6. Plan A and Plan B API Redirect to EUDAT Obtain Access Token Call CA API Plan A Plan B

  7. Evaluations – 2010 Standalone Shib (or SAML) Work with a single community’s portal Use SimpleSAMLPhp EGI or GEMBUS STS Contrail AAI code – see Yvon’s talk Moonshot

  8. Findings • Code satisfying most requirements least mature • Need X.509 – at least internally (GridFTP) • Need good docs for integrators – and effort! • Need to be able to work with betas • Technical collaborations: EGI, EUDAT, Contrail • Supporting multiple communities: • Ends up being kludgy • MyProxy for GO, OAuth2 for ORCID, … • Requirements change regularly • Can spend ∞ time on evaluations

More Related