Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536.
eosc-hub.eu@EOSC_eu
AARC Blueprint Architecture and its evolution – towards the EOSC AAI for research communities
Dissemination level: Public
31/01/2019 2
AARC Blueprint Architecture and its evolution
ESFRI RIs and EOSC Workshop
“Community-first” AARC BPA approach
Researchers sign in using their institutional (eduGAIN), social or community-managed IdP via their Research Community AAI
Community-specific services are connected to a single Community AAI
Generic services (e.g. RCauth.eu Online CA) can be connected to more than one Community AAI proxies
e-Infra services are connected to a single e-infra SP proxy service gateway, e.g. B2ACCESS, Check-in, Identity Hub, etc
31/01/2019 3
AARC Blueprint Architecture and its evolution
ESFRI RIs and EOSC Workshop
Uniform representation of unique user identifiersStandardised way of expressing group membership, role information & resource capabilitiesNon-web-browser-based access (e.g. SSH/SFTP or HTTP APIs via OAuth2 tokens and X.509 certs)Delegation (e.g. via token exchange)Release of mandatory set of user attributes (incl. unique shared id) - REFEDS Research & Scholarship entity categoryOperational security, incident response, and traceability - REFEDS SirtfiPrivacy requirements for processing personal information - GÉANT Data Protection Code of ConductRules and conditions that govern access to and use of service and resources - WISE Baseline Acceptable Use Policy (AUP)Assurance information - REFEDS Assurance Framework, IGTF/AARC assurance profiles
31/01/2019 4ESFRI RIs and EOSC Workshop
EOSC-hub AAI builds on AARC BPA & Policy best practices & recommendations
Communities with an existing Community AAI can connect to the EOSC-hub e-Infra Proxies and gain access to generic e-Infra servicesCommunities that don’t operate their own AAI service can make use of either dedicated or multi-tenant deployments of AAI services operated by EOSC-hub Multi-tenant deployments:
- aimed at medium-to-small research communities/groups or individual researchers.
- community members, groups and authorisation attributes are still managed by community managers.
Dedicated deployments:- customisation of user-facing interfaces: IdP discovery page,
enrolment, group membership UI- customisation of AAI proxy behaviour (e.g. attribute aggregation
rules, service entitlements)- possibility of bespoke AAI Solutions, which might include
individual Components from the GÉANT eduTEAMS, EGI Check-in, INDIGO IAM, EUDAT B2ACCESS, and PERUN
31/01/2019 5ESFRI RIs and EOSC Workshop
How the EOSC-hub AAI services help communities access resources
31/01/2019 6
EOSC-hub Community AAI services
ESFRI RIs and EOSC Workshop
@nliampotis
Thank youfor your attention!
Questions?