Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
http://aarc-project.eu
AuthenticationandAuthorisationforResearchandCollaboration
LiciaFlorio
I2GlobalSummit
User-DrivenInnovationintheR&ECommunity
Chicago,16May2016
AARCProjectCoordinator
http://aarc-project.eu
• EnablefederatedaccessforeScience projects.• Aproposalforapossiblearchitecturetoachievetheintegration.• Aproposaltofixthingswhenansecurityincidenthappens.
2
Aboutthissession
http://aarc-project.eu 3
TheGlobalNatureofResearch
http://aarc-project.eu 4
Wehaveallheard
Research doesnotendattheborders
Weshouldsupportourresearchers
Whyshouldwechangesomanythingsforafewresearchers?
Wherearetheseresearchers?
http://aarc-project.eu 5
The‘fewresearchers’madethenews
http://aarc-project.eu 6
BottomupApproach
Users'requirementsledthedevelopmentsofT&Iinfrastructures
Differentflavors,differenttechnologies:stillonegoal
http://aarc-project.eu 7
FromLocaltoGlobal- T&IInfrastructures
107
• Toenable federatedaccesstothenetwork
• Inproductionsince2004
• Toenable federatedaccesstoservices operatedbynational R&Eidentity federations
• Inproductionsince2011
Builtonnationalinfrastructures!
http://aarc-project.eu 8
Ande-Researchfederatedworld
wLCGFIM4R pilot
http://aarc-project.eu 9
ThinkGlobal,ActLocal
Notreally–Research&e- infrastructuresagreeonreusingratherthanreinventing
http://aarc-project.eu 10
ThinkGlobal:theAARCproject
AvoidafutureinwhichnewresearchcollaborationsdevelopindependentAAIs
http://aarc-project.eu 11
ThinkGlobal– Theproject
11
• Two-yearEC-fundedproject• 20partners• NRENs, e-InfrastructureprovidersandLibrariesasequalpartners
• About3Meurobudget• Startingdate1stMay,2015• https://aarc-project.eu/
AuthenticationandAuthorisationforResearchandCollaboration
http://aarc-project.eu
Innovationviausers,integrationviaresearch-e-infrastructures,outreachviatraining
12
AARCApproach
Support e-infrastructures todeploy AARC results
Pilot relevant use-cases to test policies and technologies
Promote results viatraining asneeded
Researchers-drivenapproach todesign an
integratedAAIarchitecture
http://aarc-project.eu 13
AddressingTheRequirements
Non-web-browser
Guestusers
PersistentUniqueId
Credentialtranslation
AttributeAggregation
AttributeRelease
LevelsofAssurance
CommunitybasedAuthZ
Social&e-Gov IDs
Step-upAuthN
UserManagedInformation
UserFriendliness
IncidentResponse
BestPractices
CredentialDelegation
SPFriendliness
http://aarc-project.eu 14
ATokenTranslationsServiceforEuropeUse-cases:• HidePKIXcomplexityfromtheusers.• FederatedAccesstowebandnon-webresources.• Supportdifferenttypeofcredentialsanddelegation.• Enablesaccesstodifferentresourceviaportal.
Benefits:• AllowsforVOservices, ie.VOMS• Offeredtoresearchcommunitiesasservice
http://aarc-project.eu 15
Flow
15
• Sirtfi• REFEDS“R&S”
http://aarc-project.eu 16
Summary
16
FederatedApproachisthewaytogo(butthetechnologymaychange)
Muchmoreawareness aboutAAIs,righttimeforcrossinfrastructurescollaboration
AARChasshownthataframeworkinplacefacilitate collaboration
Mainchallenge todateislackofattributes
http://aarc-project.eu
©GEANT onbehalf of theAARCproject.Theresearchleading totheseresultshasreceivedfundingfromtheEuropeanUnion’sHorizon2020researchandinnovationprogrammeunderGrantAgreementNo.653965(AARC).
ThankyouAnyQuestions?