1 / 18

Resource Entitlement Management System

Resource Entitlement Management System. Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science. Affaire Tournesol. Background. CSC is a non-profit state company ICT services for research groups & higher education institutes

mead
Download Presentation

Resource Entitlement Management System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ResourceEntitlement Management System Manne Miettinen Mikael Linden Janne Lauros CSC – IT Center for Science

  2. Affaire Tournesol

  3. Background • CSC is a non-profit state company • ICT services for research groups & higher education institutes • Wide co-operation with universities and research institutes (incl. Statistics Finland) • CSC has operated the Finnish academic identity federation, Haka, since 2005 • Switzerland and Finland are the European pioneers in federated identity

  4. Service 1 e.g. Library portal Learning management system (LMS) Service 2 Identity federation Local user accounts University A Research Institute B Local user accounts Local user accounts Polytechnic C

  5. Haka – the federation of Finnish HE Haka federation of the Finnish higher education • Identity Provider maintains the end user’s identities (identifiers, roles and other attributes) • Identity Provider authenticates an end user • Identity Provider release end user’s attributes to the service provider • Based on the attributes, the Service Provider decides what kind of services the user is authorised to use Identity Provider (Home university) Service Provider U of Turku National Library portal IdP SP Institutiona Library Management Systems U of Helsink IdP SP Learning Management System (Moodle etc) U of Tamper IdP SP ASP/SaaS services in university administration UAS of Turk IdP SP CSC’s services to researchers (HPC, grids) UAS of Hels IdP SP etc IdP

  6. Relying on the REMS access rights attributes Identity Provider Service Provider IdentityProvider Service Provider attributes + entitlements entitlements attributes REMS Attribute Provider REMS IdP proxy (a) External attribute provider (b) IdP proxy (c) Or a custom REMS integration

  7. Identity Federations in Europe

  8. Federated identity + workflow = REMS • Basic idea of REMS is to • replace paper based application process with an automated tool • build on top of federated identity to avoid unnecessary and error prone manual maintenance work of user information

  9. Access to research datasets 0. Fullypublicaccess 1. Researcherhas a role/groupmembership • IdPmanaged/VO-managed 2. Researchercommits to datasets’ licenceterms 3. Researcherfills in and submits an application - Datasetownerapproves/rejects Oranycombination of 1, 2 and 3. Resourceentitlement management system (REMS)

  10. The REMS concept 3. Circulate to approver 1. Apply for access DAC 1Approver IdP PrincipalinvestigatorApplicant 4. Approve Dataset 1 SP REMS IdP DAC 2Approver Workflow 2. Commit to licence terms Research groupMembers of the application Dataset 2 Reports Metadata on dataset 1&2 Entitlements IdP 5. Access

  11. CASE: Finnish Social Science Data Archive

  12. CASE: process for applying access to the Nordic Control Database

  13. Benefits of REMS • Reduces throughput times of the application process • Provides easier reporting/audit tools for owners of the resource and the applicant • Increases information security also by relying on end users’ home institutions usernames/passwords and federated authentication

  14. The REMS implementation • Created originally in the ELIXIR ESFRI project • Academy of Finland and Ministry of Education and Culture via CSC) e.g. NOT EU FP7, EMBL etc. • ELIXIR Finland hosted at CSC offers REMS as a service for biomedical data hosting services in ELIXIR • Discipline-independent • A Java portlet on Liferay, using Vaadin framework • Open source (LGPL)

  15. Work-in-progress Development • UI improvements, vulnerabilitytests, documentation, publish the code, bugfixes and feature requests Operations • maintenance, support, helpdesk Deployment • new: FSD, TTA, LBR • extend: EGA, biobanking

  16. REMS demo

  17. REMS = TAAS? • Accredited institution = Identity federation? • Requestor’s affiliation = Identity federeration (affiliation = ”faculty”) • Application must be approved = REMS

  18. Links • REMS • https://remsdemo.csc.fi/ • http://www.csc.fi/rems • https://tnc2013.terena.org/core/presentation/18 • Identity federation • http://www.edugain.org/technical/status.php • https://refeds.org/

More Related