here come the feds n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Here Come the Feds PowerPoint Presentation
Download Presentation
Here Come the Feds

Loading in 2 Seconds...

play fullscreen
1 / 9

Here Come the Feds - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Here Come the Feds. Federated identity management : the consumer’s perspective. Jens Jensen, STFC On behalf of EUDAT AAI TF. EGI CF Manchester April 2013. Background – EUDAT in nuce. EUDAT is building a data e-infrastructure Support user communities (ESFRI)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Here Come the Feds' - jalila


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
here come the feds

Here Come theFeds

Federatedidentitymanagement:

theconsumer’sperspective

Jens Jensen, STFC

On behalf of EUDAT AAI TF

EGI CF Manchester April 2013

background eudat in nuce
Background – EUDAT in nuce
  • EUDAT is building a data e-infrastructure
    • Support user communities (ESFRI)
      • CLARIN (linguistics, heterogeneous + long tail)
      • ENES (climate)
      • EPOS (Earth obs)
      • VPH (human physiology)
      • LifeWatch (biodiversity)
    • Move data in and out of EUDAT: PRACE, EGI, …
    • Move data between sites (replication)
    • Data storage for individual users
principles aai
Principles: AAI
  • Authentication
    • Make use of existing infrastructures
    • SSO whenever possible
    • Make use of existing code - pragmatic
  • Authorisation
    • Link to community rôles (users can be in more than one community)
  • Infrastructure
    • Like the grids, secure with IGTF+commercial
requirements
Requirements

Scalable (10**7 users)

Easy enough to use for “non-technical” users

Support long tail researchers (aka homeless)

Portal and command line login

Mature, robust, performant

Standards-based

Work with existing community practices (if pos.)

Communities manage authorisation policies

premise
Premise
  • Support existing user communities
    • CLARIN already using Shib (note the ePTID problem)
    • ENES already use OpenID (in ESGF)
    • Provide “authentication services”
  • Federated identity management
    • Must work with iRODS for data storage
    • Must work with GridFTP (and GlobusOnline) for data movement
    • Must work with Invenio (ORCID)
plan a and plan b api
Plan A and Plan B API

Redirect to EUDAT

Obtain Access Token

Call CA API

Plan A

Plan B

evaluations 2010
Evaluations – 2010

Standalone Shib (or SAML)

Work with a single community’s portal

Use SimpleSAMLPhp

EGI or GEMBUS STS

Contrail AAI code – see Yvon’s talk

Moonshot

findings
Findings
  • Code satisfying most requirements least mature
  • Need X.509 – at least internally (GridFTP)
  • Need good docs for integrators – and effort!
    • Need to be able to work with betas
  • Technical collaborations: EGI, EUDAT, Contrail
  • Supporting multiple communities:
    • Ends up being kludgy
    • MyProxy for GO, OAuth2 for ORCID, …
  • Requirements change regularly
  • Can spend ∞ time on evaluations