1 / 6

CLARIN Federated Identity Vision

CLARIN Federated Identity Vision. Dieter van Uytvanck , Daan Broeder. Federated Identity W orkshop at RAL on 2-3 November 2011. CLARIN Fed Id Vision. A set of well defined semantically harmonized user attributes is released by all IdPs in the inter-federation Perhaps by user consent

kirra
Download Presentation

CLARIN Federated Identity Vision

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CLARIN Federated Identity Vision Dieter van Uytvanck, Daan Broeder Federated Identity Workshop at RAL on 2-3 November 2011

  2. CLARIN Fed Id Vision • A set of well defined semantically harmonized user attributes is released by all IdPs in the inter-federation • Perhaps by user consent • … not by IdP consent, which scales badly • In an inter-federation all agreed attributes may pass national borders • Metadata exchange by eduGain • Library walk-ins distinguished by attributes • LoA for credentials distinguished by attributes • Specific community required attributes are stored in ‘external’ community specific attribute store; VO-Platform • Non-browser based resource access still enabled by federated identity: SLICS, OAUTH2,…

  3. CLARIN Use Case Dieter van Uytvanck, Daan Broeder Federated Identity Workshop at RAL on 2-3 November 2011

  4. CLARIN “Holy Grail” User Scenario • A researcher authenticates at his own organization and creates a “virtual” collection of resources from different repositories. • He does this on the basis of browsing a catalogue, searching through metadata, or searching in resource content. • To be granted access to this distributed dataset he signs the appropriate licenses • He is then able to use a workflow specification tool and process this virtual collection using LT tools in the form of reliable distributed web services which he is authorized to use. • (Intermediate) results are stored in a user specific workspace • After evaluation, the resulting data (including metadata) can be added to a repository and the “virtual” collection specification can be stored for future reference using PIDs. For our domain this is ambitious and challenging, but even a partial realization is worthwhile

  5. Use case: creating & using Virtual Collections • user selects suitable resources at center A using a specific app at center A after logging in via his organizational account • user selects suitable resources at center B using a center specific app making use of SSO • references are added to a Virtual Collection registry via a VC registry app for future reference and use • The VC is processed by a workflow of LT Web services • The identity of the user is delegated to shielded WSs that can use it to access resources. Center A Center B 2 1 IdP VC Registry 3 4 WorkFlow manager 5 WS 2 WS 2 WS 1

  6. Obstacles • How do we get the user’s IdP in the national federation and make the IdP release the right attribute(s) to all the CLARIN SPs? • Difficult to choose an always available attribute uniquely identifying the user for autz. Some use ePPNothers … ePTID • Our IdPs and SPs are distributed over Europe, any assumptions about available attributes are necessarily EU wide. • CLARIN (CLARIN SPF) itself distributes the CLARIN SP metadata, every national IDF has its own requirements for this. • We need a way to delegate a users identity to (REST) web services which are widely used in CLARIN. Test setup is being build with BiG-Grid based on OAUTH2

More Related