Versions Compared

Old Version 1

changes.mady.by.user user-e06a9

Saved on

compared with

New Version 2

changes.mady.by.user user-e06a9

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Task Leader: PSNC Maciej Brzeźniak

 This This task aims at improving access to relevant research and education non-web resources located outside the home organization of the user. The main improvement is making to make use of existing AAI AAIs that provide verified institutional user credentials and (external) authorization attributes instead of local user management. While many successful implementations exist already for web portals, the technology for non-web scenarios is still immature.

 

A number of pilots is going to be setup in order to investigate emerging non web SSO solutions and workarounds. The selection of software to be piloted is going to be discussed with JRA1 in order to focus on tools that fit with the requirements of the research community and the blueprint architecture (JRA1.3 and JRA1.4). Also the requirements gathered by JRA1.1. will be used as input material for the assessment of technologies used in the pilots. Finally, the experience gathered while running the pilots and the performed analyses will be used as feedback for the final shaping of the blueprint architecture in JRA1 and best practices recommendations in NA3.

 

. Therefore we focus on suitable approaches and services for token translation. In addition, we will pilot and analyse the usage of user credentials and attributes coming from different AAIs in the second year of this project.

To address the token translation topic we have started two pilots and a:

  • LDAP Facade - The pilot aims at providing access to non-web resources (e.g. sftp, ssh console) for non-grid users by exploiting the existing AAIs, without the need to obtain user certificates.

  • CILogon - The CILogon pilot has started to test the feasibility to provide a more advanced online service for producing certificates based on a institutional login and to delegate a proxy certificate to a non-web back-end service without bothering the user with certificate related complexity

  • Unity - Unity-IdM is the 3rd solution we aim to assess to bridge SAML based identities and attributes to non-web resources. This work will likely be performed in collaboration with the EUDAT AAI team and is currently in preparation

 

In addition, we aim to pilot access to cloud resources. In this context we started to explore and pilot:

  • ORCID.org as a service provider - to be piloted with our AARC research community. Further work includes the feasibility to use ORCID as an attribute authority but this work will take place in SA1 Task 2 (attribute management)
  • OwnCloud and LibreOffice to demonstrate the integration of Libre Office Online with Owncloud as a service that is available through eduGAIN. We will assess its usefulness within the DARIAH community and others
  • Integration opportunities that may arise from services being added to the GN cloud catalogue

Status per June 1st 2016

  • wrapping up findings based on LDAP facade pilot
  • first results available on CI-logon pilot, tested with the Elixir and EGI community, see blog
  • starting up pilot with Unity-IdM and pilot integration of EUDAT, PRACE and EGI e-infrastructures

 Compatibility between the technologies piloted within this task and technologies used for collecting attributes within task SA1.2 will be checked. Attribute requirements for non-web SSO, authorization and provisioning will be investigated and defined. Usage of user credentials and attributes coming from different AAIs, including guest IdPs proposed by SA1.1 will be analyzed as well.