You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

As part of the SA1 'CILogon-like TTS Pilot' the NA3 policy team is developing the associated reference policies and integration with the e-Infrastructures (such as EGI) and the R&E Federations and IdPs (including eduGAIN as well as selected IdPs of last resort).

The AARC project is running a pilot with a bridging AAI solution based on the CILogon model to enable resources that use conventional identity and attribute certificates for access control to be used by researchers using exclusively federated credentials. While certificate-based access is effective for many non-web (command-line) and brokered-access (delegation) use cases, exposing this technology to a wide user base is seen as a significant barrier. In this pilot a set of mutually-interconnected third-party software components is composed to hide the technical details of certificate-based access.

It combines authentication using SAML-based identities such as provided by eduGAIN, public-key authentication certificates (PKIX) such as those coordinated by the IGTF, the use of VOMS community membership management statements, and the OpenID Connect authentication protocol, used by many light-weight web applications (e.g. Globus Online and science gateways).

Using the AARC CILogon-like Token Translation Service “TTS” pilot technology, infrastructures such as EGI and ELIXIR can implement AAI controls for their existing resources and services with SAML based credentials in an end-user friendly way.

In order to demonstrate operational feasibility, the following specifications and papers are being developed:

The work also includes the collection of a body of reference documents to support the trust bridge between the generic eduGAIN federations and the RI and eInfra relying parties, leveraging the work of Sirtfi and the baseline assurance levels. It also leverages REFEDS Research and Scholarship (R&S) specifications.


Background presentations:

  • No labels