aarc blueprint architecture and its evolution – towards ... · aarc blueprint architecture and...
TRANSCRIPT
![Page 1: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/1.jpg)
EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536.
eosc-hub.eu@EOSC_eu
AARC Blueprint Architecture and its evolution – towards the EOSC AAI for research communities
Dissemination level: Public
![Page 2: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/2.jpg)
31/01/2019 2
AARC Blueprint Architecture and its evolution
ESFRI RIs and EOSC Workshop
![Page 3: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/3.jpg)
“Community-first” AARC BPA approach
Researchers sign in using their institutional (eduGAIN), social or community-managed IdP via their Research Community AAI
Community-specific services are connected to a single Community AAI
Generic services (e.g. RCauth.eu Online CA) can be connected to more than one Community AAI proxies
e-Infra services are connected to a single e-infra SP proxy service gateway, e.g. B2ACCESS, Check-in, Identity Hub, etc
31/01/2019 3
AARC Blueprint Architecture and its evolution
ESFRI RIs and EOSC Workshop
![Page 4: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/4.jpg)
Uniform representation of unique user identifiersStandardised way of expressing group membership, role information & resource capabilitiesNon-web-browser-based access (e.g. SSH/SFTP or HTTP APIs via OAuth2 tokens and X.509 certs)Delegation (e.g. via token exchange)Release of mandatory set of user attributes (incl. unique shared id) - REFEDS Research & Scholarship entity categoryOperational security, incident response, and traceability - REFEDS SirtfiPrivacy requirements for processing personal information - GÉANT Data Protection Code of ConductRules and conditions that govern access to and use of service and resources - WISE Baseline Acceptable Use Policy (AUP)Assurance information - REFEDS Assurance Framework, IGTF/AARC assurance profiles
31/01/2019 4ESFRI RIs and EOSC Workshop
EOSC-hub AAI builds on AARC BPA & Policy best practices & recommendations
![Page 5: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/5.jpg)
Communities with an existing Community AAI can connect to the EOSC-hub e-Infra Proxies and gain access to generic e-Infra servicesCommunities that don’t operate their own AAI service can make use of either dedicated or multi-tenant deployments of AAI services operated by EOSC-hub Multi-tenant deployments:
- aimed at medium-to-small research communities/groups or individual researchers.
- community members, groups and authorisation attributes are still managed by community managers.
Dedicated deployments:- customisation of user-facing interfaces: IdP discovery page,
enrolment, group membership UI- customisation of AAI proxy behaviour (e.g. attribute aggregation
rules, service entitlements)- possibility of bespoke AAI Solutions, which might include
individual Components from the GÉANT eduTEAMS, EGI Check-in, INDIGO IAM, EUDAT B2ACCESS, and PERUN
31/01/2019 5ESFRI RIs and EOSC Workshop
How the EOSC-hub AAI services help communities access resources
![Page 6: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/6.jpg)
31/01/2019 6
EOSC-hub Community AAI services
ESFRI RIs and EOSC Workshop
![Page 7: AARC Blueprint Architecture and its evolution – towards ... · AARC Blueprint Architecture and its evolution. ESFRI RIs and EOSC Workshop. Uniform representation of unique user](https://reader036.vdocuments.us/reader036/viewer/2022062403/5fd3eb7a3e9fbf350a35d308/html5/thumbnails/7.jpg)
@nliampotis
Thank youfor your attention!
Questions?