70 likes | 160 Views
Some data about the CBIC Federation. Some basic facts. Run by the National Council for Scientific Research (CSIC) With the support of RedIRIS Offered to centers belonging to CSIC Based on PAPI The Shibboleth protocol is used at several points In operation since July 2002 176 IdPs 109 SPs
E N D
Some basic facts • Run by the National Council for Scientific Research (CSIC) • With the support of RedIRIS • Offered to centers belonging to CSIC • Based on PAPI • The Shibboleth protocol is used at several points • In operation since July 2002 • 176 IdPs • 109 SPs • 65085 logins in 2006
The Service Providers • Fully federated ones • Access to CSIC library resources • Library portal and meta-searcher (Metalib) • Basic user administration and statistics • Grid infrastructure helpdesk • Based on federation-aware proxies • Content providers • DOI resolver for the proxied providers • Conversations with providers to go Shib-enabled
The Identity Providers • Central LDAP-based WAYF service • May be directly integrated with the login process • Based on the PAPI protocol • Common Shibboleth gateway • Identity is established through e-mail access credentials: POP(S), IMAP(S) • It is recommended to use a LDAP-based attribute repository • Though other (simpler?) methods are supported
Assertions and Schemas • IdPs have to be able to provide data on • Affiliation • Center • Currently using irisPerson20050202 • SCHAC attributes planned for 3rd quarter this year • Policies are explicitly the same that those applied by CSIC to enable access to other networking services • Procedures explicitly mandated and audited by the CSIC Central Computing Service
Management Aspects • No specific agreement required to participate • IdPs are part of the CSIC network • Outer SPs have signed agreements with the CSIC library services • Steering Committee in charge of supervising operations and planning future developments • Operations are responsibility of the CSIC Library Unit • Developments are coordinated by the PAPI team at RedIRIS • Users must explicitly require the service and authorize the exchange of their data