1 / 25

Federated Identities and Services: the CHAIN-REDS vision

Federated Identities and Services: the CHAIN-REDS vision. Federico Ruggieri, GARR/INFN. Joint CHAIN-REDS/ELCIRA Workshop, Cancun, May 2014 . Outline. Introduction General information and CHAIN-REDS vision Federated Identities and Services Major achievements The role of NRENs

lluvia
Download Presentation

Federated Identities and Services: the CHAIN-REDS vision

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federated Identities and Services: the CHAIN-REDS vision Federico Ruggieri, GARR/INFN Joint CHAIN-REDS/ELCIRA Workshop, Cancun, May 2014

  2. Outline • Introduction • General information and CHAIN-REDS vision • Federated Identities and Services • Major achievements • The role of NRENs • Conclusions

  3. Coordination & Harmonisation of Advanced eINfrastructures for Research & Education Data Sharing Regional e-Infrastructures Genesis II Interoperability and easiness of access are issues

  4. General information • Co-ordination & Harmonisation of Advanced eInfrastructuresfor Research and Education Data Sharing • Research Infrastructures – Support Action • Grant Agreement n. 306819 • Total Costs of € 2.3 M • Max. EC contribution: € 1.52 M • Start date: 1 December 2012 • Duration: 30 Months

  5. Partners and roles • INFN (IT) – Coordinator • CIEMAT (ES) – WP4 Leader • GRNET (GR) – WP3 Leader • CESNET (CZ) – WP5 Leader • UBUNTUNET (MW) – Africa • CLARA (UR) – Latin America • IHEP (CN) – China • ASREN (DE) – Arab States • SIGMA ORIONIS (FR) – WP2 Leader • C-DAC (IN) – India

  6. Project Strategic Vision • Promote and support technological and scientific collaboration across different eInfrastructures established and operated in various continents to facilitate their uptake and use by established and emerging Virtual Research Communities (VRCs) but also by single researchers • Not only disseminate, exchange and reinforce the best practices currently adopted in Europe and other continents, but also promote the progress of interoperability among different regional eInfrastructures • Study and define a path towards a global eInfrastructure ecosystem that will allow VRCs, research groups and even single researchers to access and efficiently use worldwide distributed resources CHAIN-REDS first periodic review, Madrid, January 2014

  7. Action lines (1/2)

  8. Action lines (2/2)

  9. Collaborations Data and Document Repositories Science Gateways Dissemination Deployment of new IdPs Interperations and Interoperability Policy development

  10. How to check the personal Identity (Authentication) ? • Grid Infrastructures use X509 Digital Certificates • Highly secure system used also for computers and services • Requires a structure of Certification and Registration Authorities that cerify the identity and assign Certificates • Users need to go through a cerification process • Services need to manage and recognise certificates • Why not try to use the identity system of the organisation where the user is affiliated (Identity Providers – IdP) ? • The user already has a Username/Password or another systems he is familiar with. • The organisation can authenticate the user with many different methods: Us/Pw, Certificates, Smart Card, Fingerprint, etc.

  11. Identity Federations in the world 1,000’s Institutions 1,000’s Services >17 millionpeople A lot of work still to be done

  12. Identity Federations (WP5) • BoF organised at TERENA conference • Analysis of the current and alternative AAI mechanisms with a state of the art in the regions addressed by the project – D5.1 • Support for new IdPs

  13. Services • Federations can’t be only made by IdPs • Service Providers (SP) are the other fundamental component • The success of an Identity Federation is not only in the number of IdPs but also in the number of SPs that provide services to the users and make the Federation attractive for new users

  14. eduroam Service • WiFi access across several countries

  15. GÈANT’s eduGAIN goes beyond EU eduGAIN Member Joining eduGAIN Candidate Federation Existing/Pilot Federation Missing Federation

  16. Authentication is not enough • Services require also to profile the users in order to decide what they are allowed to do (Authorisation). • How can we infer the user’s profile from his Authentication ? • We need more info attached to the confirmation of his/her identity. Create User Profile First Login (Registration)

  17. Project’s Recommendations (D5.1) • Eduroam setup • Simple but efficient example of Federated Identity use • Make Eduroam available through all the regions • Identity provisioning • Setup and operate an IdP • Collect experience in setting up IdP (even if shared one) • Identity Management • An often missing piece of IdP setup • EU partners technology used as a starting point • Science Gateway as an IdP service • Certification Authority through IdP • Access to more “standard” services relying on certificates • Simple but useful example of a federated service • Agreement with Comodo for X.509 widely accepted certificates

  18. CHAIN-REDS recommendations and those of the TERENA AAA Study The goal of the report has been broken down into two objectives: • A collection of users’ access requirements coming from different communities • A gap analysis of the existing AAIs used in the realm of research and education, the use-cases they support and the associated challenges

  19. Agreement with Comodo 13 Organisations (11 NRENs); 46 domains validated Long-term agreement like TERENA TCS under discussion

  20. The GrIDP “catch-all” Federation and its “open” and “social” IdPs

  21. New IdPs(LA, Arab Region, sub-Saharan Africa) Many of these were deployed in strong collaboration with other projects like eI4Africa and ELCIRA

  22. New Science Gateways (being) developed and supported by CHAIN-REDS in preparation

  23. The role of NRENs • The NRENs are starting to offer services on top of the connectivity. This is a necessary evolution to address the needs of the users and increase the visibility of the NRENs towards the community. • The Identity Federations can favour the increase of the number of available service and users that can access them without having a different identification. • Several issues need still to be solved and NREN’s can contribute providing requirements, use cases and some software development in an OpenSource environment. • There is thus a Business Case for NRENs to work on in cooperation with EU and other Regions of the world

  24. Conclusions • CHAIN-REDS project has successfully progressed during the first year • It has investigated the advantages and issues related to the Federations of Identity (Deliverable D5.1) • The project is actively collaborating with TERENA and promoting eduroam and eduGAIN • CHAIN-REDS has fostered the creation of new IdPs in the regions addressed by the project • The collaboration with ELCIRA in LA has been particularly significant

  25. Thank you ! www.chain-project.eu proj-office@chain-project.eu

More Related