250 likes | 414 Views
Federated Identities and Services: the CHAIN-REDS vision. Federico Ruggieri, GARR/INFN. Joint CHAIN-REDS/ELCIRA Workshop, Cancun, May 2014 . Outline. Introduction General information and CHAIN-REDS vision Federated Identities and Services Major achievements The role of NRENs
E N D
Federated Identities and Services: the CHAIN-REDS vision Federico Ruggieri, GARR/INFN Joint CHAIN-REDS/ELCIRA Workshop, Cancun, May 2014
Outline • Introduction • General information and CHAIN-REDS vision • Federated Identities and Services • Major achievements • The role of NRENs • Conclusions
Coordination & Harmonisation of Advanced eINfrastructures for Research & Education Data Sharing Regional e-Infrastructures Genesis II Interoperability and easiness of access are issues
General information • Co-ordination & Harmonisation of Advanced eInfrastructuresfor Research and Education Data Sharing • Research Infrastructures – Support Action • Grant Agreement n. 306819 • Total Costs of € 2.3 M • Max. EC contribution: € 1.52 M • Start date: 1 December 2012 • Duration: 30 Months
Partners and roles • INFN (IT) – Coordinator • CIEMAT (ES) – WP4 Leader • GRNET (GR) – WP3 Leader • CESNET (CZ) – WP5 Leader • UBUNTUNET (MW) – Africa • CLARA (UR) – Latin America • IHEP (CN) – China • ASREN (DE) – Arab States • SIGMA ORIONIS (FR) – WP2 Leader • C-DAC (IN) – India
Project Strategic Vision • Promote and support technological and scientific collaboration across different eInfrastructures established and operated in various continents to facilitate their uptake and use by established and emerging Virtual Research Communities (VRCs) but also by single researchers • Not only disseminate, exchange and reinforce the best practices currently adopted in Europe and other continents, but also promote the progress of interoperability among different regional eInfrastructures • Study and define a path towards a global eInfrastructure ecosystem that will allow VRCs, research groups and even single researchers to access and efficiently use worldwide distributed resources CHAIN-REDS first periodic review, Madrid, January 2014
Collaborations Data and Document Repositories Science Gateways Dissemination Deployment of new IdPs Interperations and Interoperability Policy development
How to check the personal Identity (Authentication) ? • Grid Infrastructures use X509 Digital Certificates • Highly secure system used also for computers and services • Requires a structure of Certification and Registration Authorities that cerify the identity and assign Certificates • Users need to go through a cerification process • Services need to manage and recognise certificates • Why not try to use the identity system of the organisation where the user is affiliated (Identity Providers – IdP) ? • The user already has a Username/Password or another systems he is familiar with. • The organisation can authenticate the user with many different methods: Us/Pw, Certificates, Smart Card, Fingerprint, etc.
Identity Federations in the world 1,000’s Institutions 1,000’s Services >17 millionpeople A lot of work still to be done
Identity Federations (WP5) • BoF organised at TERENA conference • Analysis of the current and alternative AAI mechanisms with a state of the art in the regions addressed by the project – D5.1 • Support for new IdPs
Services • Federations can’t be only made by IdPs • Service Providers (SP) are the other fundamental component • The success of an Identity Federation is not only in the number of IdPs but also in the number of SPs that provide services to the users and make the Federation attractive for new users
eduroam Service • WiFi access across several countries
GÈANT’s eduGAIN goes beyond EU eduGAIN Member Joining eduGAIN Candidate Federation Existing/Pilot Federation Missing Federation
Authentication is not enough • Services require also to profile the users in order to decide what they are allowed to do (Authorisation). • How can we infer the user’s profile from his Authentication ? • We need more info attached to the confirmation of his/her identity. Create User Profile First Login (Registration)
Project’s Recommendations (D5.1) • Eduroam setup • Simple but efficient example of Federated Identity use • Make Eduroam available through all the regions • Identity provisioning • Setup and operate an IdP • Collect experience in setting up IdP (even if shared one) • Identity Management • An often missing piece of IdP setup • EU partners technology used as a starting point • Science Gateway as an IdP service • Certification Authority through IdP • Access to more “standard” services relying on certificates • Simple but useful example of a federated service • Agreement with Comodo for X.509 widely accepted certificates
CHAIN-REDS recommendations and those of the TERENA AAA Study The goal of the report has been broken down into two objectives: • A collection of users’ access requirements coming from different communities • A gap analysis of the existing AAIs used in the realm of research and education, the use-cases they support and the associated challenges
Agreement with Comodo 13 Organisations (11 NRENs); 46 domains validated Long-term agreement like TERENA TCS under discussion
The GrIDP “catch-all” Federation and its “open” and “social” IdPs
New IdPs(LA, Arab Region, sub-Saharan Africa) Many of these were deployed in strong collaboration with other projects like eI4Africa and ELCIRA
New Science Gateways (being) developed and supported by CHAIN-REDS in preparation
The role of NRENs • The NRENs are starting to offer services on top of the connectivity. This is a necessary evolution to address the needs of the users and increase the visibility of the NRENs towards the community. • The Identity Federations can favour the increase of the number of available service and users that can access them without having a different identification. • Several issues need still to be solved and NREN’s can contribute providing requirements, use cases and some software development in an OpenSource environment. • There is thus a Business Case for NRENs to work on in cooperation with EU and other Regions of the world
Conclusions • CHAIN-REDS project has successfully progressed during the first year • It has investigated the advantages and issues related to the Federations of Identity (Deliverable D5.1) • The project is actively collaborating with TERENA and promoting eduroam and eduGAIN • CHAIN-REDS has fostered the creation of new IdPs in the regions addressed by the project • The collaboration with ELCIRA in LA has been particularly significant
Thank you ! www.chain-project.eu proj-office@chain-project.eu