RDA Report Working Meeting Session 5 IG Federated Identity Management. Presentations

Transcription

1 RDA Report Working Meeting Session 5 IG Federated Identity Management Notes by F VandenBoom Presentations The AARC project, report by Licia Florio by improving the interoperability of existing AAIs, defining a common policy framework that is accepted and implemented by all einfrastructures and by offering a diversified training package for different communities. Feedback on available deliverables is appreciated. The next meeting more details will be given. Presentation on the following work done: Trainings and outreach. There is lack of training for nonexperts and service providers. Policy work on what is needed. The working Party looked at security incidents on Fin fed infrastructure joint work with the sirtfi WG. A sustainable LoA framework. Looking at identity providers: Why do they need it, why and what do they need? The goal is to come up with framework. At a level which is implementable Architecture design Final version will have all requirements in one document and will lead to second analysis document on available technologies that people are using. Goal is to know what is available and what is missing. Main work now is focus on what to do with guest identities, and attribute authorities. The final outcome will provide a basis for pilot activities More detail of research: outputs of past activities plus AARC surveys amongst research communities, AARC interviews with research communities to translate these into use cases. End of the year goals is to have community supported requirements. Q&A Corporate not directly represented in user communities There is new stuff from various infrastructures and communities such as: Persistent and unique user identifiers User management identity info Integration with egovernment infrastructures Policy harmonization Best practices for terms and conditions. Next steps Continue with interviews

2 Analysis of available AA technologies Consultation with stakeholders Release work of guest identities, AA and TTS The THOR project, FIM and PIDs, by Tom Demeranville it will establish seamless integration between articles, data, and researchers across the research lifecycle. This will create a wealth of open resources and foster a sustainable international einfrastructure. THOR aims to establish interoperability, integrating services, build capacity and achieving sustainability 10 partners 2,5 years project looking at PID landscape to analyze gaps and to see where they can be integrated into existing or new systems. Outreach in the EU and beyond. Current activities: Delivering an output research document analyzing gaps where effort can be focused. ORCID is put into SURF FEDERATION and be available via EDUGAIN. This will allow institutional sign in, verified affiliation and attribute claims, and ORCHID ID as a federated attribute. ORCID attribute : Better for certain use cases Links authors across domains Persistent throughout career Can be solved for more info Current activities HAKA/ORCID ORCID as a complement to existing FIM infrastructure ORCID as a social ID or guest identity provider ORCID as a ID proxy? The future of PID s in FIM: Investigating options and use cases. Q&A Identity curation in ORCID: what about is there something missing to validate certain groups (homeless/dead people)? ORCHID is curated by the individual, who and curates what file is connected to his profile. The authority is the individual there is no other who decides if this linking is correct, authenticated. How does this work if dead? The system is as reliable as a resume or a form. EUDAT's B2ACCESS service and FIM integration by Johannes Reetz EUDAT offers common data services, supporting multiple research communities as well as individuals, through a geographically distributed, resilient network

3 connecting general purpose data centres and communityspecific data repositories. The aim is to deliver general data service for open access and supporting EC policies. Because there are many different communities of users: user credentials must be taken into account: there is no one fits all. Collaborate data infrastructure. There will be an integration of different operational services. Purpose of B2ACCESS Arbitrate authentication to EUDAT services. Use of external services but also own ID when people are not affiliated to an institution and also social ID s AI approach Using UNITY core identity management: user set care and group attribute management, authorization server. EUDAT services. Current state Integration o Identity providers o Integrated EUDAT service providers Groups and attributes o Management B2services o Documentation in October2015 level of assurance o Currently based on Provider used to log in o Social identity is low o Same from academic accounts = higher Finalizing documentation Identity providers o EDUGAIN o community Collaborations o especially integration with B2STAGE Collaboration with AARC, THOR,ORCID OpenStack FIM integration by CERN & Rackspace by Tim Bell OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. Current research: CERN Openlabs research on open design process Iterative design using open blueprints, Source code under apache 2 license. Continuous integration, Keystone authentication options, Password, Active directory, openidconnect, Kerberos In 2015 the project had companies support with public and private providers adoption.

4 Examples of potential use 1) Federation with a cloud provider such as Rackspace 2) o HORIZON2020 INDIGO dataclouds o CERN defines cloud project o WEB SSO o API/CLI Experiences Classic policy problems: What if user not signed up? Watch out for nonfederated services o who owns resources at the site? Traceability for ephemeral accounts Summary: Significant commercial interest and investment Easy to miss nonfederated services when deploying uses. Video s available online DARIAH by Peter Gietz The Digital Research Infrastructure for the Arts and Humanities, aims to enhance and support digitallyenabled research and teaching across the humanities and arts The mission is to develop infrastructure support, such as text grid Current figures 3000 DARIAH users and 180 federated users. Seems easier to create a DARIAH account instead of home IT department. 239 different user groups. Fully support of coco conduct Integrated in DFNAAI Strong will on sustainability infrastructure Integrating 0Auth2 for non web Tokens ORCID ID Cooperation s New DARIAH EU working group FIM4D and FIM4R Next meeting nov 30 th Pilot in GEANT 3 plus Anticipating in AARC FIM, CLARIN by Menzo Windhouwer CLARIN is the Common Language Resources and Technology Infrastructure, which aims to provide easy and sustainable access for scholars in the humanities and

5 social sciences to digital language data (in written, spoken, video or multimodal form), and advanced tools to discover, explore, exploit, annotate, analyse or combine them, wherever they are located. Language resources pilot progress A legal proxy where ERIC joins national identity federations Problem with OAuth2 bridge Solution: authorization service SAML bridge implementation in trial use cases looking at Authorization server Oauth client Oauth2 resource server Interaction between registries, tools and archives, tools and private workspaces. Future plan: ready for production, add more service providers and federations. Project Presentation from within the group Federated management photon and neutron in Europe Signed MLU between facilities participating umbrella platform Users are increasing Connected to EDUGAIN MOONSHOT part of GEANT one of the pilots and in AARC project FIM for research group Continues but within RDA just sharing info but during the FIM4R workshop in Vienna will go more into depth DISCUSSION Continue FIM interest group sessions? The initial motivation was to have interaction with people from outside Europe (3 in the room). Good for exposure and attracts interest from other groups FIM4 research open for global collaboration : RDA important research data activity for similar interoperable technologies then this group has reason of its own in this field Is there an interest in a working group that has any output on identity management? Intention umbrella FIM related activities, with THOR it could become more specific: Federated Entity Management: need for different systems that are interoperable. Note on the RDA Fabric group: a response that AI not existing on any level, but there are solutions that are growing. However far from general accepted federated authorization management.

6 Comments on the purpose of RDA It is about similar sharing of data, federated management is a first step. Authorization is very important, location not as important. More important is what you get out of coming here to RDA. You learn what are people doing and using. We are far way from single blueprint but at least you get info about what is happening. Seems that infrastructure includes corporate world but what about pharmaceutical? Interest in having access to open data and open services, may want to provide data themselves. In order to do that federated data management is needed. Commercial partners have been invited to give presentations but never regarded commercial solutions for adoption. Should we take special measures to accommodate commercial solution? Bring services on infrastructure both non and commercial world Many institutions have problems with integration. Proposal for an umbrella working group, Enough material such as ORCID as structure and others to make declaration on principles. Scope is federated entity registries, organizations and identities. With the Interest Group provide clarifications on other project outcomes such as the Data Fabricgroup document Overlap with other group coming from PID interest group? Where do they overlap? How do information items get from one source to another or other protocols and mechanisms? Has this scope be claimed? Same subject but two different approaches which one is the better one? Overview of possibilities working together and coming up with recommendations, not on software implementations.