Download eduTEAMS-DI4R-v5 - Digital Infrastructures for Research

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
Document related concepts

Service-oriented architecture implementation framework wikipedia , lookup

TV Everywhere wikipedia , lookup

Transcript 
eduTEAMS
platform for collaboration
Niels Van Dijk
eduTEAMS Technical Lead
SURFnet, The Netherlands
DI4R Conference, Krakow, Poland, Sept. 28, 2016
Networks ∙ Services ∙ People
www.geant.org
Introducing eduTEAMS
Service Design
Test &
Deployment
• Market Analysis
• Service Offering
• Pilots
• Production
deployment
In Depth
•
Membership
management
•
Guest
Identities
Goals &
Requirements
Networks ∙ Services ∙ People
www.geant.org
2
Challenges for Collaborative Organisations
• Challenges in Authentication space
• Collaborative organisations work with people outside
scope of R&E communities as well
• Requires Collaborative organisations to peer with other
non R&E Identity providers or maintain an additional
Identity provider
• Challenges in Authorization space
• Services run by Collaborative organisations often need
attribute or group related information in the context of
their collaboration, which are not issued by Identity providers
• Requires Collaborative organisations to manage and
provide additional attributes and groups towards their
services, independently from the Identity provider
Networks ∙ Services ∙ People
www.geant.org
3
GEANT VO Platform as a Service Project
• Goal
• Investigate the conditions that would allow GÉANT to provide
services to support Collaborative organisations
• Focus on delivery of technical services
• Out of scope:
• Technical development
• Policy & LOA development
• Activities
•
•
•
•
•
•
Gather requirements and priorities with/from communities
Look at existing tools and technologies
Look into delivery model
Investigate business case & sustainability
Pilot with communities
Operations and Market
Networks ∙ Services ∙ People
www.geant.org
4
Market Analysis
• The FIM4R paper (April 2012) was one of the first to articulate
collective requirements for using Federated AAI for VOs.
• The VOPaaS has performed a survey among several small and
large Pan-European VOs to (re-)validate the requirements.
Networks ∙ Services ∙ People
www.geant.org
5
Market Analysis Results
http://www.geant.org/Projects/GEANT_Project_GN4-1/deliverables/D9-2_MarketAnalysis-for-Virtual-Organisation-Platform-as-a-Service.pdf
Networks ∙ Services ∙ People
www.geant.org
6
eduTEAMS deployment model
• eduTEAMS:
a suite of services that supports AAI for Virtual Organisations
• Basic Services
•
•
•
•
For Collaborative Organisations with generic AAI requirements
Operated by GÉANT
Multi tenant service
Also for Collaborations that are not legal entities
• Advanced Services
• Aimed to support Collaborative Organisations
with advance AAI requirements
• Operated by GÉANT on behalf of a VO
• Single tenant service
• Somebody – a legal entity - must take responsibility for that data
Networks ∙ Services ∙ People
www.geant.org
7
eduTEAMS Basic Services
• eduTEAMS Membership Management service
•
•
•
•
VO specific workflows for onboarding members
Registry for VO persistent Identifier
Limited set of attributes
Accessible through eduGAIN
• eduTEAMS Identity Hub
• One persistent (SAML) IdP for many ‘Guest’ Identity Providers
• Social (Google, Twitter, Linkedin, Facebook)
• NREN operated & Commercial Guest IdPs (UnitedID.org, eduID.se)
• eGOV (STORK) and BankID
• Provides Account recovery
• Available and accessible through eduGAIN
• Supports Research and Scholarship Entity Category
Networks ∙ Services ∙ People
www.geant.org
8
eduTEAMS Membership Management
• For R&E communities
•
•
•
•
Manage your own onboarding workflows,
Helps to formalize membership management,
Gather additional attributes beyond identity providers
Distribute authorization on membership to the right people
• For Federation Operators
• Many Federation have no support for
Collaborative Organisations in their communities
• eduTEAMS may be offered and supported trough the Federation
• Federations may offer additional services on top of eduTEAMS
to enhance collaboration (inter)nationally for their communities
Networks ∙ Services ∙ People
www.geant.org
9
eduTEAMS Identity Hub
• Leverage External Identity Provider ‘patchwork’
•
•
•
•
•
•
•
•
Let the user choose favorite ID provider
Provides one integration point with many Guest ID solutions
Use from within eduGAIN
Offers persistent identifier for user
Allows account recovery if Guest ID solution ‘goes away’
Present Level of Assurance( LOA) information on IdP
Protects user privacy, as ID provider cannot look
beyond the hub
10
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS Basic Services ecosystem
VOOT AA
SAML AA
eduTEAMS
Membership
Management
Service Provider
COmanage
IdP
AuthN:
ID + attributes
eduTEAMS
Identity Hub
External IdP
Networks ∙ Services ∙ People
www.geant.org
11
eduTEAMS in AARC Reference architecture
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS Membership Management - flow
IdP
Service Provider
COmanage
eduTEAMS
Identity Hub
VOOT AA
SAML AA
eduTEAMS
Membership
Management
Networks ∙ Services ∙ People
www.geant.org
(2)
Get persistent Identifier
& VO specific groups
and attributes
(1)
Authenticate
eduTEAMS Identity Hub
eduTEAMS
Identity Hub
Persistent ID
LOA
Your
Service
Account
Recovery
14
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS Identity Hub demo
15
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS Login using Google & Account linking
16
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS IDHub Account linking
17
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS IDHub Consent
18
Networks ∙ Services ∙ People
www.geant.org
eduTEAMS IDHub – back at the SAML SP
19
Networks ∙ Services ∙ People
www.geant.org
Advanced Services
• Advanced features are provided on a per CO basis:
• (advanced) Attribute Management
• (advanced) Group Management
• Provisioning - For web and non-web resources
also application specific connectors
• Service Proxy and Attribute Aggregation
• Accessible through eduGAIN
Networks ∙ Services ∙ People
www.geant.org
20
What's in it for R&E communities and Federation
Operators
• For R&E communities
• Deploying AAI is complex and subject matter experts are required
• By using eduTEAMS you can outsource your R&E AAI
• So you can focus on research topics,
rather than building AAI solutions
• For Federation Operators
• Support Collaborative Organisations in which
their communities are participating
• Support their communities in using the eduTEAMS offering
• Connect and support services connected to eduTEAMS
• For Infrastructure providers
• Connect and support services connected to eduTEAMS
• Host your services in eduTEAMS Advances Services
Networks ∙ Services ∙ People
www.geant.org
21
Roadmap
Q4 2016
• Run pilots with Basic Services, in collaboration with AARC
• Support application integrations
• Investigate new services, e.g. SAML Discovery, OpenID Connect gateway
2017
• Production service for Basic Services
• Finalize specification for Advanced Services
2018
• Deploy Pilots for Advanced Services
• Possibly: pick up new services as developed within GEANT, AARC or
others
Networks ∙ Services ∙ People
www.geant.org
22
Join eduTEAMS pilot !
Interested to join eduTEAMS pilot or have any queries
Contact us: [email protected]
Networks ∙ Services ∙ People
www.geant.org
23
Related documents
TEN-155: Europe moves into the fast lane II
TEN-155: Europe moves into the fast lane II
21804
21804
Slides: 6th Framework Programme
Slides: 6th Framework Programme
Assignment 5 - Functional Areas of Businesses
Assignment 5 - Functional Areas of Businesses
transparencies
transparencies
TEN-155: Europe moves into the fast lane II
TEN-155: Europe moves into the fast lane II
Internet measurements
Internet measurements
Marketing practices within the organisation: scope and relevance
Marketing practices within the organisation: scope and relevance
Directory and navigator for social dialogue in the Euro
Directory and navigator for social dialogue in the Euro
Communication - Revision World
Communication - Revision World