SlideShare uma empresa Scribd logo

EOSC-hub - EGI Check-in service

Transferir como PPTX, PDF
E
EOSC-hub project

EEOSC-hub - EGI Check-in service

Tecnologia
1 de 16
eosc-hub.eu @EOSC_eu EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536. Nicolas Liampotis (GRNET) Federated authentication and authorization with Check-In
2 Overview Use cases Check-in in EOSC-hub 17/04/2018 Outline
Overview
417/04/2018 In a nutshell Check-in provides a reliable and interoperable AAI solution for the EGI service providers federation, and external service providers. It enables single sign-on to services through eduGAIN identity providers and other institutional or social media credentials • Check-in was developed in EGI-Engage, in close collaboration with the AARC project in order to implement the recommendations of the AARC Blueprint Architecture and Policy Framework • Services connected to Check-in can be made available to +2,500 universities and research institutes with little or no administrative overhead
5 Only one account needed for federated access to multiple heterogeneous (web and non-web) service providers using different technologies (SAML, OpenID Connect, OAuth 2.0, X509) Identity linking enables access to resources using different login credentials (institutional/social) Assurance information associated to each authenticated identity Aggregation and harmonisation of authorisation information (VOs/groups, roles) from multiple sources 17/04/2018 What benefits does Check-in bring?
Use cases
7 Check-in can provide secure and user-friendly federated authentication and authorisation for: User communities with different needs: - operating their own full-fledged AAI solution - operating their own group management service - in need of a ready-to-use group management solution Service Providers - looking to leverage “AAI as a Service” 17/04/2018 Who can use Check-in? For what?
817/04/2018 EGI Infrastructure eduGAINSocial IdPs Community’s AAI connected to Check-in as an IdP Proxy to allow its users to access EGI services & resources Access EGI services without changing your authentication workflow Institutional IdP Service AAI IdP Proxy Service EGI Check-in Examples: ELIXIR Research Infrastructure - Check-in allows ELIXIR users to use their ELIXIR IDs to interact with relevant EGI services (Cloud, Configurations database, Applications on Demand For communities operating their own AAI
917/04/2018 For communities operating their own group management service EGI Infrastructure eduGAIN Social IdPs Community managing authorisation information about the users (VO/group memberships and roles) via their own group management service, which is connected to Check-in as an external attribute authority  Check-in will handle the configuration of the IdPs and the aggregation of the attributes for the SPs  No need to migrate the group management functionality to an EGI- specific attribute authority Institutional IdP ServiceService Virtual Organization EGI Check-in Service Examples: VOMS-managed VOs
1017/04/2018 For communities in need of a ready- to-use group management solution EGI Infrastructure eduGAIN Social IDPs Communities that do not operate their own group management service can leverage the group management capabilities of the Check-in platform  Ready-to-use solution  Avoid overhead of deploying a dedicated group management service  Support for multi-tenancy to allow authorised VO admins to manage the information about their users independently  Easy connect to both EGI and non-EGI services Institutional IdP Service Service EGI CheckIn Service Virtual Organization Supported technologies: CΟmanage Perun Examples: Training and Long Tail of Science communities
1117/04/2018 For service providers: AAI as a service EGI Infrastructure eduGAINSocial IdPs Check-in as an authentication proxy  Enable login from institutional IdPs in eduGAIN and social media  Minimal overhead for the service development  All the other Check-in features are available for the SP: account linking, attribute aggregation, .. • Prerequisites:  Service provider must accept EGI policies on data protection Institutional IdPs Service EGI Check-in
12 Check-in can be offered in 2 deployment models: As a multi-tenant service: - All the standard Check-in authentication options - Community management using COmanage or Perun - Basic customisation of user-facing interfaces (e.g. community-specific themes for enrolment flows, group management) - Basic customisation of AAI proxy behaviour As a dedicated service (individual components or AAI platform as a whole): - Customisation of user-facing interfaces: WAYF, enrolment, group membership UI - Customisation of AAI proxy behaviour (e.g. attribute aggregation rules, service entitlements/capabilities) - Easy integration with the main Check-in instance for accessing EGI tools/services, or other dedicated instances if necessary 17/04/2018 EOSC-hub AAI Check-in
Check-in in EOSC-hub
14 Check-in will be one of the pillars of the AAI services for EOSC-hub Together with EUDAT B2ACCESS, Check-in will allow the use of federated identities to authenticate and authorise users and expand the access to - researchers, - high-education, and - business organisations 17/04/2018 Check-in EOSC-hub
15 Follow the AARC guidelines for the harmonisation of user attributes, the alignment of the assurance profiles, and the uniform representation of group and other authorisation-related information. Enable interoperability with several RIs and thematic services: 17/04/2018 Check-in EOSC-hub CLARIN CMS DARIAH ELIXIR EISCAT EIDA ENES EPOS GEOSS ICOS ITER IFREMER LifeWhatch LNEC LOFAR ICOS WeNMR
eosc-hub.eu @EOSC_eu nliam@grnet.gr

Recomendados

EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub project
 
EOSC Ecosystem, EOSC-hub week, Prague
EOSC Ecosystem, EOSC-hub week, PragueEOSC Ecosystem, EOSC-hub week, Prague
EOSC Ecosystem, EOSC-hub week, Prague
EOSC-hub project
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented Architecture
AmirReza Mohammadi
 
Connector Framework
Connector FrameworkConnector Framework
Connector Framework
EmpowerID
 
CARI2020-Benaissa
CARI2020-BenaissaCARI2020-Benaissa
CARI2020-Benaissa
Mokhtar SELLAMI
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
apidays
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Global Online Trainings
 
Inspire2011 shibb am_fs_paper_v3
Inspire2011 shibb am_fs_paper_v3Inspire2011 shibb am_fs_paper_v3
Inspire2011 shibb am_fs_paper_v3
EDINA, University of Edinburgh
 

Recomendados

EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub AAI: Initial building blocks (EOSC hub week, Malaga, 16 - 20 April 2...
EOSC-hub project
 
EOSC Ecosystem, EOSC-hub week, Prague
EOSC Ecosystem, EOSC-hub week, PragueEOSC Ecosystem, EOSC-hub week, Prague
EOSC Ecosystem, EOSC-hub week, Prague
EOSC-hub project
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented Architecture
AmirReza Mohammadi
 
Connector Framework
Connector FrameworkConnector Framework
Connector Framework
EmpowerID
 
CARI2020-Benaissa
CARI2020-BenaissaCARI2020-Benaissa
CARI2020-Benaissa
Mokhtar SELLAMI
 
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
INTERFACE, by apidays - Connecting APIs to the Blockchain, Mason Burkhalter,...
apidays
 
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOTSailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Sailpoint Training | Best Sailpoint IdentityIQ Online Course -GOT
Global Online Trainings
 
Inspire2011 shibb am_fs_paper_v3
Inspire2011 shibb am_fs_paper_v3Inspire2011 shibb am_fs_paper_v3
Inspire2011 shibb am_fs_paper_v3
EDINA, University of Edinburgh
 
Federation Services
Federation ServicesFederation Services
Federation Services
EmpowerID
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
WSO2
 
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
WSO2
 
Cloud computing 4
Cloud computing 4Cloud computing 4
Cloud computing 4
Damian Blackburn
 
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenIDFoundation
 
Singapore. ACRA's Data Services Journey.
Singapore. ACRA's Data Services Journey.Singapore. ACRA's Data Services Journey.
Singapore. ACRA's Data Services Journey.
Corporate Registers Forum
 
User Manager
User ManagerUser Manager
User Manager
EmpowerID
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 
EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
EOSC-hub project
 
EGI Cloud Services in a Federated Multi-Supply Envirnment
EGI Cloud Services in a Federated Multi-Supply EnvirnmentEGI Cloud Services in a Federated Multi-Supply Envirnment
EGI Cloud Services in a Federated Multi-Supply Envirnment
EGI Federation
 
Curious about EOSC federated AAI?
Curious about EOSC federated AAI?Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
Tiziana Ferrari
 
Curious about EOSC federated AAI?
Curious about EOSC federated AAI? Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
EOSC-hub project
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
JISC.AM
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
Archiver
 
Identity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth MayIdentity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth May
ForgeRock
 
API Pylon Webinar Slides
API Pylon Webinar SlidesAPI Pylon Webinar Slides
API Pylon Webinar Slides
InfoAxon Technologies Limited
 
Shibboleth Access Management Federations as an Organisational Model for SDI
Shibboleth Access Management Federations as an Organisational Model for SDIShibboleth Access Management Federations as an Organisational Model for SDI
Shibboleth Access Management Federations as an Organisational Model for SDI
EDINA, University of Edinburgh
 
Shibboleth Federations and Secure SDI
Shibboleth Federations and Secure SDIShibboleth Federations and Secure SDI
Shibboleth Federations and Secure SDI
EDINA, University of Edinburgh
 
OGC Web Service Shibboleth Interoperability Experiment
OGC Web Service Shibboleth Interoperability ExperimentOGC Web Service Shibboleth Interoperability Experiment
OGC Web Service Shibboleth Interoperability Experiment
EDINA, University of Edinburgh
 
fiware-lab-dev-6.pdf
fiware-lab-dev-6.pdffiware-lab-dev-6.pdf
fiware-lab-dev-6.pdf
ssuser8c74ba
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays
 
Cosmos IoT – Scaleup Frugally - Techwave.pdf
Cosmos IoT – Scaleup Frugally - Techwave.pdfCosmos IoT – Scaleup Frugally - Techwave.pdf
Cosmos IoT – Scaleup Frugally - Techwave.pdf
Anil
 

Mais conteúdo relacionado

Mais procurados

Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
WSO2
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
WSO2
 

Mais procurados (8)

Federation Services
Federation ServicesFederation Services
Federation Services
 
Data Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric ArchitectureData Entitlement in an API-Centric Architecture
Data Entitlement in an API-Centric Architecture
 
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
 
Cloud computing 4
Cloud computing 4Cloud computing 4
Cloud computing 4
 
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018
 
Singapore. ACRA's Data Services Journey.
Singapore. ACRA's Data Services Journey.Singapore. ACRA's Data Services Journey.
Singapore. ACRA's Data Services Journey.
 
User Manager
User ManagerUser Manager
User Manager
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
 

Semelhante a EOSC-hub - EGI Check-in service

Curious about EOSC federated AAI?
Curious about EOSC federated AAI?Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
Tiziana Ferrari
 
Curious about EOSC federated AAI?
Curious about EOSC federated AAI? Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
EOSC-hub project
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
Cloud Standards Customer Council
 

Semelhante a EOSC-hub - EGI Check-in service (20)

EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
EOSC-hub AAI architecture (EOSC hub week, Malaga, 16 - 20 April 2018)
 
EGI Cloud Services in a Federated Multi-Supply Envirnment
EGI Cloud Services in a Federated Multi-Supply EnvirnmentEGI Cloud Services in a Federated Multi-Supply Envirnment
EGI Cloud Services in a Federated Multi-Supply Envirnment
 
Curious about EOSC federated AAI?
Curious about EOSC federated AAI?Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
 
Curious about EOSC federated AAI?
Curious about EOSC federated AAI? Curious about EOSC federated AAI?
Curious about EOSC federated AAI?
 
McShibboleth Presentation
McShibboleth PresentationMcShibboleth Presentation
McShibboleth Presentation
 
20190523 archiver fim
20190523 archiver fim20190523 archiver fim
20190523 archiver fim
 
Identity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth MayIdentity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth May
 
API Pylon Webinar Slides
API Pylon Webinar SlidesAPI Pylon Webinar Slides
API Pylon Webinar Slides
 
Shibboleth Access Management Federations as an Organisational Model for SDI
Shibboleth Access Management Federations as an Organisational Model for SDIShibboleth Access Management Federations as an Organisational Model for SDI
Shibboleth Access Management Federations as an Organisational Model for SDI
 
Shibboleth Federations and Secure SDI
Shibboleth Federations and Secure SDIShibboleth Federations and Secure SDI
Shibboleth Federations and Secure SDI
 
OGC Web Service Shibboleth Interoperability Experiment
OGC Web Service Shibboleth Interoperability ExperimentOGC Web Service Shibboleth Interoperability Experiment
OGC Web Service Shibboleth Interoperability Experiment
 
fiware-lab-dev-6.pdf
fiware-lab-dev-6.pdffiware-lab-dev-6.pdf
fiware-lab-dev-6.pdf
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
 
Cosmos IoT – Scaleup Frugally - Techwave.pdf
Cosmos IoT – Scaleup Frugally - Techwave.pdfCosmos IoT – Scaleup Frugally - Techwave.pdf
Cosmos IoT – Scaleup Frugally - Techwave.pdf
 
ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...
ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...
ATMOSPHERE at HPC2018 – Fogbow: Middleware for the Federation of IaaS Cloud P...
 
Cloud Customer Architecture for API Management
Cloud Customer Architecture for API ManagementCloud Customer Architecture for API Management
Cloud Customer Architecture for API Management
 
EOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentation
 
Shibboleth Access Management Federations and Secure SDI: ESDIN Experience
Shibboleth Access Management Federations and Secure SDI: ESDIN Experience Shibboleth Access Management Federations and Secure SDI: ESDIN Experience
Shibboleth Access Management Federations and Secure SDI: ESDIN Experience
 
Access Control in ESDIN: Shibboleth
Access Control in ESDIN: ShibbolethAccess Control in ESDIN: Shibboleth
Access Control in ESDIN: Shibboleth
 
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
Some Academic Sector/NMCA outcomes from the OGC Web Service Shibboleth Intero...
 

Mais de EOSC-hub project

Mais de EOSC-hub project (20)

EOSC-hub Early Adopter Programme
EOSC-hub Early Adopter ProgrammeEOSC-hub Early Adopter Programme
EOSC-hub Early Adopter Programme
 
2019 05-21 egi and eosc - final
2019 05-21 egi and eosc - final2019 05-21 egi and eosc - final
2019 05-21 egi and eosc - final
 
Introduction to service management and FitSM
Introduction to service management and FitSMIntroduction to service management and FitSM
Introduction to service management and FitSM
 
Service management board (SMB), Service providers’ forum (SPF)
Service management board (SMB), Service providers’ forum (SPF)Service management board (SMB), Service providers’ forum (SPF)
Service management board (SMB), Service providers’ forum (SPF)
 
Joining the EOSC-hub as a Service Provider
Joining the EOSC-hub as a Service ProviderJoining the EOSC-hub as a Service Provider
Joining the EOSC-hub as a Service Provider
 
PID services - understandability and findability of data
PID services - understandability and findability of dataPID services - understandability and findability of data
PID services - understandability and findability of data
 
Software for data management and exploitation
Software for data management and exploitationSoftware for data management and exploitation
Software for data management and exploitation
 
Repositories for long-term preservation - certification
Repositories for long-term preservation - certificationRepositories for long-term preservation - certification
Repositories for long-term preservation - certification
 
EOSC working group on FAIR
EOSC working group on FAIREOSC working group on FAIR
EOSC working group on FAIR
 
Updates on the FAIR Data Maturity Model RDA Working Group & the DG RTD FAIR i...
Updates on the FAIR Data Maturity Model RDA Working Group & the DG RTD FAIR i...Updates on the FAIR Data Maturity Model RDA Working Group & the DG RTD FAIR i...
Updates on the FAIR Data Maturity Model RDA Working Group & the DG RTD FAIR i...
 
Services to support FAIR data - Introduction
Services to support FAIR data - IntroductionServices to support FAIR data - Introduction
Services to support FAIR data - Introduction
 
EOSC-synergy
EOSC-synergyEOSC-synergy
EOSC-synergy
 
ExPaNDS
ExPaNDSExPaNDS
ExPaNDS
 
EOSC-Pillar
EOSC-PillarEOSC-Pillar
EOSC-Pillar
 
NI4OS-Europe
NI4OS-EuropeNI4OS-Europe
NI4OS-Europe
 
Excellerat CoE
Excellerat CoEExcellerat CoE
Excellerat CoE
 
Pathways for EOSC-hub and MaX collaboration
Pathways for EOSC-hub and MaX collaborationPathways for EOSC-hub and MaX collaboration
Pathways for EOSC-hub and MaX collaboration
 
Overview on the HPC CoEs panorama
Overview on the HPC CoEs panoramaOverview on the HPC CoEs panorama
Overview on the HPC CoEs panorama
 
Overview of the Onboarding and validation process and the Rules of Participat...
Overview of the Onboarding and validation process and the Rules of Participat...Overview of the Onboarding and validation process and the Rules of Participat...
Overview of the Onboarding and validation process and the Rules of Participat...
 
ELIXIR Competence Centre in EOSC-hub
ELIXIR Competence Centre in EOSC-hubELIXIR Competence Centre in EOSC-hub
ELIXIR Competence Centre in EOSC-hub
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

EOSC-hub - EGI Check-in service

  • 1. eosc-hub.eu @EOSC_eu EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536. Nicolas Liampotis (GRNET) Federated authentication and authorization with Check-In
  • 2. 2 Overview Use cases Check-in in EOSC-hub 17/04/2018 Outline
  • 4. 417/04/2018 In a nutshell Check-in provides a reliable and interoperable AAI solution for the EGI service providers federation, and external service providers. It enables single sign-on to services through eduGAIN identity providers and other institutional or social media credentials • Check-in was developed in EGI-Engage, in close collaboration with the AARC project in order to implement the recommendations of the AARC Blueprint Architecture and Policy Framework • Services connected to Check-in can be made available to +2,500 universities and research institutes with little or no administrative overhead
  • 5. 5 Only one account needed for federated access to multiple heterogeneous (web and non-web) service providers using different technologies (SAML, OpenID Connect, OAuth 2.0, X509) Identity linking enables access to resources using different login credentials (institutional/social) Assurance information associated to each authenticated identity Aggregation and harmonisation of authorisation information (VOs/groups, roles) from multiple sources 17/04/2018 What benefits does Check-in bring?
  • 7. 7 Check-in can provide secure and user-friendly federated authentication and authorisation for: User communities with different needs: - operating their own full-fledged AAI solution - operating their own group management service - in need of a ready-to-use group management solution Service Providers - looking to leverage “AAI as a Service” 17/04/2018 Who can use Check-in? For what?
  • 8. 817/04/2018 EGI Infrastructure eduGAINSocial IdPs Community’s AAI connected to Check-in as an IdP Proxy to allow its users to access EGI services & resources Access EGI services without changing your authentication workflow Institutional IdP Service AAI IdP Proxy Service EGI Check-in Examples: ELIXIR Research Infrastructure - Check-in allows ELIXIR users to use their ELIXIR IDs to interact with relevant EGI services (Cloud, Configurations database, Applications on Demand For communities operating their own AAI
  • 9. 917/04/2018 For communities operating their own group management service EGI Infrastructure eduGAIN Social IdPs Community managing authorisation information about the users (VO/group memberships and roles) via their own group management service, which is connected to Check-in as an external attribute authority  Check-in will handle the configuration of the IdPs and the aggregation of the attributes for the SPs  No need to migrate the group management functionality to an EGI- specific attribute authority Institutional IdP ServiceService Virtual Organization EGI Check-in Service Examples: VOMS-managed VOs
  • 10. 1017/04/2018 For communities in need of a ready- to-use group management solution EGI Infrastructure eduGAIN Social IDPs Communities that do not operate their own group management service can leverage the group management capabilities of the Check-in platform  Ready-to-use solution  Avoid overhead of deploying a dedicated group management service  Support for multi-tenancy to allow authorised VO admins to manage the information about their users independently  Easy connect to both EGI and non-EGI services Institutional IdP Service Service EGI CheckIn Service Virtual Organization Supported technologies: CΟmanage Perun Examples: Training and Long Tail of Science communities
  • 11. 1117/04/2018 For service providers: AAI as a service EGI Infrastructure eduGAINSocial IdPs Check-in as an authentication proxy  Enable login from institutional IdPs in eduGAIN and social media  Minimal overhead for the service development  All the other Check-in features are available for the SP: account linking, attribute aggregation, .. • Prerequisites:  Service provider must accept EGI policies on data protection Institutional IdPs Service EGI Check-in
  • 12. 12 Check-in can be offered in 2 deployment models: As a multi-tenant service: - All the standard Check-in authentication options - Community management using COmanage or Perun - Basic customisation of user-facing interfaces (e.g. community-specific themes for enrolment flows, group management) - Basic customisation of AAI proxy behaviour As a dedicated service (individual components or AAI platform as a whole): - Customisation of user-facing interfaces: WAYF, enrolment, group membership UI - Customisation of AAI proxy behaviour (e.g. attribute aggregation rules, service entitlements/capabilities) - Easy integration with the main Check-in instance for accessing EGI tools/services, or other dedicated instances if necessary 17/04/2018 EOSC-hub AAI Check-in
  • 14. 14 Check-in will be one of the pillars of the AAI services for EOSC-hub Together with EUDAT B2ACCESS, Check-in will allow the use of federated identities to authenticate and authorise users and expand the access to - researchers, - high-education, and - business organisations 17/04/2018 Check-in EOSC-hub
  • 15. 15 Follow the AARC guidelines for the harmonisation of user attributes, the alignment of the assurance profiles, and the uniform representation of group and other authorisation-related information. Enable interoperability with several RIs and thematic services: 17/04/2018 Check-in EOSC-hub CLARIN CMS DARIAH ELIXIR EISCAT EIDA ENES EPOS GEOSS ICOS ITER IFREMER LifeWhatch LNEC LOFAR ICOS WeNMR