The EOSC AAI service offers a number of ready-to-use features for research communities:
- Communities with an existing Community AAI: they can connect to the e-Infrastructure proxy services and gain easy access to generic e-Infra services like hight throughput computing, cloud computing and data management
- Communities that don’t have an existing AAI: can make
use of the EOSC AAI as multi-tenant solution or in case of specific custom requirements, as managed solution.
The use of the multi-tenant EOSC AAI is suitable for:
- Authentication and authorization workflows generated by single researchers, of research collaborations with up to a few hundreds of research group members.
- The research collaboration is fully responsible of managing and controlling community membership and attributes
A managed AAI solution is suitable for: research collaborations which require
- bespoke solutions and custom user interfaces e.g. for IdP discovery, enrollment, and group membership.
- custom AAI proxy behavior (e.g. for attribute aggregation rules, service entitlements)
- bespoke functionality that may require the integration of individual components from different suppliers.
EOSC-hub supports the following products: EGI Check-in and PERUN, EUDAT B2ACCESS, GÉANT eduTEAMS, INDIGO IAM
Find out how the EOSC AAI solution meets the AARC blueprint guidelines.
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Curious about EOSC federated AAI?
1. EOSC-hub receives funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 777536.
eosc-hub.eu
@EOSC_eu
AARC Blueprint Architecture and its evolution – towards the EOSC
AAI for research communities
Dissemination level: Public
3. “Community-first” AARC BPA approach
Researchers sign in using their institutional
(eduGAIN), social or community-managed IdP
via their Research Community AAI
Community-specific services are connected to
a single Community AAI
Generic services (e.g. RCauth.eu Online CA)
can be connected to more than one
Community AAI proxies
e-Infra services are connected to a single e-
infra SP proxy service gateway, e.g. B2ACCESS,
Check-in, Identity Hub, etc
31/01/2019 3
AARC Blueprint Architecture and its evolution
ESFRI RIs and EOSC Workshop
4. Uniform representation of unique user identifiers
Standardised way of expressing group membership, role
information & resource capabilities
Non-web-browser-based access (e.g. SSH/SFTP or HTTP APIs via
OAuth2 tokens and X.509 certs)
Delegation (e.g. via token exchange)
Release of mandatory set of user attributes (incl. unique shared id)
- REFEDS Research & Scholarship entity category
Operational security, incident response, and traceability- REFEDS
Sirtfi
Privacy requirements for processing personal information- GÉANT
Data Protection Code of Conduct
Rules and conditions that govern access to and use of service and
resources - WISE Baseline Acceptable Use Policy (AUP)
Assurance information- REFEDS Assurance Framework, IGTF/AARC
assurance profiles
31/01/2019 4ESFRI RIs and EOSC Workshop
EOSC-hub AAI builds on AARC BPA & Policy
best practices & recommendations
5. Communities with an existing Community AAI can connect to the
EOSC-hub e-Infra Proxies and gain access to generic e-Infra services
Communities that don’t operate their own AAI service can make
use of either dedicated or multi-tenant deployments of AAI services
operated by EOSC-hub
Multi-tenant deployments:
- aimed at medium-to-small research communities/groups or
individual researchers.
- community members, groups and authorisation attributes are
still managed by community managers.
Dedicated deployments:
- customisation of user-facing interfaces: IdP discovery page,
enrolment, group membership UI
- customisation of AAI proxy behaviour (e.g. attribute aggregation
rules, service entitlements)
- possibility of bespoke AAI Solutions, which might include
individual Components from the GÉANT eduTEAMS, EGI Check-
in, INDIGO IAM, EUDAT B2ACCESS, and PERUN
31/01/2019 5ESFRI RIs and EOSC Workshop
How the EOSC-hub AAI services help communities
access resources