Communities that are designing and implementing their Authentication and Authorisation Infrastructures (AAI) would often appreciate some guidance. One such community is the Helix Nebula Initiative: “a partnership between industry, space and science to establish a dynamic ecosystem, benefiting from open cloud services for the seamless integration of science into a business environment.”
The latest project being driven by Helix Nebula is HNSciCloud, a pre-commercial procurement project to establish a hybrid cloud platform for European research data. HNSciCloud is launched by ten of Europe’s leading public research organisations*, with co-funding from the European Union’s Horizon 2020 Research and Innovation Programme and is led by CERN. Identifying a unified access mechanism suitable for all procurers is a key element in the design phase of the project.
As part of its mandate, the AARC (Authentication and Authorisation for Research Collaboration) project provides AAI guidance. The AARC project team was invited to join the HNSciCloud Design Phase Kick-off at CNRS in Lyon on the 3rd of November 2016. They provided an overview of the AARC Blueprint Architecture and demonstrated the integration of Federated Identity Management (FIM) and eduGAIN in a production infrastructure containing both web and non-web clients.
Procurers and Cloud Providers prompted discussion about the feasibility of FIM, in particular how to benefit from the existing User Management tools within each community. The event also offered an opportunity to discuss the challenges that commercial services face in joining the local identity federations, and to talk about the need of many international communities for centralised operational support. This feedback from research communities should be included in the activities planned for AARC2.
As an addition to the presentation slides, participants received a leaflet about the benefits of FIM for service providers, with useful information and contacts.
Next steps will be for the Helix Nebula partners to identify the authorisation roles required for each use case and consider the design implications. Selecting a consistent attribute bundle to be used throughout the infrastructure is a further decision to be taken, with the REFEDS Research and Scholarship entity category proposed as an example. We look forward to seeing this work progress in collaboration with AARC2.
Download the leaflet for service providers : “How to reach global customers with Federated Identity Management” (pdf)
* The ten public research organisations that have launched HNSciCloud are:
CERN – the European Organization for Nuclear Research, CH (Lead procurer); CNRS – Centre National de la Recherche Scientifique, FR;
DESY – the Deutsches Elektronen-Synchrotron, DE;
EMBL – the European Molecular Biology Laboratory, DE;
ESRF – the European Synchrotron Radiation Facility, FR;
IFAE – the Institut de Física d’Altes Energies, ES;
INFN – the National Institute of Nuclear Physics, IT;
KIT – the Karlsruhe Institute of Technology, DE;
STFC – the Science and Technology Facilities Council, UK;
SurfSARA, NL, which supports research in the Netherlands by developing and offering advanced and sustainable ICT infrastructure, services and expertise.