How a consortium of e-infrastructures is using the AARC Blueprint Architecture to respond to the AAI requirements of the CORBEL cluster of biomedical Research Infrastructures
CORBEL is a collective of thirteen research infrastructures (RIs), working together to create a platform for harmonized user access to biological and medical technologies, samples and data services required by cutting-edge biomedical research.
The data and computational tools offered by the individual research infrastructures are indispensable to the scientists that used them. Collectively, through CORBEL, these services will have a larger impact across the entire range of life-science disciplines: from discoveries in the lab to personalized treatments.
The AAI challenge
Key to the success of the CORBEL platform is a sustainable and robust Authentication and Authorisation Infrastructure (AAI). The AAI is crucial to manage the access of hundreds of users from many institutions spread across different countries to the services and data provided by the platform. On top of that, because CORBEL operates with medical and privacy-sensitive data, the AAI will need to support mechanisms to manage permission of access to different groups.
Working with AARC
The main focus of CORBEL is science, not building AAI solutions, so the project opened a call for a AAI Architecture that would answer their requirements.
The EGI Federation, EUDAT and GÉANT, joined forces to propose an AAI solution based on the AARC Blueprint Architecture and on AARC’s Guidelines and Policies. This AAI solution is now being piloted in the context of the AARC project.
The pilot started in December 2017 and is being rolled out in three stages:
During Phase 1 the team bootstrapped the AAI solution by putting components together and defining the user registration process, attributes required by service providers and the authorisation flow. This has ended in January 2018.
The second, ongoing Phase 2 (February – end-May 2018) aims to operate the dedicated AAI components according to the agreed service level and to provide technical integration of identity providers and service providers. This phase improves security and trust and provides security incident response capabilities.
During the final Phase 3, the pilot will be rolled out to production and operation.