Digital Research Infrastructure for the Arts and Humanities
How DARIAH is deploying the AARC Blueprint Architecture to improve interoperability.
DARIAH is a pan-European infrastructure for arts and humanities scholars working with computational tools. Research in arts and humanities often involves huge data sets that can benefit from digital research methods. Their goal is to provide tools and services to enhance innovation and generate new knowledge.
The AAI challenge
DARIAH connects Arts and Humanities researchers across Europe with the tools and the data they need for their work. DARIAH implemented an Authentication and Authorisation Infrastructure (AAI) to connect all the dots. But this was considering only the DARIAH ecosystem.
The challenge for DARIAH was to make their AAI interoperable with other e-Infrastructure services to allow, for example, a DARIAH researcher to access the Cloud Compute service offered by the EGI Federation without a new set of log in details and with the necessary authorization attributes managed by DARIAH. An additional goal was to improve the AAI experience for both researchers and service operators within DARIAH.
How did the AARC project help?
The DARIAH AAI was isolated and struggled to scale up to the requirements of more and more services available to the community. Version 2 of the DARIAH AAI solved this problem by adopting AAI best practices developed by the AARC project.
The Blueprint Architecture provided a set of software building blocks that allowed DARIAH to connect Identity Providers (IdPs) and Service Providers (SPs) through a centralized proxy.
AARC also provided guidelines for interoperability between multiple infrastructures, in this case the community AAI of DARIAH and the e-Infrastructure of EGI.
DARIAH and AARC collaborated on a pilot project to extend the existing DARIAH AAI to allow communication between DARIAH and other infrastructures, following the Blueprint Architecture (BPA). Specifically, the pilot worked on:
- The implementation of a Service Provider (SP) – Identity Provider (IdP) proxy solution based on Shibboleth. This proxy is compliant to all relevant recommendations and guidelines developed within AARC.
- Enhancing interoperability between the DARIAH AAI and the computing services provided by the EGI Federation.
The BPA central component was implemented in the DARIAH SP-IdP proxy now allows:
- researchers to access DARIAH services using their preferred authentication method (e.g. eduGAIN IdPs or the DARIAH homeless IdP),
- easier integration of services into the DARIAH AAI by adding the proxy, which connects to eduGAIN centrally, makes sure that all necessary attributes are present and aggregates attributes from various sources, including group memberships in DARIAH and enforces policy at a central place.
- a seamless connection with other AAI proxies that follow the same AARC recommendations, which allows trustworthy exchange of attributes between those proxies.
The DARIAH AAI
“We could use a lot of the policy documents that AARC produced to get us started. (…) It was very helpful to adapt this work to the DARIAH community as well.”
David Hübner, DAASI International