How EISCAT_3D used the AARC Blueprint Architecture to replace an outdated AAI.
EISCAT_3D will be the world’s leading facility for research of the upper atmosphere and the near Earth space or the geospace environment. Construction kicked off in September 2017, with the first stage of the radar system expected to become operational in 2021. The EISCAT_3D facility will be distributed across three sites in Scandinavia, each over a 70m circular area, and with 10.000 antennas.
The AAI challenge
Researchers will access the EISCAT_3D computing infrastructure through a user portal or a command-line interface to the virtualised resources. These researchers come from different countries and different institutions and this means that EISCAT_3D needs to manage access through a central Authentication and Authorisation Infrastructure (AAI).
How did the AARC project help?
The EISCAT_3D AAI prototype used an IP-based system to grant access to resources. This created a number of practical problems that made the system difficult to scale up.
EISCAT_3D teamed up with AARC and worked on a pilot project to update their AAI system.
The pilot implemented elements from the Blueprint Architecture to replace the old system with an AAI based on federated authentication (through a Keycloak proxy) and role-based authorisation.
“I think that the AARC BPA is very easy and any new communities could take advantage of it, as it is very simple.”
Ingemar Häggström, EISCAT Scientific Association and EISCAT_3D
Details about the EISCAT_3D pilot (wiki)