How LifeWatch used the AARC Blueprint Architecture to find their solution
LifeWatch is a European Infrastructure Consortium (ERIC) providing e-Science research facilities to scientists seeking to increase our knowledge and deepen our understanding of biodiversity and ecosystem functions and services in order to support civil society in addressing key planetary challenges.
During its ESFRI stage, LifeWatch was composed by different national initiatives working on different services and solutions for the research community. During the new ERIC stage, LifeWatch requires a solution to provide access to different services in a common way, as well as organize the different defined groups and roles.
Currently, the different LifeWatch services, Virtual Laboratories and Virtual Research Environment manage their own local users, with some exceptions that allows institutional IDs. The technology behind depends on the services, but they mainly support web-based authentication, with some exceptions using, for example, HPC resources.
This pilot activity aims to identify and enhance an existing AAI solutions to be adopted by LifeWatch ERIC as IdP, integrating already existing institutional or social identities in a federated way.
During the test phase, the pilot will be integrated with the official LifeWatch portal to provide access to restricted areas as well as the Virtual Laboratories and services. The Identity Provider based on Keycloak will be integrated with already running services and Vlabs to prove that the solution fulfil the community needs.
The deployed solution has integrated different Identity Providers to manage users from different roles: Citizen Scientists (Social IDs like Google or Github), Researchers (Institutional IDs from edugain thanks to rediris SIR2 and ORCID) and administrators (Institutional IDs like IFCA SSO).
Thanks to the pilot, LifeWatchthe selected Identity Provider is being integrated with the service catalog. For those services that are not compatible with technologies like OIDC or SAML, different solutions have been identified in the context of the project, which is suitable to be integrated with the system.
The pilot has been implemented and deployed in a testbed aiming at proving that everything will work as expected. The AARC Blueprint Architecture has been used to identify which components are needed to address the pilot needs. The BPA has also been the model to define the pilot architecture, as the following schema shows: