The value of face-to-face workshops was proven again when representatives from research communities worked with AARC project experts on authentication and authorisation infrastructures (AAI) in a project ‘plugfest’. Insights were gained into their use cases and requirements, and an assessment was made of which components need to be deployed.
Following the success of the first AARC plugfest in 2017, SURFnet hosted a second edition of the event in the Netherlands in March. For two full days, the AARC team worked to solve the AAI challenges being faced by research communities and to get ahead with joint pilot work. With eight communities formally participating in the project and wanting to implement federated AAI for their collaborative research work, this is in itself an immense effort.
Putting the AARC blueprint architecture into practice
The plugfest built upon the work of previous face-to-face and online AARC meetings: at those occasions the focus was on understanding the community requirements and best fit of their set-ups in the AARC blueprint architecture (BPA). Understanding their needs and current practices requires quite some reverse engineering, but is of major importance to design and implement an AAI solution that is scalable and that is going to work in their specific routine.
Community use cases
The plugfest included work on cross-infrastructure integration topics, but the main focus was on two community use cases: EPOS and EISCAT 3D.
EPOS is a pan-European collaboration which aims to establish a comprehensive multidisciplinary research platform for the Earth sciences in Europe. The expected number of users will likely grow to a total of 2000. EPOS already has established an AAI prototype with the EGI CheckIn service as an IdP and Unity-IdM as its core. The aim of the AARC pilot is to vastly extend this prototype to meet the full EPOS requirements concerning AAI and get a more mature, production setup. During the plugfest we assessed the feasibility of several approaches and came to a working plan for the next few months. A first implementation of the EPOS AAI is expected to be available this autumn.
EISCAT3D is an international research infrastructure using radar observations and incoherent scatter techniques to study the atmosphere and near-Earth space environment above the Fenno-Scandinavian Arctic. Thousands of users from all over the world should be able to access EISCAT3D resources, but resource providers like to apply several distinct authorisation schemes. During the plug-fest we learned a lot about the current authorisation practices which, today, are still based on country code and IP addresses. By implementing an AAI based on eduGAIN identity providers, an attribute authority and a central proxy, all according to the AARC blueprint architecture, EISCAT3D can upgrade its access management practice. The goal is to get a first version pilot AAI during the second quarter of 2018. During the AARC face 2 face meeting in Athens, in April, some first results were presented.
To be repeated
The results of this plugfest, again, showed the value of a face to face meeting with small groups of stakeholders and engineers. The AARC pilots team gained more insight into the use cases of the different research communities and was able to assess which components need to be deployed to meet the requirements of the research communities.