Architecture

This work package is led by GRNET (Christos Kanellopoulos).

Objectives

  • Analyse how much has been developed to leverage federated access with other authentication systems used in the R&E communities, in the eGov space and in the commercial sector;
  • Research a possible solution to link identities in the contest of higher levels of assurance, attribute providers and guest identities;
  • Assess existing technologies to provide SSO for non-Web applications (cloud, storage and so on) and offer recommendations for their usage;
  • Develop a risk-based model for existing AAI solutions;
  • Propose models for supporting guest identities (NRENs’ in-house solutions vs commercially-offered solutions should be explored);
  • Define a blueprint architecture to enable web and non-web SSO capabilities across different infrastructures, integrating attribute providers/group management tools operated by user-communities;
  • Provide models for federated authorisation: how to integrate attributes and permissions from diverse communities, making them available at the federation level in a consistent and secure way.

Outcomes

AARC Blueprint Architecture

The AARC Blueprint Architecture (BPA) provides set of interoperable architectural building blocks for software architects and technical decision makers, who are designing and implementing access management solutions for international research collaborations. More information about the AARC BPA, along with guidelines and best practices documents, can be found in  AARC Blueprint Architecture page.

Deliverables and milestones