NeIC 2015 AAI workshop

From neicext
Jump to navigation Jump to search


Organizer: David Simonsen (WAYF), Anders Wäänänen (NBI)
Reporting: David Simonsen (WAYF), Anders Wäänänen (NBI)

Links

Speeddating - federations meets Grids

Goal

To provide a basic introduction to computational Grids and identity federations, with the goal of engaging as many people as possible in the discussion of how to make these two 'worlds' interoperate. Experts from both the federated and the Grid worlds will introduce and discuss. Any suggestion is warmly welcomed.

Abstract

The 'Grids' were established more than a decade ago with a specific goal in focus: access management for very expensive compute- and storage pools available only for high-energy physics (HEP). The chosen technology is non-web, namely X.509 certificates. Large investments have been made in secure and highly trust-worthy policy frameworks that work well for this particular group of experts. It has so far not been possible to reach a level of usability where user groups outside the HEP community are also able to access the scientific resources connected to the Grids.

'Federations' are large scale web-based infrastructures that build on entire institutional user management directory services and therefore typically covers all users at any connected institution. The federation policies, which appear to almost always to have national coverage (as opposed to e.g. a international scientific community like HEP) have been written to encompass many institutions and many different use cases, typically for lower-end services like learning management systems, publishers etc. Hence the broader scope and the generally lower requirements for identity proofing than seen in the Grid-community. The technology is predominantly XML-based protocols like SAML.

The task is now to harvest the benefits from both worlds, the Grids and the federations: maintain the high degree of trust in user identity management and access control policies established by the Grids while at the same time provide the wealth of services and breadth of the federated user bases of the federations.

One idea would be to establish services that translate X.509 certificates into SAML-assertions and vice versa. Another may be to re-combine existing infrastructure components like project Moonshot which aims a federating non-web services based on existing services like eduroam and web based federations.

Your suggestion is as good as anyone's and warmly welcomed.

Agenda

TBD

Presentations

TBD