1 / 9

AAI Interconnection with an European style

AAI Interconnection with an European style. Diego R. Lopez RedIRIS. The European way. (Too) many states, languages, national priorities/laws/prides/… Different systems and/or profiles of existing systems In different degrees of maturity and deployment

fnancy
Download Presentation

AAI Interconnection with an European style

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AAI Interconnection with an European style Diego R. Lopez RedIRIS

  2. The European way • (Too) many states, languages, national priorities/laws/prides/… • Different systems and/or profiles of existing systems • In different degrees of maturity and deployment • Look for agreements, even when not fully satisfactory • Several initiatives to fill the gaps • eduroam (already and successfully running!) • GN2-JRA5 (defining the architecture of an AAI) • TF-EMC2 (refining the AA-RR and initiating its schema effort, SCHAC) • TERENA-EUNIS-EUA (a proposal to enable direct data exchange among European universities through the so-called ECTS) • Import whatever is worth from the other side of the Atlantic • Shibboleth as basic standard • And always with a sense of style and history • Your humble speaker and many colleagues

  3. GÉANT2 AAI • It is intended to be one of the basic services of the coming pan-European academic network • Common to all services provided by and based on the network • From network access, bandwidth management, etc. • To application access (including Grids) • Not a substitute of existing infrastructures • Nation- or community-based • A superstructure connecting them • Based on (con-)federating the federations • Allowing different kinds of trust meshes • But able to build new federations where they do not exist • And directly providing AuthN/AuthZ services access through specific interfaces

  4. GÉANT2 AAI components • A local AAI Instance at each federation/domain/realm • Providing the interfaces to the federations or services in it • Common Services • Home Location Service (the WAYF) • Others possible: certificate verification, common diagnostics,… • Only available to the local AAI-I • Connectors • Centralized for a federation (the Local Federation Connector) • Local Connectors for resources allowed to interact directly • Service Access Points • In charge of adapt AAI interfaces to the (isolated) services AA queries/responses • Interfaces and operations • WS and SAML based • As Shibboleth-compatible as possible

  5. An example diagram

  6. Including Shib in the picture

  7. TF-EMC2 and AA-RR • Able to impersonate any of the following components • Attribute sources (AS): Able to accept queries and respond with attribute information • Attribute requesters (AR): Make requests to AS and process them, possibly using AE • Authorization engines (AE): Responds queries from AR applying their internal rules • Driven by profiles • Entity and protocol aspects • Attributes and values • Protocol agnostic • Applications • GÉANT2 AAI Connectors • Diagnostic tool • Interoperability assessment

  8. TF-EMC2 and SCHAC • An extension to eduPerson • Taking into account European idiosyncrasy • Based on a collection of national extensions so far • Finland, France, Norway, Poland, Spain, Sweden, Switzerland • Common requirements have been quickly identified • Personal (unique) identifiers • Other personal attributes (citizenship, languages,…) • Privacy definition and entitlements • Go beyond eduPersonAffiliation • Initial proposal submitted and being discussed • The plan is to present version 1.0 at next TF-EMC2 meeting next June in Poznan

  9. The ECTS-enabling proposal • ECTS is the European Credit Transfer System • To permit European students to complete their curricula at any university within the EU • Also known as the “Bologna process” • One of the main drives of SCHAC • It has made schema harmonization key to IT practitioners in the European universities • Close cooperation between TERENA/TF-EMC2 and EUNIS • A proposal on schema harmonization to be submitted to the EC • Also supported by the EUA (European University Association) and several national associations

More Related