Services for the European Open Science Cloud

The EOSC-hub proposal for the EOSC AAI

PROGRAMME | VENUE PUBLIC DAY | VENUE "ALL HANDS" MEETING | ACCOMMODATION

EOSC-hub AAI
Let's meet at: 09:30 - 11:00 | 17 April 2018
Chair: Nicolas Liampotis (GRNET), Pavel Weber (KIT)

You can't miss it if you are a scientist or representative of a scientific community interested in gaining access to EOSC-hub federated services and resources in a secure and user-friendly way. You can’t miss it if you are a service provider interested in integrating your services with the EOSC-hub AAI infrastructure and their promotion to the wide scientific community.

Objectives:

This session will provide an overview of the initial EOSC-hub AAI architecture, its different building blocks and the various integration workflows in support of today’s federated access requirements, with an eye to the integrated EOSC AAI ecosystem.

Abstract:

The European Open Science Cloud (EOSC) aims to enable trusted access to services and the re-use of shared scientific data across disciplinary, social and geographical borders. The EOSC-hub will realise the EOSC infrastructure as an ecosystem of research e-Infrastructures leveraging existing national and European investments in digital research infrastructures. In this context, the EOSC-hub AAI will contribute to the EOSC infrastructure implementation roadmap by enabling seamless access to a system of research data and services provided across nations and disciplines. The EOSC-hub AAI will build on existing AAI solutions from EGI Federation, EUDAT CDI, and INDIGO-DataCloud that have successfully delivered a portfolio of operational services in this field over the last years. The adoption of standards and open technologies, including SAML 2.0, OpenID Connect, and OAuth 2.0, facilitates integration with web-based services. Options to support non-web services, which traditionally relied on X509 certificates, are based around the concept of online authorities with attached credential stores, such as RCauth.eu with a tightly-coupled MyProxy server. Such techniques allow science gateways to obtain credentials on behalf of the end-user that can be used to directly authenticate to services. Another user-centric approach considers certificate proxies as opaque tokens that can be obtained from a credential store from the command-line using SSH authentication. The deployed RCauth.eu and MasterPortal/WaTTS services from AARC feature both these capabilities and have been shown to work in production environments.