This is a website for an H2020 project which concluded in 2019 and established the core elements of EOSC. The project's results now live further in and

The EOSC-hub proposal for the EOSC AAI


Let's meet at: 09:30 - 11:00 | 17 April 2018
Chair: Nicolas Liampotis (GRNET), Pavel Weber (KIT)

You can't miss it if you are a scientist or representative of a scientific community interested in gaining access to EOSC-hub federated services and resources in a secure and user-friendly way. You can’t miss it if you are a service provider interested in integrating your services with the EOSC-hub AAI infrastructure and their promotion to the wide scientific community.


This session will provide an overview of the initial EOSC-hub AAI architecture, its different building blocks and the various integration workflows in support of today’s federated access requirements, with an eye to the integrated EOSC AAI ecosystem.


The European Open Science Cloud (EOSC) aims to enable trusted access to services and the re-use of shared scientific data across disciplinary, social and geographical borders. The EOSC-hub will realise the EOSC infrastructure as an ecosystem of research e-Infrastructures leveraging existing national and European investments in digital research infrastructures. In this context, the EOSC-hub AAI will contribute to the EOSC infrastructure implementation roadmap by enabling seamless access to a system of research data and services provided across nations and disciplines. The EOSC-hub AAI will build on existing AAI solutions from EGI Federation, EUDAT CDI, and INDIGO-DataCloud that have successfully delivered a portfolio of operational services in this field over the last years. The adoption of standards and open technologies, including SAML 2.0, OpenID Connect, and OAuth 2.0, facilitates integration with web-based services. Options to support non-web services, which traditionally relied on X509 certificates, are based around the concept of online authorities with attached credential stores, such as with a tightly-coupled MyProxy server. Such techniques allow science gateways to obtain credentials on behalf of the end-user that can be used to directly authenticate to services. Another user-centric approach considers certificate proxies as opaque tokens that can be obtained from a credential store from the command-line using SSH authentication. The deployed and MasterPortal/WaTTS services from AARC feature both these capabilities and have been shown to work in production environments.