2016-bidding/CheckIn
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
EGI Core services menu: | Services PHASE I • | Services PHASE II • | Services PHASE III • | Bids • | Payments • | Travel procedure • | Performance |
Go back to the EGI Core Activities Bidding page.
- Service name: Message brokers
Introduction
The CheckIn service is the AAI Platform for the EGI infrastructure. The CheckIn service provides the following capabilities:
- Integration of IdPs (from eduGAIN and individual institutions) with the EGI services through an IdP/SP proxy
- Credential translation service:
- SAML2/OIDC --> X.509 through the connection with the RC Auth online-ca
- SAML2 <--> OIDC
- Attribute harmonization and policy enforcing
Technical description
The CheckIn service is a critical component of the EGI infrastructure, in many workflows it will be a single point of failure. It is threfore important that it is deployed and operated in a distributed and high available architecture. The bid should include availability and continuity plan(s) for the technical service(s).
The components and the features of CheckIn are the following (developed and integrated in the EGI-Engage project):
- Idp/SP Proxy based on SimpleSAMLphp
- Connectors for IdP supporting: SAML, ODIC, OAuth2, OpenID, X.509
- Connectors for attribute authorities supporting: SAML 2.0 SAMLAttributeQuery, REST, LDAP
- Connectors for SP supporting: SAML, OIDC, OAuth2
- User enrollment service based on CoManage
- Support for user consent for the release of the attributes
- Acceptance of the terms of use of EGI
- Account linking
- Back-end database for the storage of user information and user profiles
- Master portal for the integration with the RC Auth online CA
- Master portal is the access point to online X.509 credentials for all EGI services
Coordination
Operations
Support
Provide support to:
- Identity providers who are integrated in CheckIn, only for issues concerning the CheckIn service
- End users who use CheckIn to authenticate in EGI
- Service providers about the interaction of the services with CheckIn proxy
- Second level support for the RC Auth online-CA
Service level targets
The deployment of the services must ensure:
- Minimum availability/reliability: 99%/99%
- Response to incident records in GGUS within support hours: Medium (see Description page)
Effort
Bids planning a effort between 2 and 3 Person Months/year would allow these services and activities to be addressed appropriately.