Difference between revisions of "2016-bidding/CheckIn"

From EGIWiki
Jump to: navigation, search
Line 1: Line 1:
{{Template:Op menubar}}{{Core_services_menubar}} {{TOC_right}}  
+
{{Template:Op menubar}}{{Core_services_menubar}} {{TOC_right}} '''Go back to the [[EGI Core Activities Bidding#PHASE_II_May_2016-December_2017|EGI Core Activities Bidding page]].'''  
'''Go back to the [[EGI_Core_Activities_Bidding#PHASE_II_May_2016-December_2017|EGI Core Activities Bidding page]].'''  
 
 
 
* Service name: Message brokers
 
  
 +
*Service name: CheckIn
  
 +
<br>
  
 
= Introduction  =
 
= Introduction  =
Line 12: Line 11:
 
*Integration of IdPs (from eduGAIN and individual institutions) with the EGI services through an IdP/SP proxy  
 
*Integration of IdPs (from eduGAIN and individual institutions) with the EGI services through an IdP/SP proxy  
 
*Credential translation service:  
 
*Credential translation service:  
**SAML2 &lt;--&gt; SAML2
+
**SAML2 &lt;--&gt; SAML2  
**SAML2 &lt;--&gt; OIDC
+
**SAML2 &lt;--&gt; OIDC  
 
**SAML2/OIDC --&gt; X.509 through the connection with the RC Auth online-ca  
 
**SAML2/OIDC --&gt; X.509 through the connection with the RC Auth online-ca  
 
*Attribute harmonization and policy enforcing
 
*Attribute harmonization and policy enforcing
  
= Technical description =
+
= Technical description =
  
The CheckIn service is a critical component of the EGI infrastructure, in many workflows it will be a single point of failure. It is threfore important that it is deployed and operated in a distributed and high available architecture. The bid should include availability and continuity plan(s) for the technical service(s).
+
The CheckIn service is a critical component of the EGI infrastructure, in many workflows it will be a single point of failure. It is therefore important that it is deployed and operated in a distributed and high available architecture. The bid should include availability and continuity plan(s) for the technical service(s).  
  
The components and the features of CheckIn are the following (developed and integrated in the EGI-Engage project):
+
The components and the features of CheckIn are the following (developed and integrated in the EGI-Engage project):  
* Idp/SP Proxy based on SimpleSAMLphp
 
** Connectors for IdP supporting: SAML, ODIC, OAuth2, OpenID, X.509
 
** Connectors for attribute authorities supporting: SAML 2.0 SAMLAttributeQuery, REST, LDAP
 
** Connectors for SP supporting: SAML, OIDC, OAuth2
 
* User enrollment service based on CoManage
 
** Support for user consent for the release of the attributes
 
** Acceptance of the terms of use of EGI
 
** Account linking
 
* Back-end database for the storage of user information and user profiles
 
* Master portal for the integration with the RC Auth online CA
 
** Master portal is the access point to online X.509 credentials for all EGI services
 
  
== Coordination==
+
*Idp/SP Proxy based on SimpleSAMLphp
The following activities of coordination are necessary for the provisioning of the activity:
+
**Connectors for IdP supporting: SAML, ODIC, OAuth2, OpenID, X.509
* With the IdP/SP for the integration in CheckIn
+
**Connectors for attribute authorities supporting: SAML 2.0 SAMLAttributeQuery, REST, LDAP
* With the EGI Operations for the policy and operational requirements
+
**Connectors for SP supporting: SAML, OIDC, OAuth2
* With the Research Infrastructure, VREs and other e-infrastructure where harmonization activities are required
+
*User enrollment service based on CoManage
 +
**Support for user consent for the release of the attributes
 +
**Acceptance of the terms of use of EGI  
 +
**Account linking
 +
*Back-end database for the storage of user information and user profiles
 +
** Database cluster supporting streaming replication and Point-in-Time Recovery (PITR) for a  period of six months (minimum)
 +
*Master portal for the integration with the RC Auth online CA
 +
**Master portal is the access point to online X.509 credentials for all EGI services
  
== Operations ==
+
== Coordination ==
* Operations in high-availability of all the components described at the beginning of this section
 
* Minimum monthly availability must be: 99%
 
* Support request for changes through the GGUS support unit
 
  
== Support ==
+
The following activities of coordination are necessary for the provisioning of the activity:
  
Provide support to:
+
*With the IdP/SP for the integration in CheckIn
* Identity providers who are integrated in CheckIn, only for issues concerning the CheckIn service
+
*With the EGI Operations for the policy and operational requirements
* End users who use CheckIn to authenticate in EGI
+
*With the Research Infrastructure, VREs and other e-infrastructure where harmonization activities are required
* Service providers about the interaction of the services with CheckIn proxy
+
 
* Second level support for the RC Auth online-CA
+
== Operations  ==
 +
 
 +
*Operations in high-availability of all the components described at the beginning of this section
 +
*Minimum monthly availability must be: 99%
 +
*Support request for changes through the GGUS support unit
 +
 
 +
== Support  ==
 +
 
 +
Provide support to:  
 +
 
 +
*Identity providers who are integrated in CheckIn, only for issues concerning the CheckIn service  
 +
*End users who use CheckIn to authenticate in EGI  
 +
*Service providers about the interaction of the services with CheckIn proxy
 +
 
 +
= Service level targets  =
 +
 
 +
The deployment of the services must ensure:
  
= Service level targets =
 
The deployment of the services must ensure:
 
 
*Minimum availability/reliability: 99%/99%  
 
*Minimum availability/reliability: 99%/99%  
*Response to incident records in GGUS within support hours: Medium (see [https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service Description page])  
+
*Response to incident records in GGUS within support hours: Medium (see [https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service Description page])
 +
 
 +
= Effort  =
  
= Effort =
 
 
TBD
 
TBD

Revision as of 14:19, 17 October 2016

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


EGI Core services menu: Services PHASE I Services PHASE II Services PHASE III Bids Payments Travel procedure Performance


Go back to the EGI Core Activities Bidding page. 
  • Service name: CheckIn


Introduction

The CheckIn service is the AAI Platform for the EGI infrastructure. The CheckIn service provides the following capabilities:

  • Integration of IdPs (from eduGAIN and individual institutions) with the EGI services through an IdP/SP proxy
  • Credential translation service:
    • SAML2 <--> SAML2
    • SAML2 <--> OIDC
    • SAML2/OIDC --> X.509 through the connection with the RC Auth online-ca
  • Attribute harmonization and policy enforcing

Technical description

The CheckIn service is a critical component of the EGI infrastructure, in many workflows it will be a single point of failure. It is therefore important that it is deployed and operated in a distributed and high available architecture. The bid should include availability and continuity plan(s) for the technical service(s).

The components and the features of CheckIn are the following (developed and integrated in the EGI-Engage project):

  • Idp/SP Proxy based on SimpleSAMLphp
    • Connectors for IdP supporting: SAML, ODIC, OAuth2, OpenID, X.509
    • Connectors for attribute authorities supporting: SAML 2.0 SAMLAttributeQuery, REST, LDAP
    • Connectors for SP supporting: SAML, OIDC, OAuth2
  • User enrollment service based on CoManage
    • Support for user consent for the release of the attributes
    • Acceptance of the terms of use of EGI
    • Account linking
  • Back-end database for the storage of user information and user profiles
    • Database cluster supporting streaming replication and Point-in-Time Recovery (PITR) for a period of six months (minimum)
  • Master portal for the integration with the RC Auth online CA
    • Master portal is the access point to online X.509 credentials for all EGI services

Coordination

The following activities of coordination are necessary for the provisioning of the activity:

  • With the IdP/SP for the integration in CheckIn
  • With the EGI Operations for the policy and operational requirements
  • With the Research Infrastructure, VREs and other e-infrastructure where harmonization activities are required

Operations

  • Operations in high-availability of all the components described at the beginning of this section
  • Minimum monthly availability must be: 99%
  • Support request for changes through the GGUS support unit

Support

Provide support to:

  • Identity providers who are integrated in CheckIn, only for issues concerning the CheckIn service
  • End users who use CheckIn to authenticate in EGI
  • Service providers about the interaction of the services with CheckIn proxy

Service level targets

The deployment of the services must ensure:

  • Minimum availability/reliability: 99%/99%
  • Response to incident records in GGUS within support hours: Medium (see Description page)

Effort

TBD