Difference between revisions of "Federated AAI Requirements"
(8 intermediate revisions by 7 users not shown) | |||
Line 1: | Line 1: | ||
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. | This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.<br> | ||
{| | {| width="200" border="1" cellspacing="1" cellpadding="1" | ||
|- | |- | ||
! scope="col" | RP<br> | ! scope="col" | RP<br> | ||
! scope="col" | Full Name<br> | ! scope="col" | Full Name (displayName)<br> | ||
! scope="col" | Email<br> | ! scope="col" | Email (mail)<br> | ||
! scope="col" | Nationality<br> | ! scope="col" | Nationality (?)<br> | ||
! scope="col" | ePPN | ! scope="col" | ePPN | ||
! scope="col" | Organization | ! scope="col" | Organization (schacHomeOrganization <br>) | ||
! scope="col" | Other (Please add column before this one)<br> | ! scope="col" | Other (Please add column before this one)<br> | ||
! scope="col" | Attributes may be derived | ! scope="col" | Attributes may be derived | ||
Line 21: | Line 21: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| CESGA<br> | | CESGA<br> | ||
| align="center" | | | align="center" | x | ||
| align="center" | | | align="center" | x | ||
| align="center" | x | |||
| align="center" | | |||
| align="center" | | | align="center" | | ||
| align="center" | x | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| CESNET<br> | | CESNET<br> | ||
Line 39: | Line 39: | ||
| align="center" | (x) | | align="center" | (x) | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| CETA-CIEMAT<br> | | CETA-CIEMAT<br> | ||
Line 48: | Line 48: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| Cyfronet<br> | | Cyfronet<br> | ||
Line 57: | Line 57: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| FZ Jülich<br> | | FZ Jülich<br> | ||
Line 66: | Line 66: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| GRIF<br> | | GRIF<br> | ||
Line 75: | Line 75: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| GRNET<br> | | GRNET<br> | ||
Line 84: | Line 84: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| GWDG<br> | | GWDG<br> | ||
Line 93: | Line 93: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| IFCA<br> | | CSIC (IFCA-LCG2)<br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | <br> | | align="center" | <br> | ||
Line 102: | Line 102: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| IGI | | IGI | ||
Line 111: | Line 111: | ||
| align="center" | | | align="center" | | ||
| align="center" | | | align="center" | | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| IPHC<br> | | IPHC<br> | ||
Line 120: | Line 120: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| CC-IN2P3<br> | | CC-IN2P3<br> | ||
Line 129: | Line 129: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| Oxford<br> | | Oxford<br> | ||
Line 138: | Line 138: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| SARA<br> | | SARA<br> | ||
Line 147: | Line 147: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| STFC<br> | | STFC<br> | ||
Line 156: | Line 156: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| TCD<br> | | TCD<br> | ||
Line 165: | Line 165: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| KTH<br> | | KTH<br> | ||
| align="center" | x<br> | |||
| align="center" | x<br> | |||
| align="center" | x<br> | |||
| align="center" | x | |||
| align="center" | (x) | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | | | align="center" | ? | ||
|- | |- | ||
| SZTAKI<br> | | SZTAKI<br> | ||
Line 183: | Line 183: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| INFN-Napoli<br> | | INFN-Napoli<br> | ||
Line 192: | Line 192: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| | | INFN-IGI-CNAF<br> | ||
| align="center" | x<br> | |||
| align="center" | x<br> | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | x<br> | |||
| align="center" | x<br> | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | |||
|- | |||
| IISAS<br> | |||
| align="center" | X<br> | |||
| align="center" | X<br> | |||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | | | align="center" | | ||
| align="center" | | | align="center" | X<br> | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| PLOCAN<br> | | PLOCAN<br> | ||
Line 210: | Line 219: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|- | |- | ||
| 100 Percent IT Ltd<br> | | 100 Percent IT Ltd<br> | ||
Line 219: | Line 228: | ||
| align="center" | | | align="center" | | ||
| align="center" | <br> | | align="center" | <br> | ||
| align="center" | ? | | align="center" | ? | ||
|} | |} | ||
< | In the above table, we have mapped the required pieces of information to attributes from the eduGAIN attribute profile<ref>http://www.geant.net/service/eduGAIN/resources/Documents/GN3-11-012%20eduGAIN_attribute_profile.docx</ref> where applicable. Further attributes from this profile are: | ||
*common name (cn) | |||
*eduPersonAffiliation | |||
*eduPersonScopedAffiliation | |||
*SAML2 Persostent NameID (eduPersonTargetedID) | |||
*shacHomeOrganizationType | |||
Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN may not do so. | |||
== References == | |||
<references /> |
Latest revision as of 16:13, 22 November 2013
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.
RP |
Full Name (displayName) |
Email (mail) |
Nationality (?) |
ePPN | Organization (schacHomeOrganization ) |
Other (Please add column before this one) |
Attributes may be derived |
---|---|---|---|---|---|---|---|
BSC |
? | ||||||
CESGA |
x | x | x | x | ? | ||
CESNET |
x |
x |
x | (x) | ? | ||
CETA-CIEMAT |
? | ||||||
Cyfronet |
? | ||||||
FZ Jülich |
x |
x |
x |
? | |||
GRIF |
? | ||||||
GRNET |
? | ||||||
GWDG |
? | ||||||
CSIC (IFCA-LCG2) |
? | ||||||
IGI | ? | ||||||
IPHC |
? | ||||||
CC-IN2P3 |
? | ||||||
Oxford |
? | ||||||
SARA |
? | ||||||
STFC |
? | ||||||
TCD |
? | ||||||
KTH |
x |
x |
x |
x | (x) | ? | |
SZTAKI |
? | ||||||
INFN-Napoli |
? | ||||||
INFN-IGI-CNAF |
x |
x |
x |
x |
? | ||
IISAS |
X |
X |
X |
? | |||
PLOCAN |
? | ||||||
100 Percent IT Ltd |
? |
In the above table, we have mapped the required pieces of information to attributes from the eduGAIN attribute profile[1] where applicable. Further attributes from this profile are:
- common name (cn)
- eduPersonAffiliation
- eduPersonScopedAffiliation
- SAML2 Persostent NameID (eduPersonTargetedID)
- shacHomeOrganizationType
Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN may not do so.