Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Federated AAI Requirements"

From EGIWiki
Jump to navigation Jump to search
 
(8 intermediate revisions by 7 users not shown)
Line 1: Line 1:
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation.  
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.<br>


{| border="1" width="200" cellspacing="1" cellpadding="1"
{| width="200" border="1" cellspacing="1" cellpadding="1"
|-
|-
! scope="col" | RP<br>  
! scope="col" | RP<br>  
! scope="col" | Full Name<br>  
! scope="col" | Full Name (displayName)<br>  
! scope="col" | Email<br>  
! scope="col" | Email (mail)<br>  
! scope="col" | Nationality<br>  
! scope="col" | Nationality (?)<br>  
! scope="col" | ePPN  
! scope="col" | ePPN  
! scope="col" | Organization  
! scope="col" | Organization (schacHomeOrganization <br>)
! scope="col" | Other (Please add column before this one)<br>  
! scope="col" | Other (Please add column before this one)<br>  
! scope="col" | Attributes may be derived
! scope="col" | Attributes may be derived
Line 21: Line 21:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| CESGA<br>  
| CESGA<br>  
| align="center" | <br>
| align="center" | x
| align="center" | <br>
| align="center" | x
| align="center" | <br>
| align="center" | x
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" | x
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| CESNET<br>  
| CESNET<br>  
Line 39: Line 39:
| align="center" | (x)  
| align="center" | (x)  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| CETA-CIEMAT<br>  
| CETA-CIEMAT<br>  
Line 48: Line 48:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| Cyfronet<br>  
| Cyfronet<br>  
Line 57: Line 57:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| FZ Jülich<br>  
| FZ Jülich<br>  
Line 66: Line 66:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| GRIF<br>  
| GRIF<br>  
Line 75: Line 75:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| GRNET<br>  
| GRNET<br>  
Line 84: Line 84:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| GWDG<br>  
| GWDG<br>  
Line 93: Line 93:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| IFCA<br>  
| CSIC (IFCA-LCG2)<br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | <br>  
Line 102: Line 102:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| IGI  
| IGI  
Line 111: Line 111:
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| IPHC<br>  
| IPHC<br>  
Line 120: Line 120:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| CC-IN2P3<br>  
| CC-IN2P3<br>  
Line 129: Line 129:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| Oxford<br>  
| Oxford<br>  
Line 138: Line 138:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| SARA<br>  
| SARA<br>  
Line 147: Line 147:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| STFC<br>  
| STFC<br>  
Line 156: Line 156:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| TCD<br>  
| TCD<br>  
Line 165: Line 165:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| KTH<br>  
| KTH<br>  
| align="center" | x<br>
| align="center" | x<br>
| align="center" | x<br>
| align="center" | x
| align="center" | (x)
| align="center" | <br>  
| align="center" | <br>  
| align="center" | <br>
| align="center" | &nbsp;?
| align="center" | <br>
| align="center" |
| align="center" |
| align="center" | <br>
| align="center" | ?
|-
|-
| SZTAKI<br>  
| SZTAKI<br>  
Line 183: Line 183:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| INFN-Napoli<br>  
| INFN-Napoli<br>  
Line 192: Line 192:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| IISAS<br>  
| INFN-IGI-CNAF<br>
| align="center" | x<br>
| align="center" | x<br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | x<br>
| align="center" | x<br>
| align="center" | <br>  
| align="center" | <br>  
| align="center" | &nbsp;?
|-
| IISAS<br>
| align="center" | X<br>
| align="center" | X<br>
| align="center" | <br>  
| align="center" | <br>  
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" | X<br>
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| PLOCAN<br>  
| PLOCAN<br>  
Line 210: Line 219:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|-
|-
| 100 Percent IT Ltd<br>  
| 100 Percent IT Ltd<br>  
Line 219: Line 228:
| align="center" |  
| align="center" |  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | ?
| align="center" | &nbsp;?
|}
|}


<br>
In the above table, we have mapped the required pieces of information to attributes from the eduGAIN&nbsp;attribute profile<ref>http://www.geant.net/service/eduGAIN/resources/Documents/GN3-11-012%20eduGAIN_attribute_profile.docx</ref> where applicable. Further attributes from this profile are:
 
*common name (cn)
*eduPersonAffiliation
*eduPersonScopedAffiliation
*SAML2 Persostent NameID (eduPersonTargetedID)
*shacHomeOrganizationType
 
Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN&nbsp;may not do so.
 
== References ==
 
<references />

Latest revision as of 16:13, 22 November 2013

This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.

RP
 Full Name (displayName)
 Email (mail)
 Nationality (?)
 ePPN Organization (schacHomeOrganization
) 		Other (Please add column before this one)
 Attributes may be derived

BSC



 ?
CESGA
 x x x x
 ?
CESNET
 x
 x
x (x)
 ?
CETA-CIEMAT



 ?
Cyfronet



 ?
FZ Jülich
 x
 x
 x
 ?
GRIF



 ?
GRNET



 ?
GWDG



 ?
CSIC (IFCA-LCG2)



 ?
IGI  ?
IPHC



 ?
CC-IN2P3



 ?
Oxford



 ?
SARA



 ?
STFC



 ?
TCD



 ?
KTH
 x
 x
 x
 x (x)
 ?
SZTAKI



 ?
INFN-Napoli



 ?
INFN-IGI-CNAF
 x
 x
x
 x
 ?
IISAS
 X
 X
X
 ?
PLOCAN



 ?
100 Percent IT Ltd



 ?

In the above table, we have mapped the required pieces of information to attributes from the eduGAIN attribute profile[1] where applicable. Further attributes from this profile are:

  • common name (cn)
  • eduPersonAffiliation
  • eduPersonScopedAffiliation
  • SAML2 Persostent NameID (eduPersonTargetedID)
  • shacHomeOrganizationType

Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN may not do so.

References

  1. http://www.geant.net/service/eduGAIN/resources/Documents/GN3-11-012%20eduGAIN_attribute_profile.docx
Retrieved from "https://wiki.egi.eu/w/index.php?title=Federated_AAI_Requirements&oldid=62287"