Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "Federated AAI Requirements"

From EGIWiki
Jump to navigation Jump to search
 
(4 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses.<br>  
This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.<br>  


{| border="1" width="200" cellspacing="1" cellpadding="1"
{| width="200" border="1" cellspacing="1" cellpadding="1"
|-
|-
! scope="col" | RP<br>  
! scope="col" | RP<br>  
! scope="col" | Full Name<br>  
! scope="col" | Full Name (displayName)<br>  
! scope="col" | Email<br>  
! scope="col" | Email (mail)<br>  
! scope="col" | Nationality<br>  
! scope="col" | Nationality (?)<br>  
! scope="col" | ePPN  
! scope="col" | ePPN  
! scope="col" | Organization  
! scope="col" | Organization (schacHomeOrganization <br>)
! scope="col" | Other (Please add column before this one)<br>  
! scope="col" | Other (Please add column before this one)<br>  
! scope="col" | Attributes may be derived
! scope="col" | Attributes may be derived
Line 24: Line 24:
|-
|-
| CESGA<br>  
| CESGA<br>  
| align="center" | <br>
| align="center" | x
| align="center" | <br>
| align="center" | x
| align="center" | <br>
| align="center" | x
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" | x
| align="center" | <br>  
| align="center" | <br>  
| align="center" | &nbsp;?
| align="center" | &nbsp;?
Line 95: Line 95:
| align="center" | &nbsp;?
| align="center" | &nbsp;?
|-
|-
| IFCA<br>  
| CSIC (IFCA-LCG2)<br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | <br>  
Line 171: Line 171:
| align="center" | x<br>  
| align="center" | x<br>  
| align="center" | x<br>  
| align="center" | x<br>  
| align="center" | x
| align="center" | x  
| align="center" | (x)
| align="center" | (x)  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | &nbsp;?
| align="center" | &nbsp;?
Line 191: Line 191:
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" |  
| align="center" | <br>
| align="center" | &nbsp;?
|-
| INFN-IGI-CNAF<br>
| align="center" | x<br>
| align="center" | x<br>
| align="center" | <br>
| align="center" | x<br>
| align="center" | x<br>
| align="center" | <br>  
| align="center" | <br>  
| align="center" | &nbsp;?
| align="center" | &nbsp;?
Line 199: Line 208:
| align="center" | <br>  
| align="center" | <br>  
| align="center" |  
| align="center" |  
| align="center" | X<br>
| align="center" | X<br>  
| align="center" | <br>  
| align="center" | <br>  
| align="center" | &nbsp;?
| align="center" | &nbsp;?
Line 222: Line 231:
|}
|}


<br>
In the above table, we have mapped the required pieces of information to attributes from the eduGAIN&nbsp;attribute profile<ref>http://www.geant.net/service/eduGAIN/resources/Documents/GN3-11-012%20eduGAIN_attribute_profile.docx</ref> where applicable. Further attributes from this profile are:
 
*common name (cn)
*eduPersonAffiliation
*eduPersonScopedAffiliation
*SAML2 Persostent NameID (eduPersonTargetedID)
*shacHomeOrganizationType
 
Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN&nbsp;may not do so.
 
== References ==
 
<references />

Latest revision as of 15:13, 22 November 2013

This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.

RP
Full Name (displayName)
Email (mail)
Nationality (?)
ePPN Organization (schacHomeOrganization
)
Other (Please add column before this one)
Attributes may be derived

BSC





 ?
CESGA
x x x x
 ?
CESNET
x
x

x (x)
 ?
CETA-CIEMAT




 ?
Cyfronet




 ?
FZ Jülich
x
x
x

 ?
GRIF




 ?
GRNET




 ?
GWDG




 ?
CSIC (IFCA-LCG2)




 ?
IGI  ?
IPHC




 ?
CC-IN2P3




 ?
Oxford




 ?
SARA




 ?
STFC




 ?
TCD




 ?
KTH
x
x
x
x (x)
 ?
SZTAKI




 ?
INFN-Napoli




 ?
INFN-IGI-CNAF
x
x

x
x

 ?
IISAS
X
X

X

 ?
PLOCAN




 ?
100 Percent IT Ltd




 ?

In the above table, we have mapped the required pieces of information to attributes from the eduGAIN attribute profile[1] where applicable. Further attributes from this profile are:

  • common name (cn)
  • eduPersonAffiliation
  • eduPersonScopedAffiliation
  • SAML2 Persostent NameID (eduPersonTargetedID)
  • shacHomeOrganizationType

Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN may not do so.

References