Difference between revisions of "Federated Cloud Federated AAI"
(Created page with "{{Fedcloud_Menu}} {{FedCloud_TF_Menu}} {{TOC_right}} Category:Federated_Cloud = Integrating authentication and authorisation across multiple resource providers = <font ...") |
|||
Line 3: | Line 3: | ||
{{FedCloud_TF_Menu}} {{TOC_right}} | {{FedCloud_TF_Menu}} {{TOC_right}} | ||
= Scope = | |||
Integrating authentication and authorisation across multiple resource providers | |||
= | = Members= | ||
{| | {| class="wikitable" | ||
|- | |- | ||
! Role | ! Role | ||
Line 29: | Line 30: | ||
|} | |} | ||
== | |||
=Roadmap= | |||
=Documentation= | |||
We have already defined that user authentication should be based on X.509 certificates rather than usernames and passwords or other credential material. Nevertheless, depending on the type of federation intended, this may not even be a real requirement. Any service should rely on an identity provider that is in charge of the type of credentials used for authentication. | We have already defined that user authentication should be based on X.509 certificates rather than usernames and passwords or other credential material. Nevertheless, depending on the type of federation intended, this may not even be a real requirement. Any service should rely on an identity provider that is in charge of the type of credentials used for authentication. | ||
Line 39: | Line 42: | ||
There are also various technologies that support translating [[Fedcloud-tf:WorkGroups:Federated AAI:Credential Translation|Federated Identity to an X.509]]. In general, these allow a user to authenticate with some other technology (e.g., SAML), typically within a web portal, which then has an X.509 credential with which it can interact with EGI resources. | There are also various technologies that support translating [[Fedcloud-tf:WorkGroups:Federated AAI:Credential Translation|Federated Identity to an X.509]]. In general, these allow a user to authenticate with some other technology (e.g., SAML), typically within a web portal, which then has an X.509 credential with which it can interact with EGI resources. | ||
== | |||
== Liaisons == | |||
*Dan Kouřil is leader of [[VT Federated Identity Providers Assessment|VT Federated Identity Providers Assessment]] | |||
*[http://contrail-project.eu/ Contrail Project] [http://contrail-project.eu/downloads1/-/document_library_display/bM20/view/136157/2914?_110_INSTANCE_bM20_redirect=http%3A%2F%2Fcontrail-project.eu%2Fdownloads1%2F-%2Fdocument_library_display%2FbM20%2Fview%2F136157%7CD2.1 Requirements on Federation Management, Identity and Policy Management in Federations] | |||
=References = | |||
*[[Federated AAI Roadmap]] | *[[Federated AAI Roadmap]] | ||
Line 49: | Line 58: | ||
*[[Federated AAI Survey of Credential Services]] | *[[Federated AAI Survey of Credential Services]] | ||
== References == | == References == | ||
<references /> | <references /> | ||
[[Category:Federated_Cloud]] |
Revision as of 12:43, 29 April 2015
Overview | For users | For resource providers | Infrastructure status | Site-specific configuration | Architecture |
Scenarios: | • Federated AAI | • Accounting | • VM Image Management | • Brokering | • IntraCloud Networking |
• Monitoring | • VM Management | • Data Management | • Information Discovery | • Security |
Scope
Integrating authentication and authorisation across multiple resource providers
Members
Role | Institution | Name |
---|---|---|
Scenario Leader | DESY | Paul Millar |
Collaborator | FZJ | Bjoern Hagemeier |
Collaborator | CESNET | Dan Kouřil |
Roadmap
Documentation
We have already defined that user authentication should be based on X.509 certificates rather than usernames and passwords or other credential material. Nevertheless, depending on the type of federation intended, this may not even be a real requirement. Any service should rely on an identity provider that is in charge of the type of credentials used for authentication.
For the technical implementations of this scenario, please go to Federated AAI Implementation.
A quick overview of AAI support in technologies and providers, as well as the specific settings for FCTF can be found at Federated AAI Integration Status.
There are also various technologies that support translating Federated Identity to an X.509. In general, these allow a user to authenticate with some other technology (e.g., SAML), typically within a web portal, which then has an X.509 credential with which it can interact with EGI resources.
Liaisons
- Dan Kouřil is leader of VT Federated Identity Providers Assessment
- Contrail Project Requirements on Federation Management, Identity and Policy Management in Federations
References
- Federated AAI Roadmap
- Federated AAI Integration Status
- Federated AAI Configuration
- Federated AAI Implementation (merge with Configuration?)
- Federated AAI Ideas
- Federated AAI Requirements
- Federated AAI Survey of Credential Services