Difference between revisions of "VT Federated Identity Providers Assessment"

From EGIWiki
Jump to: navigation, search
 
(36 intermediate revisions by 9 users not shown)
Line 1: Line 1:
 +
{{EGI_Activity_groups_menubar}}
 +
{{Menubar_VT}}
 +
{{TOC_right}} 
 +
[[Category:Virtual_Teams]]
 +
 
{{VirtualTeamProject |  
 
{{VirtualTeamProject |  
VTP_Leader = Daniel Kouril (CESNET) |
+
VTP_Leader = Daniel Kouril (CESNET), Gergely Sipos (EGI.eu) |
 
VTP_ML = vt-egi-federated-identity@mailman.egi.eu |
 
VTP_ML = vt-egi-federated-identity@mailman.egi.eu |
VTP_Status = Active |
+
VTP_Status = FINISHED|
 
VTP_StartDate = 10/Nov/2011 |
 
VTP_StartDate = 10/Nov/2011 |
VTP_EndDate = When its goal is achiveved, but not later than 30/Apr/2012  |  
+
VTP_EndDate = 12/Jul/2012  |  
 
VTP_Motivation =   
 
VTP_Motivation =   
 
Federated identity services could significantly simplify access to the infrastructure. Introducing federated identity mechanisms in EGI is a requirement from many communities.  
 
Federated identity services could significantly simplify access to the infrastructure. Introducing federated identity mechanisms in EGI is a requirement from many communities.  
 
This VT project would take a step towards this direction, by assessing the readiness of the NGIs in adopting some type of federated identity provision mechanism for accessing services (e.g. Terena Certificate Services). Several NGIs have done developments towards this direction.  
 
This VT project would take a step towards this direction, by assessing the readiness of the NGIs in adopting some type of federated identity provision mechanism for accessing services (e.g. Terena Certificate Services). Several NGIs have done developments towards this direction.  
 +
|
 +
VTP_Meetings =
 +
[[12/12/2011 - Kick-off meeting]]
 
|
 
|
 
VTP_Output =  
 
VTP_Output =  
The expected output of this project '''is a report''' on the current coverage of NGIs with federated identity provision services and recommendation on mechanisms to increase the federated identity providers coverage within EGI. The report can be used by both NGIs and EGI.eu outside of this VT to increase the coverage or to initiate other types of related actions.  
+
The output of this project is ''[https://documents.egi.eu/document/1178 a report]'' about the coverage of participating NGIs with federated identity provision services and about recommendation on mechanisms to increase the federated identity providers coverage within EGI.
 +
The report covers the broader context: It provides an overview of the various approaches that are currently used within the European Grid Infrastructure to authenticate users. X509 certificates, Terena certificates, limited certificates, robot certificates and identity federation based login mechanisms are introduced and reviewed. The report also provides an analysis of these solutions based on the main criteria that EGI has for an authentication infrastructure before considering it for wider adoption. An action plan that could lead the EGI community to a wide and harmonised adoption of federated identity solutions within the infrastructure is covered by the last part of the report. The report can be used by both NGIs and EGI.eu outside of this VT to increase the coverage or to initiate other types of related actions.  
 +
 
 +
'''Report: Authentication solutions in the European Grid Infrastructure - [https://documents.egi.eu/document/1178 https://documents.egi.eu/document/1178]'''
 
|  
 
|  
 
VTP_Tasks =   
 
VTP_Tasks =   
* Assess the coverage of Terena Certificate Providers in NGIs
+
=== Task 1: Assess the coverage of Terena Certificate Providers in NGIs ===
** Check whether the key institutes form the NGIs are on TERENA's IDP list.
+
* Check whether the key institutes form the NGIs are connected to the TCS
** Check whether the NGIs have process to add institutes on the list of IDPs, how complicated that process is.
+
* Check whether the NGIs have process to add institutes to TCS and what the process look like
* Collect info about other types of federated identity services that NGIs already use
+
* Collect info about other types of services similar to TCS that NGIs already use
 +
 
 +
==== Actions ====
 +
* Fill in the [[Task 1: Questionnaire about TCS|questionnaire]] (all participating NGIs)
 +
* Completed questionnaires:
 +
** [[Task 1:Ireland|Ireland]], [[Task 1:Czech Republic|Czech Republic]], [[Task 1:France|France]], [[Task 1:Switzerland|Switzerland]], [[Task 1:Italy|Italy]], ''[[Task 1:template|template]]''
 +
 
 +
=== Task 2: Analyse survey responses, document findings ===
 +
 
 
|
 
|
 
VTP_Team =
 
VTP_Team =
* NGIs - confirmed:  
+
* NGIs:  
 
** Czech Republic: Daniel Kouril (Leader), Michal Prochazka
 
** Czech Republic: Daniel Kouril (Leader), Michal Prochazka
 
** France: Genevieve Romier  
 
** France: Genevieve Romier  
 
** Greece: Kostas Koumantaros, Christos Kanelopoulos
 
** Greece: Kostas Koumantaros, Christos Kanelopoulos
 
** Ireland: David O'Callaghan
 
** Ireland: David O'Callaghan
** Italy: Marco Bencivenni, Enrico Fattibene, Daniele Cesini
+
** Italy: Marco Bencivenni, Enrico Fattibene, Daniele Cesini, Roberto Barbera, Marco Fargetta
 
** Germany: Torsten Antoni
 
** Germany: Torsten Antoni
 
+
** Switzerland: Simon Leinen
* NGIs - unconfirmed:
+
** Taiwan: Eric Yen, Vicky Huang
** Switzerland: Sergio Maffioletti 
 
 
* EGI.eu:  
 
* EGI.eu:  
 
** Gergely Sipos
 
** Gergely Sipos
Line 37: Line 55:
 
* Mechanism to release a x509 certificate in a user-transparent way from an online CA: http://wiki.italiangrid.it/twiki/pub/UserSupport/NGIITGeneralPurposePortal/Whitepaper-portal-CAonline-interaction.pdf  
 
* Mechanism to release a x509 certificate in a user-transparent way from an online CA: http://wiki.italiangrid.it/twiki/pub/UserSupport/NGIITGeneralPurposePortal/Whitepaper-portal-CAonline-interaction.pdf  
 
* Edugate: Federation of Irish Higher Education Institutions and Research Organisations: http://www.edugate.ie/
 
* Edugate: Federation of Irish Higher Education Institutions and Research Organisations: http://www.edugate.ie/
 
+
* EduGAIN: "Federation of the federations": http://www.geant.net/service/edugain/pages/home.aspx
}}
+
* Moonshot: Passing identity federations into the non-web world: http://www.project-moonshot.org/
 +
|
 +
VTP_Progress =
 +
* Task 1 (DONE): Assess the coverage of Terena Certificate Providers in NGIs
 +
* Task 2 (DONE): Analyse survey responses, document findings
 +
}}

Latest revision as of 10:13, 20 June 2015

EGI Activity groups Special Interest groups Policy groups Virtual teams Distributed Competence Centres


EGI Virtual teams: Main Active Projects Closed Projects Guidelines

General Project Information

  • Leader: Daniel Kouril (CESNET), Gergely Sipos (EGI.eu)
  • Mailing List: vt-egi-federated-identity@mailman.egi.eu
  • Status: FINISHED
  • Start Date: 10/Nov/2011
  • End Date: 12/Jul/2012
  • Meetings: 12/12/2011 - Kick-off meeting

Motivation

Federated identity services could significantly simplify access to the infrastructure. Introducing federated identity mechanisms in EGI is a requirement from many communities. This VT project would take a step towards this direction, by assessing the readiness of the NGIs in adopting some type of federated identity provision mechanism for accessing services (e.g. Terena Certificate Services). Several NGIs have done developments towards this direction.

Output

The output of this project is a report about the coverage of participating NGIs with federated identity provision services and about recommendation on mechanisms to increase the federated identity providers coverage within EGI. The report covers the broader context: It provides an overview of the various approaches that are currently used within the European Grid Infrastructure to authenticate users. X509 certificates, Terena certificates, limited certificates, robot certificates and identity federation based login mechanisms are introduced and reviewed. The report also provides an analysis of these solutions based on the main criteria that EGI has for an authentication infrastructure before considering it for wider adoption. An action plan that could lead the EGI community to a wide and harmonised adoption of federated identity solutions within the infrastructure is covered by the last part of the report. The report can be used by both NGIs and EGI.eu outside of this VT to increase the coverage or to initiate other types of related actions.

Report: Authentication solutions in the European Grid Infrastructure - https://documents.egi.eu/document/1178

Tasks

Task 1: Assess the coverage of Terena Certificate Providers in NGIs

  • Check whether the key institutes form the NGIs are connected to the TCS
  • Check whether the NGIs have process to add institutes to TCS and what the process look like
  • Collect info about other types of services similar to TCS that NGIs already use

Actions

Task 2: Analyse survey responses, document findings

Members

  • NGIs:
    • Czech Republic: Daniel Kouril (Leader), Michal Prochazka
    • France: Genevieve Romier
    • Greece: Kostas Koumantaros, Christos Kanelopoulos
    • Ireland: David O'Callaghan
    • Italy: Marco Bencivenni, Enrico Fattibene, Daniele Cesini, Roberto Barbera, Marco Fargetta
    • Germany: Torsten Antoni
    • Switzerland: Simon Leinen
    • Taiwan: Eric Yen, Vicky Huang
  • EGI.eu:
    • Gergely Sipos

Resources

Progress

  • Task 1 (DONE): Assess the coverage of Terena Certificate Providers in NGIs
  • Task 2 (DONE): Analyse survey responses, document findings