Federated AAI Requirements

From EGIWiki
Jump to: navigation, search

This page tracks resource providers' requirements regarding AAI. RPs may have different requirements for authenticating users. We'll try to track the pieces of information that are required at each site to guide decisions about which solutions and configurations are required for the federation. Optional attributes are marked in parentheses. Please consider if these attributes are required to be known directly at each request for new resources or only through a registering authorisation body, i.e. as a resource provider you are able to get this information through a fully documented procedure not necessarily for each submitted instance request.

RP
Full Name (displayName)
Email (mail)
Nationality (?)
ePPN Organization (schacHomeOrganization
)
Other (Please add column before this one)
Attributes may be derived

BSC





 ?
CESGA
x x x x
 ?
CESNET
x
x

x (x)
 ?
CETA-CIEMAT




 ?
Cyfronet




 ?
FZ Jülich
x
x
x

 ?
GRIF




 ?
GRNET




 ?
GWDG




 ?
CSIC (IFCA-LCG2)




 ?
IGI  ?
IPHC




 ?
CC-IN2P3




 ?
Oxford




 ?
SARA




 ?
STFC




 ?
TCD




 ?
KTH
x
x
x
x (x)
 ?
SZTAKI




 ?
INFN-Napoli




 ?
INFN-IGI-CNAF
x
x

x
x

 ?
IISAS
X
X

X

 ?
PLOCAN




 ?
100 Percent IT Ltd




 ?

In the above table, we have mapped the required pieces of information to attributes from the eduGAIN attribute profile[1] where applicable. Further attributes from this profile are:

  • common name (cn)
  • eduPersonAffiliation
  • eduPersonScopedAffiliation
  • SAML2 Persostent NameID (eduPersonTargetedID)
  • shacHomeOrganizationType

Furthermore, there are persistent identifiers available with SAML2 Persistent Name ID, known as eduPersonTargetedID. The eduPersonTargetedID can preserve privacy, whereas ePPN may not do so.

References