Collaborative Organisation Platform as a Service Mandeep Saini

Collaborative Organisation Platform as a Service Mandeep Saini

Collaborative Organisation Platform as a Service Mandeep Saini Product Manager, GANT, U.K. Niels Van Dijk Technical Product Manager, SURFnet, The Netherlands AARC/CORBEL Workshop June 1, 2016, Paris Networks Services People Services Services People People www.geant.org Outline Introduction Problem statement COPaaS offering What's in it for R&E communities?

Our roadmap How to join us? Networks Services People Services Services People People www.geant.org 2 Introduction GANT project Europes leading collaboration on network, related infrastructure and services. CO Platform as a Service Offers a simple, consistent way for using federated services for COs, including group management, attribute authorities. To support uptake of federated technologies while improving the quality of AAI for COs. Networks Services People Services Services People People

www.geant.org 3 Collaborative/Virtual Organisation (CO/VO) Organisational representation of network of people and resources Spread across different organisations in multiple geographical locations Enable group of people to share set of resources. Access to resources (or Services) often needs to be managed Requires authentication and authorization. Networks Services People Services Services People People www.geant.org 4 Collaborative Organisations and AAI

With Federated Authentication Home oragnisation operates Identity provider (IdP) Allows authentication towards a Service Provider (SP) Identity Federations E.g. InCommon or SURFconext, Provides trust frameworks between SPs and IdPs. Inter-federation E.g. eduGAIN, Interconnects national identity federations. Successfully addresses authentication in heterogeneous environment. Networks Services People Services Services People People www.geant.org 5 Collaborative Organisations and AAI

To be able to grant access, a Service needs information beyond Authentication Identity Federations often conveys it using attributes However, often attributes issued by home organisation alone are not enough CO services need attribute information in the context of the CO Requires COs to manage and provide additional attribute towards Services, independently from the home organisation. Networks Services People Services Services People People www.geant.org 6 CO Platform as a Service Goal: Investigate the conditions that would allow GANT to provide services for supporting COs

Focus on delivery of Technical services Out of scope: Technical development Policy & LOA development Activities: Collected requirements and priorities with/from communities Evaluated existing tools and technologies Looking into delivery model Investigating business case & sustainability Operations and Market Networks Services People Services Services People People

www.geant.org 7 Requirements for building on Federated AAI as a CO COPaaS conducted a survey For several small and large Pan-European COs Re-validates the FIM4R requirements. Results outlines functional requirements. The FIM4R paper (April 2012) Outlines collective requirements for using Federated AAI for COs. Networks Services People Services Services People People www.geant.org 8 COPaaS Market Analysis

Interviews and desk study conducted with: Umbrella (Large neutron and photon facilities) CLASSe (Shared IaaS) DARIAH (Humanities) CERN (High Energy Physics) CLARIN (Humanities and social sciences) Virtual Campus Hub (eLearning, Renewable Energy) ELIXIR (Life Sciences, Bioinformatics)

GANT VAMPIRE (NREN collaboration). Broad NREN/federation participation: AMRES, CESNET, DFN/LRZ, GARR, IUCC, NIIF, RENATER, SUNET, SURFnet, SWITCH Market Analysis http://www.geant.org/Projects/GEANT_Project_GN4-1/deliverables/D9-2_MarketAnalysis-for-Virtual-Organisation-Platform-as-a-Service.pdf Networks Services People Services Services People People www.geant.org 9 COpaas Market Analysis Results Networks Services People Services Services People People www.geant.org 10

COPaaS - Function requirements Persistent Identifier Allows CO to identify the user even if (s)he changes IdP CO Membership Registration Workflows for CO member registration External Identities Many CO users IdP will not be in eduGAIN Attribute Management Attributes beyond the IdP are needed for CO roles and rights, or To provide extra context (e.g. ORCID, Grant number) Group Management Groups may also be used to define roles and rights (de)Provisioning Identity, attributes and groups need to be provided to Services

Service Proxy and Attribute Aggregation A centralised infrastructure to operate on behalf of the CO Service Providers Networks Services People Services Services People People www.geant.org 11 COPaaS Deployment model Basic Services Operated by GANT Multi tenant service Also for COs that are not legal entities Operated as a (set of) Services Advanced Services Operated by GANT on behalf of a CO Single tenant service Somebody a legal entity - must take responsibility for the data Operates as per CO applications on VM boxes

Networks Services People Services Services People People www.geant.org 12 Basic Services CO Membership service Registry for CO persistent Identifier CO specific Workflows for onboarding Limited set of attributes Accessible through eduGAIN Transparent External Identity proxy (TEIP)

One persistent (SAML) IdP for many Guest Identity Providers, including: Social (Google, Twitter, Linkedin, Facebook) NREN operated & Commercial Guest IdPs (OpenIDP, UnitedID.org, eduID.se) eGOV (STORK) BankID Provides LOA: eIDAS by default, others upon request from SP Available and accessible through eduGAIN Networks Services People Services Services People People www.geant.org 13 Social

(OIDC & Oauth) Transparent External Identity proxy (TEIP) SAML2IN T SaToSa Proxy SP VHO Account Recovery BankId & eGOV TEIP

Networks Services People Services Services People People www.geant.org 14 Advanced Services (advanced) Attribute Management Whatever you can come up with (advanced) Group Management Groups hierarchy etc. Provisioning For web and non-web resources, application specific connectors Service Proxy and Attribute Aggregation To have a central point for technology and policy

Accessible through eduGAIN May be delivered as a paid service Networks Services People Services Services People People www.geant.org 15 Tools Basic Services CO Membership service: COmanage Transparent External Identity Proxy (TEIP): SaToSa Advanced Services Attributes and Groups: HEXAA, PERUN and COmanage

SP Proxy: OpenConext Networks Services People Services Services People People www.geant.org 16 Architecture SAML AA Oauth CO persistent Identifier + CO attributes COPaaS Service Provider

COmanage VOOT AuthN: Id + attributes IdP TEIP eduGAIN Networks Services People Services Services People People www.geant.org 17 Networks Services People Services Services People People

www.geant.org 18 What's in it for R&E communities AAI is complex, subject matter experts are required. Save time and efforts Why to re-invent wheel? Invest on research topics rather than building AAI COPaaS Delivery vehicle for trusted technologies. Networks Services People Services Services People People www.geant.org 19

Roadmap Q3 2016 Delivery Model Deploy pilot platform Q4 2016 Run pilots with Basic Services, in collaboration with AARC Support application integrations 2017 Production service for Basic Services Finalise specification for Advanced Services 2018 Deploy Pilots for Advanced Services Possibly: pick up new services as developed within GEANT, AARC or others Networks Services People Services Services People People www.geant.org 20 Join Us

Interested to join COPaaS pilot or have any queries Contact us: [email protected] Networks Services People Services Services People People www.geant.org 21 Thank you Networks Services People Services Services People People www.geant.org This work is part of a project that has applied for funding from the European Unions Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). Networks Services People Services Services People People www.geant.org

22

Recently Viewed Presentations

  • MLA Formatting and Style Guide - University of West Florida

    MLA Formatting and Style Guide - University of West Florida

    MLA Style. If the author is mentioned in the sentence, do not include the author's name in the parenthetical citation. According to Anderson, the aesthetic and ideological orientation of jazz underwent considerable scrutiny in the late 1950s and early 1960s...
  • A Design Process - HPHS ENGINEERING

    A Design Process - HPHS ENGINEERING

    Design Process. Design process used in IED is an example of one design process. Many design processes exist and are effective. Consistently applying a single clearly defined design process provides a basis for understanding
  • Plant Growth - sites.tenafly.k12.nj.us

    Plant Growth - sites.tenafly.k12.nj.us

    Plant Growth 26-2 Unlike animals plants continue to grow and increase in size throughout their lives. ... by the apical meristem Apical dominance Auxin produces phototropism Auxins Apical dominance Cytokinins Like auxins cytokinins effect the rates of plant growth and...
  • Authoritative Teacher Style - Kulturskolan Stockholm

    Authoritative Teacher Style - Kulturskolan Stockholm

    (Boeren & Nicaise, 2009) What moves people? (motivation < Latin moveo: being moved to act) How can intrinsic motivation be externally triggered? Self-Determination Theory the most comprising & leading theory with regard to motivation research tested over the last four...
  • Social Inequality

    Social Inequality

    An ethnic group is a social group whose members share an identity based on their cultural traditions, religion or language. The term "ethnic minority" describes a group of people who are from a different ethnic group from the general population...
  • Actuator Bus System - Asahi America Inc.

    Actuator Bus System - Asahi America Inc.

    I&PCEA Intellution, Inc InterlinkBT Jet Propulsion Laboratory JGC Corp. K-Patents Oy Keneka Engineering Corp. Kinetics Technology International Knick Elektronische Meßgeräte GmbH &Co. Konsberg Simrad AS Koso Service Co., Ltd. KROHNE Messtechnik GmbH & Co. Kurihara Kogyo Co., Ltd Magnetrol International...
  • CHAPTER 14 Developing and Pricing Goods and Services

    CHAPTER 14 Developing and Pricing Goods and Services

    LO 14-5 Starbucks - Holiday lattes, like gingerbread and eggnog launch in October. Clif Bar - Your winter hike can include snacks like pecan pie and pumpkin pie. Kraft - The famous mac and cheese gets the snowman treatment during...
  • eCATS The Honeywell Web-based Corrective Action Solution Overview

    eCATS The Honeywell Web-based Corrective Action Solution Overview

    Across Honeywell, each site duplicated effort by creating unique CAR processes and systems to manage them. Within each site, there was often multiple system to manage different types of corrective action: Customer Requested. Supplier Issues. Internal Audit Findings. Duplication of...