The document discusses the AARC project, which aims to improve federated identity management (FIM) for researchers across Europe. The project works to address eScience requirements and offer support for global policies around FIM. It has developed a blueprint architecture and set of building blocks to enable authentication and authorization across research collaborations and infrastructures. The AARC project also focuses on engagement with research communities and infrastructure providers to promote adoption of harmonized solutions. It has established several working groups and frameworks to facilitate collaboration and address security, assurance, and policy aspects of integrated identity and access management.
3. https://aarc-project.eu 3
The project
3
• EC-funded project
• AARC (2015-2017),
• AARC2 started in Apr 2017 and will end in 2019
• 25 Partners: NRENs, research and
e-Infrastructure providers as equal
partners
• Focus on enabling FIM for eScience
• https://aarc-project.eu/
Watch the AARC video to find out more
12. https://aarc-project.eu 12
eduGAIN – A global network of academic identities
o Allows researchers to use ONE digital
identity to access MANY services and
resources available in eduGAIN
o Access to resources based on the
user’s affiliation
oAuthZ happens @services/resources
o Users’ group memberships are not
know by users’ institutions !
29. https://aarc-project.eu 29
GÉANT eduTEAMS
• A suite of services to support
research collaboration
• Built on top of eduGAIN, takes
full advantage of federated AAI
•Simplifies the management of
group and authorization
information
•Enables the integration of users
and services from a wide range
of environments
•Supports for Social IDs using the
identity Hub
40. https://aarc-project.eu 40
What is Sirtfi?
• Require that a security incident response capability exists with sufficient
authority to mitigate, contain the spread of, and remediate the effects of
an incident.
Operational Security
• Assure confidentiality of information exchanged
• Identify trusted contacts
• Guarantee a response during collaboration
Incident Response
• Improve the usefulness of logs
• Ensure logs are kept in accordance with policy
Traceability
• Confirm that end users are aware of an appropriate AUP
Participant Responsibilities
47. https://aarc-project.eu
• A research community wants to use R&E federation IdPs (eduGAIN)
• But they have many distributed research community SPs
• And they do not all want to (or cannot) join a national identity federation
• A popular way of joining the two worlds together is via an SP/IdP Proxy
• Acts as an SP in the eduGAIN world
• Acts as an IdP for the research community
• see AARC Blueprint Architecture
• But still have to establish trust between the eduGAIN IdPs and the research community
• Or between Infrastructures
• SP/IdP Proxy wishes to assert:
• REFEDS Research and Scholarship
• GÉANT data protection code of conduct
• REFEDS Sirtfi
• How can we build such scalable trust?
- > Snctfi
47
A classic FIM4R use case – “Research Communities and eduGAIN”
51. https://aarc-project.eu 51
Snctfi infrastructure requirements, a summary
• State common security requirements: AAI, security, incident and vulnerability handling
• Ensure constituents comply: through MoUs, SLA, OLA, policies, or even contracts, &c
Operational Security
• Awareness: users and communities need to know there are policies
• Have an AUP covering the usual
• Community registration and membership should be managed
• Have a way of identifying both individuals and communities
• Define the common aims and purposes (that really helps for data protection …)
User Responsibilities
• Have a data protection policy that binds the infrastructure together, e.g. AARCs
recommendations or DP CoCo
• Make sure every ‘back-end’ provider has a visible and accessible Privacy Policy
Protection and Processing of Personal Data