- Analyse and foster alternate authentication and authorization mechanisms, with emphasis of Identity Federations as an alternative to certificate based authentication.
- Support wide deployment and use of alternate AA approaches through recommendations, consultancy, and technology transfer.
- Analyse and recommend/support selected technologies for deployment of Scientific Gateways as means to support newcomers and small research groups.
- Emphasise and demonstrate the usability of Science Gateways for integration of distributed infrastructures, including grids, clouds, data and eventually HPC.
- Support several selected Science Gateways in different regions, with the emphasis on proper deployment and use of alternate AA mechanisms.
Description and Tasks
Task 5.1 – Identity Federations and other AA approaches - Leader: CESNET
Trust building requires also adequate authentication and authorization mechanisms that are easily deployed and use to use by research communities and individuals. Such mechanisms must be lightweight and must support smooth work without unjustified burden on users and resource providers, otherwise they can create unsurpassable barriers. While contemporary grids rely on certificates and certificate attributes (like those used by VOMS) to deal with authentication and authorization, such solution is far from easy to use and is considered as a barrier especially for smaller and/or not formally organized research groups and communities. This task will deal with different AA approaches that are already emerging as a viable alternate to the certificate based ones. Most notably, within this task involved partners will collect and summarize alternate approaches with the emphasis on Identity Federations. A concise set of recommendations for the deployment, use and limitations of Federation Identity approach, with the special emphasis on the small and/or emerging (not formally organized) communities will be produced. Actual deployment in different regions of these recommendations will be followed, including a support to sites where these approaches will be implemented (through consultancy and know-how transfer).
In parallel, other new emerging AA approaches (like e-cards) will be closely followed and their usability for the distributed integrated grid/cloud/data environments analysed. A survey together with recommendations will be published in the second half of the project.
Task 5.2 - Support to Science Gateways - Leader: INFN
In the recent past, interesting developments have been independently carried out by the by the National Research and Education Networks with the Identity Federations and by the Grid community with the Science Gateways to increase, from one side, the number of users authorised to access network-based services across different organisational domains, and, from the other side, to ease the access to and the use of Grid infrastructures. A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community. In the scope of EU funded projects like EUMEDGRID Support, DECIDE and INDICATE , Science Gateways have been developed that allow users, belonging to different organizations and having different roles in the community, to access Grid resources with the credentials provided to them by the Identity Providers they are registered in. They access a web-based portal and, according to their roles and privileges, they are allowed to run applications embedded in the Science Gateway and exposed through its user interface. Applications are interfaced to the underlying Grid infrastructure through a library of software services which is based on standards and is middleware-independent. The authentication and authorisation framework is based on the SAML standard, the same used to build Identity Federations. In this task, existing Science Gateways technologies will be monitored and compared and some examples will be integrated in the Application Database and the Knowledge Base of CHAIN-REDS. Task 5.2 will also provide, through the deliverable D5.2, some guidance and recommendations about how to build a standard-based Science Gateway.
The power of these tools will be demonstrated during dissemination events with real use cases. Since Science Gateways are key for a transparent integration, at application level, of different infrastructures, from different grid middleware deployed over physical fabrics up to different concepts (Grid, HPC, Cloud), demonstrators will also address the above interoperability/integration issues. As a part of this task, partners and other cooperating parties will be encouraged to setup and maintain Science Gateways relevant for their communities.