FIM4R Meeting PSI Villigen

Paul Scherrer Institut

Paul Scherrer Institut

Villigen PSI, Switzerland
Bob Jones (CERN), Heinz J Weyer (PSI), Mirjam van Daalen (PSI)
5th FIM4R Meeting PSI Villigen,March 20/21 2013

Event description:
Federated identity management (FIM) in general and federated identity management for research communities (FIM4R) is an arrangement that can be made among multiple organisations that lets subscribers use the same identification data to obtain access to the secured resources of all organisations in the group. Specifically in the various research communities there is an increased interest in a common approach to FIM as there is obviously a large potential for synergies.
This workshop in the fivth in a series that started in summer 2011 to investigate Federated Identity Management for Research (FIM4R) collaborations. The first workshop was held at CERN in June 2011 (, the second at RAL in November 2011 ( and the third at ISGC in February 2012 ( The last workshop of this series has been held in Nymegen ( Through these workshops, several research communities have converged on a common vision for FIM, enumerated a set of requirements and proposed a number of recommendations for ensuring a roadmap for the uptake of FIM is achieved. These points have been documented in a paper ( for which comments are welcome (
One objective of this workshop is finalizing the work on a common FIM4R paper and to discuss related papers. Another major topic is to go from theory to practice and to present and discuss several FIM prototypes currently in development. Third, as the term ‘federated’ already indicates, it will not be possible to find a ‘one size fits all’-solution to all requirements. In addition, there are, especially in the commercial sector, already various existing identity management tools, which would be interesting to connect. Therefore, solutions are thought of, which provide links between different systems. These developments are just in the beginning.

  • Almudena Montiel Gonzalez
  • Andrea Baldi
  • Andreas Tomiak
  • Andres Aeschlimann
  • Ann Harding
  • Antony Wilson
  • Arnoud Jippes
  • Benjamin Oshrin
  • Bjoern Abt
  • Bob Jones
  • Catharina Wasner
  • Christoph Witzig
  • Daan Broeder
  • Dean Flanders
  • Dieter Van Uytvanck
  • Dimitri Argyriou
  • Enrico Maria Vincenzo Fasanelli
  • Frank Schluenzen
  • Heather Flanagan
  • Heinz Josef Weyer
  • Jean-François Perrin
  • Kenneth Klingenstein
  • Kilian Schwarz
  • Krzysztof Wrona
  • Lajos Jeno Fulop
  • Laurel Haak
  • Licia Florio
  • Linda Cornwall
  • Lukas Hämmerle
  • Marc van Dijk
  • Marco Leonardi
  • Maria Laura (Lalla) Mantovani
  • Michal Prochazka
  • Mikael Linden
  • Mirjam van Daalen
  • Peter Gietz
  • Peter Kunszt
  • Philip Kershaw
  • Remco Poortinga - van Wijnen
  • sabrina Tomassini
  • Scott Koranda
  • Stefan Janousz
  • Thomas Brunner
  • Tommi Nyronen
  • Valter Nordh
  • Wartel Romain
  • Wolfgang Pempe
  • Wednesday, March 20
    • 12:00 PM
    • Intro
      • 1
        Speaker: Rafael Abela
      • 2
        Outline and Goal
        Speaker: Robert Jones
    • Pilots & Projects I
      • 3
        ELIXIR AAI pilot - life sciences
        We give a technical demonstration of an open-source tool REMS that leverages federated identity management and automates the process of granting an entitlement for accessing a data resource. Pilot implementation of the tool has been made with the European Genome-phenome Archive (EGA) and Nordic genome-wide control data (NordicDB).
        Speaker: Tommi Nyronen
      • 4
        ESA Earth Observation Single Sign On
        We will give a short presentation about the ESA Shibboleth based SSO system that we have implemented and in use for Earth Observation Applications. We will focus on the extension made to support typical use cases, like User Self Registration, Credential Recovery, Self Account Administration, SP users inheritance and native JAVA application support. We will describe our Virtual Software development environment that implements IDP, LDAP and SP's reference implementation with typical configuration templates.
        Speaker: Andrea Baldi
      • 5
        Identity Federation in WLCG/HEP
        This presentation will focus on the status of the identity federation pilot for WLCG, as well as ongoing discussions in the WLCG/HEP community, including issues, future and progress made since the last meeting.
        Speaker: Romain Wartel
      • 6
        The presentation gives a short update on the FIM activities of the DARIAH project that builds an infrastructure for virtual research environments for the humanities.
        Speaker: Peter Gietz
    • 2:50 PM
    • Pilots & Projects II
      • 7
        GEANT Data Protection Code of Conduct
        The data protection Code of Conduct aims at encouraging Identity Providers to release attributes to Service Providers, which is a challenge reported by the FIM4R document. The speak presents the Code of Conduct and the pilot that has taken place with the CLARIN community.
        Speaker: Mikael Linden
      • 8
        Advancing Federated Technologies for different communities
        This talk will report on the main activities that took place in 2012: 1. the AAA study carried out by TERENA, LIBER, Uva and Uni. of Debrecen for which the main findings will be highlighted. The final version of the study can be found online: 2. a proposed roadmap to address the FIM4R requirements. The initial plan was proposed and agreed during the Nijmegen meeting. After that meeting an informal discussion took place involving a few parties. This led to a paper, which is being finalised. The final version of the paper will be circulated prior to the meeting for information and discussion. The paper is available on Indico (“Addressing e- Research Requirements ”
        Speaker: Licia Florio
      • 9
        Geant3+ and FIM4R
        Speaker: Ann Harding (SWITCH)
      • 10
        Managing Identity: ORCID and Federated Login
        ORCID launched its Registry of persistent identifiers for researchers in October, 2012. Since then, over 75,000 researchers have registered, about a third of them through member integration sites. Both members and researchers have asked ORCID about plans for federated login. This talk will provide an overview of ORCID authentication, user requests, and aims to engage other participants in a discussion of best options.
        Speaker: Laure Haak (Orcid)
    • Bridging
      • 11
        Towards FIM as a Service: Federated Identity Management for the Contrail Cloud Project
        This presentation will explore the work undertaken for the Contrail EU Framework 7 project security work packages to develop a set of modular, reusable FIM components. The solution takes advantage of the OAuth 2.0 framework, together with technologies such as SAML and OpenID to provide a generic set of interfaces to support federated access and identity management, a FIM-as-a-Service package. This approach is showing promise on a number of other projects.
        Speaker: Philp KERSHAW
      • 12
        CRISP (PSI / GSI) Bridging Project
        Speakers: Almudena Montiel Gonzalez, Bjoern ABT
  • Thursday, March 21
    • Pilots & Projects III
      • 13
        FedID and Universities
        Thanks to the Swiss universities and SWITCH, Switzerland was one of the first countries in the world that operated a production federated identity management (FIM) infrastructure for the higher education and research community. This presentation gives an overview about the past, the present and a future outlook on SWITCHaai as well as eduroam, the two academic FIM infrastructures currently deployed in Switzerland. Since this is closely related to the future developments, another focus lies on the worldwide higher education FIM infrastructures and how they influence the Swiss FIM infrastructures.
        Speaker: Lukas Haemmerle
      • 14
        The CLARIN SPF and its future expansion
        This is a report on the status and planned further development of the CLARIN Service Provider Federation (SPF) and its possible expansion with other research infrastructures (RIs), especially the other Humanities RIs via the DASISH ESFRI cluster project. Special attention will be given to attempts in the Netherlands and Germany to convince home organisations to link-up with the CLARIN SPF.
        Speaker: Daan Broeder
      • 15
        Umbrella has been developed as the federated-identity tool as basis for the IT user services at the European photon and neutron large facilities. After a successful test with ‘friendly users’ the system is now ready for deployment. As this will directly affect user operation with 30’000+ visiting scientists, the transition will be performed gradually in 4 phases. The presentation will give a short description of the system and explain the implementation phases.
        Speaker: Mirjam van Daalen
    • 10:15 AM
    • Pilots & projects IV
      • 16
        Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community
        I will present the approach the WeNMR project takes towards central user management, SSO and accounting. In this approach, the WeNMR Virtual Research community (VRC) website functions as a hub for all activity. The VRC uses Drupal as content management system providing a rich ecosystem of support modules to extend Drupals functionality. We developed a custom, flexible yet generic module for Drupal to allow our community users to easily subscribe to the various services the project has to offer and enable SSO for all of these. The module exposes a flexible API to WeNMR service providers to perform user authentications and accounting. Being a native Drupal module, it can benefit, almost out-of-the-box, from other modules offering various ways of user authentication such as SAML, Shibboleth, OAuth, OpenID and more. I will discuss some of these in relation to our module.
        Speaker: Marc van Dijk
      • 17
        Web SSO with Cloud Resources using AD Federation Services
        We are currently using ADFS with SAML 2.0 for several projects to enable web SSO. In using ADFS we have found that we can federate with other institutions, service providers, and federations. We will demonstrate use cases for each of these configurations including an example using Azure. This allows institutions to federate on their own with other institutions and cloud providers giving users pass-through or SSO authentication to access external resources.
        Speaker: Dean Flanders
      • 18
        The DCH-RP project: requirements and implementations of federated access to digital cultural heritage contents
        First the presentation gives an overview on the DCH-RP, a project concerning the preservation of Digital Cultural Heritage. Then the requirements on federated access coming from the cultural heritage community will be presented. Last we will show the eCulture Science Gateway as a tool to satisfy the community requirements.
        Speaker: Maria Laura Mantovani (GARR)
    • FIM4R paper and discussion
      • 19
        FIM4R Paper
        Speaker: Bob Jones
      • 20
        Speaker: Mirjam van Daalen (PSI)
      • 21
        CSC, the venue for next FIM4R
        Speaker: Michael Linden (CSC)