FIM4R Meeting PSI Villigen

20 Mar 2013, 12:00 → 21 Mar 2013, 14:00 Europe/Zurich

Paul Scherrer Institut

Bob Jones (CERN), Heinz J Weyer (PSI), Mirjam van Daalen (PSI)

5th FIM4R Meeting PSI Villigen,March 20/21 2013

Event description:
Federated identity management (FIM) in general and federated identity management for research communities (FIM4R) is an arrangement that can be made among multiple organisations that lets subscribers use the same identification data to obtain access to the secured resources of all organisations in the group. Specifically in the various research communities there is an increased interest in a common approach to FIM as there is obviously a large potential for synergies.
This workshop in the fivth in a series that started in summer 2011 to investigate Federated Identity Management for Research (FIM4R) collaborations. The first workshop was held at CERN in June 2011 (https://indico.cern.ch/event/129364), the second at RAL in November 2011 (https://indico.cern.ch/event/157486) and the third at ISGC in February 2012 (https://indico.cern.ch/event/177418). The last workshop of this series has been held in Nymegen (http://www.clarin.eu/events/3501). Through these workshops, several research communities have converged on a common vision for FIM, enumerated a set of requirements and proposed a number of recommendations for ensuring a roadmap for the uptake of FIM is achieved. These points have been documented in a paper (https://cdsweb.cern.ch/record/1442597) for which comments are welcome (https://cdsweb.cern.ch/record/1442597/comments).
One objective of this workshop is finalizing the work on a common FIM4R paper and to discuss related papers. Another major topic is to go from theory to practice and to present and discuss several FIM prototypes currently in development. Third, as the term ‘federated’ already indicates, it will not be possible to find a ‘one size fits all’-solution to all requirements. In addition, there are, especially in the commercial sector, already various existing identity management tools, which would be interesting to connect. Therefore, solutions are thought of, which provide links between different systems. These developments are just in the beginning.
 

Paper FIM4RWorde.pdf MontielSummaryRevy.pdf

Wednesday, 20 March

12:00 Registration

Intro

1 Welcome

Speaker: Rafael Abela

2 Outline and Goal

Speaker: Robert Jones

Slides FIM_PSI_Mar2013-intro.pptx

Pilots & Projects I

3 ELIXIR AAI pilot - life sciences

We give a technical demonstration of an open-source tool REMS that leverages federated identity management and automates the process of granting an entitlement for accessing a data resource. Pilot implementation of the tool has been made with the European Genome-phenome Archive (EGA) and Nordic genome-wide control data (NordicDB).

Speaker: Tommi Nyronen

Paper AbstractNyroenena.docx

Slides Nyronen20130320_ELIXIR_AAI_FIM4R.pdf

4 ESA Earth Observation Single Sign On

We will give a short presentation about the ESA Shibboleth based SSO system that we have implemented and in use for Earth Observation Applications. We will focus on the extension made to support typical use cases, like User Self Registration, Credential Recovery, Self Account Administration, SP users inheritance and native JAVA application support. We will describe our Virtual Software development environment that implements IDP, LDAP and SP's reference implementation with typical configuration templates.

Speaker: Andrea Baldi

Paper AbstractBaldia.docx

Slides Baldi_EO_ESA_Identity_Mangement.pdf

5 Identity Federation in WLCG/HEP

This presentation will focus on the status of the identity federation pilot for WLCG, as well as ongoing discussions in the WLCG/HEP community, including issues, future and progress made since the last meeting.

Speaker: Romain Wartel

Paper AbstractWartela.docx

Slides 2013-03_Wartel_FIM4R_Fed_ID.pdf

6 FIM4DARIAH

The presentation gives a short update on the FIM activities of the DARIAH project that builds an infrastructure for virtual research environments for the humanities.

Speaker: Peter Gietz

Paper AbstractGietza.docx

Slides Gietz_FIM4DARIAH_2013-03-20.pdf

14:50 Coffee

Pilots & Projects II

7 GEANT Data Protection Code of Conduct

The data protection Code of Conduct aims at encouraging Identity Providers to release attributes to Service Providers, which is a challenge reported by the FIM4R document. The speak presents the Code of Conduct and the pilot that has taken place with the CLARIN community.

Speaker: Mikael Linden

Paper AbstractLindena.docx

Slides Linden_fim4r-coc-2013-3-20.pdf

8 Advancing Federated Technologies for different communities

This talk will report on the main activities that took place in 2012: 1. the AAA study carried out by TERENA, LIBER, Uva and Uni. of Debrecen for which the main findings will be highlighted. The final version of the study can be found online: https://confluence.terena.org/download/attachments/30474266/2012-AAA-Study-report-final.pdf?version=1&modificationDate=1355503760046 2. a proposed roadmap to address the FIM4R requirements. The initial plan was proposed and agreed during the Nijmegen meeting. After that meeting an informal discussion took place involving a few parties. This led to a paper, which is being finalised. The final version of the paper will be circulated prior to the meeting for information and discussion. The paper is available on Indico (“Addressing e- Research Requirements ” http://indico.psi.ch/materialDisplay.py?contribId=14&sessionId=3&materialId=paper&confId=2230

Speaker: Licia Florio

Paper AbstractFlorioa.docx AnalysisFIMDocumentv0.7.pdf

Slides Florio_2013-03-20FIM4R-LF.pdf

9 Geant3+ and FIM4R

Speaker: Ann Harding (SWITCH)

Paper HardingUseCases.docx

Slides Harding_FIM4R-GN3+Intro-AH.pdf

10 Managing Identity: ORCID and Federated Login

ORCID launched its Registry of persistent identifiers for researchers in October, 2012. Since then, over 75,000 researchers have registered, about a third of them through member integration sites. Both members and researchers have asked ORCID about plans for federated login. This talk will provide an overview of ORCID authentication, user requests, and aims to engage other participants in a discussion of best options.

Speaker: Laure Haak (Orcid)

Paper AbstractHaaka.docx

Slides Haak_ORCID_FIM4R_20130320.pdf

Bridging

11 Towards FIM as a Service: Federated Identity Management for the Contrail Cloud Project

This presentation will explore the work undertaken for the Contrail EU Framework 7 project security work packages to develop a set of modular, reusable FIM components. The solution takes advantage of the OAuth 2.0 framework, together with technologies such as SAML and OpenID to provide a generic set of interfaces to support federated access and identity management, a FIM-as-a-Service package. This approach is showing promise on a number of other projects.

Speaker: Philp KERSHAW

Paper AbstractKershawa.docx

Slides KershawTowards_FIM_as_a_Service,_PSI_FIM4R_Workshop_20130320.pdf

12 CRISP (PSI / GSI) Bridging Project

Speakers: Almudena Montiel Gonzalez, Bjoern ABT

Slides AbtFIM4R-Bridginga.pdf MontielFIM4R-Bridging.pdf

Thursday, 21 March

Pilots & Projects III

13 FedID and Universities

Thanks to the Swiss universities and SWITCH, Switzerland was one of the first countries in the world that operated a production federated identity management (FIM) infrastructure for the higher education and research community. This presentation gives an overview about the past, the present and a future outlook on SWITCHaai as well as eduroam, the two academic FIM infrastructures currently deployed in Switzerland. Since this is closely related to the future developments, another focus lies on the worldwide higher education FIM infrastructures and how they influence the Swiss FIM infrastructures.

Speaker: Lukas Haemmerle

Paper AbstractHaemmerlea.docx

Slides HaemmerleFIM-And-Universities.pdf

14 The CLARIN SPF and its future expansion

This is a report on the status and planned further development of the CLARIN Service Provider Federation (SPF) and its possible expansion with other research infrastructures (RIs), especially the other Humanities RIs via the DASISH ESFRI cluster project. Special attention will be given to attempts in the Netherlands and Germany to convince home organisations to link-up with the CLARIN SPF.

Speaker: Daan Broeder

Paper AbstractBroedera.docx

Slides BroederDASISH-CLARIN.pdf

15 Umbrella

Umbrella has been developed as the federated-identity tool as basis for the IT user services at the European photon and neutron large facilities. After a successful test with ‘friendly users’ the system is now ready for deployment. As this will directly affect user operation with 30’000+ visiting scientists, the transition will be performed gradually in 4 phases. The presentation will give a short description of the system and explain the implementation phases.

Speaker: Mirjam van Daalen

Paper AbstractVanDaalena.docx

Slides UmbrellaFIM4R210313_VM16.ppt

10:15 Coffee

Pilots & projects IV

16 Centralized user management and Single Sign On for the WeNMR gateway through the WeNMR Virtual Research Community

I will present the approach the WeNMR project takes towards central user management, SSO and accounting. In this approach, the WeNMR Virtual Research community (VRC) website functions as a hub for all activity. The VRC uses Drupal as content management system providing a rich ecosystem of support modules to extend Drupals functionality. We developed a custom, flexible yet generic module for Drupal to allow our community users to easily subscribe to the various services the project has to offer and enable SSO for all of these. The module exposes a flexible API to WeNMR service providers to perform user authentications and accounting. Being a native Drupal module, it can benefit, almost out-of-the-box, from other modules offering various ways of user authentication such as SAML, Shibboleth, OAuth, OpenID and more. I will discuss some of these in relation to our module.

Speaker: Marc van Dijk

Paper AbstractvanDijka.docx

Slides VanDijk2013-FIM4R-PSI.pdf

17 Web SSO with Cloud Resources using AD Federation Services

We are currently using ADFS with SAML 2.0 for several projects to enable web SSO. In using ADFS we have found that we can federate with other institutions, service providers, and federations. We will demonstrate use cases for each of these configurations including an example using Azure. This allows institutions to federate on their own with other institutions and cloud providers giving users pass-through or SSO authentication to access external resources.

Speaker: Dean Flanders

Paper AbstractFlandersa.docx

Slides Flanders_2013.03.21.umbrella.fmi4r.fmi-systemsx.collab-resource-mgmt.v1.pdf

18 The DCH-RP project: requirements and implementations of federated access to digital cultural heritage contents

First the presentation gives an overview on the DCH-RP, a project concerning the preservation of Digital Cultural Heritage. Then the requirements on federated access coming from the cultural heritage community will be presented. Last we will show the eCulture Science Gateway as a tool to satisfy the community requirements.

Speaker: Maria Laura Mantovani (GARR)

Paper AbstractMantovania.docx

Slides Mantovani-20130320-DCH-RP-x-FIM4R.pdf

FIM4R paper and discussion

19 FIM4R Paper

Speaker: Bob Jones

20 Discussion

Speaker: Mirjam van Daalen (PSI)

21 CSC, the venue for next FIM4R

Speaker: Michael Linden (CSC)