Speaker
Dr
Andrea CECCANTI
((INFN-CNAF))
Description
Contemporary distributed computing infrastructures (DCIs) are not easily
and securely accessible by common users. Computing environments are
typically hard to integrate due to interoperability problems resulting
from the use of different authentication mechanisms, identity
negotiation protocols and access control policies. Such limitations have
a big impact on the user experience making it hard for user communities
to port and run their scientific applications on resources aggregated
from multiple providers in different organisational and national
domains.
INDIGO-DataCloud will provide the services and tools needed to enable a
secure composition of resources from multiple providers in support of
scientific applications. In order to do so, an AAI architecture has to
be defined that satisfies the following requirements:
- Is not bound to a single authentication mechanism, and can leverage
federated authentication mechanisms
- Provides a layer where identities coming from different sources can be
managed in a uniform way
- Defines how attributes linked to these identities are represented and
understood by services
- Defines how controlled delegation of privileges across a chain of
services can be implemented
- Defines how consistent authorization across heterogeneous services can
be achieved and provides the tools to define, propagate, compose and
enforce authorization policies
- Is mainly targeted at HTTP services, but can accomodate also non-HTTP
services, leveraging token translation
In this contribution, Dr Ceccanti will present the work done in the first year of
the INDIGO project to address the above challenges. In particular, he
will introduce the INDIGO AAI architecture, its main components and
their status and demonstrate how authentication, delegation and
authorisation flows are implemented across services
