Like aircraft queueing on a runway, 11 pilots of authentication and authorisation infrastructure (AAI) components are lining up for their test flights. The AARC project is exploring how well these fit the requirements of research communities and the time will soon be right for those communities to climb on board.
AARC ‘eats its own dogfood’
The AARC ‘runway’ is a solid base – a pilot platform that has been created in line with the AARC project’s own blueprint architecture and guideline documents, which were the fruits of several AARC activities during the project’s first year.
The platform is a staging area and can be used to test and deploy services as well as to pilot them with the research community. Although the platform is not a production facility, proper attention is paid to operational aspects, including security, updates and the deployability of software components.
The underlying platform infrastructure is delivered by ~okeanos, the GRNET cloud service. For AARC, 30 virtual machines are available, with appropriate specs to run the pilots.
How it works
The pilot platform combines OpenConext and COmanage to use a Service Provider (SP) proxy scenario that can service the AARC project itself. COmanage centrally manages virtual organisation (VO) specific groups and attributes, including Secure Shell (SSH) and Virtual Private Network (VPN) provisioning. OpenConext takes care of the SP proxy. OpenConext authorisation and attribute aggregation from COmanage and other sources (e.g. ORCID) will be used to test authorisation scenarios on behalf of the VO services.
This approach has been demonstrated on various occasions, including meetings with representatives of several research communities. To show to a larger audience what this combined solution is capable of, the AARC pilots team has published a 4-minute screen cap video.
Screencap movie on using COmanage and OpenConext to provide self-service access to a Linux server
How can you find and test the pilots?
To ensure that e-infrastructures and communities targeted by AARC (e.g. life sciences, earth observation, higher energy physics and research libraries) can easily find and access the pilot setups and demonstrators, we created a top-level domain for the pilot projects at *.pilots.aarc-project.eu.
To further facilitate any testing by communities a SimpleSAMLphp ‘Do It Yourself’ test identity provider is included in this environment. This identity provider is named ‘DIY IdP’ and is available for the testing of AARC pilot projects. It allows you to test various login and attribute scenarios that are common when dealing with SAML identity providers.
With the AARC pilot GIT repository at https://github.com/AARCProject we created a home for code and configuration data of pilot projects and for more sensitive data, such as specific configuration data, keys and certificates. A private repository is available at https://gitlab.pilots.aarc-project.eu.
A brief overview of all the AARC pilots is available in the public AARC wiki. Come and see which ones will soon be ready for take off!