Cited By
View all- Torroglosa EOrtiz JSkarmeta A(2018)Matching federation identities, the eduGAIN and STORK approachFuture Generation Computer Systems10.1016/j.future.2017.09.07680:C(126-138)Online publication date: 1-Mar-2018
Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure
Authors: 
Ahmed Shiraz Memon, Jens Jensen, Aleš Cernivec, Krzysztof Benedyczak, Morris RiedelAuthors Info & Claims
Ahmed Shiraz Memon, Jens Jensen, Aleš Cernivec, Krzysztof Benedyczak, Morris RiedelAuthors Info & ClaimsPages 726 - 731
Abstract
One of the challenges in a distributed data infrastructure is how users authenticate to the infrastructure, and how their authorisations are tracked. Each user community comes with its own established practices, all different, and users are put off if they need to use new, difficult tools. From the perspective of the infrastructure project, the level of assurance must be high enough, and it should not be necessary to reimplement an authentication and authorisation infrastructure (AAI). In the EUDAT project, we chose to implement a mostly loosely coupled approach based on the outcome of the Contrail and Unicore projects. We have preferred a practical approach, combining the outcome of several projects who have contributed parts of the puzzle. The present paper aims to describe the experiences with the integration of these parts. Eventually, we aim to have a full framework which will enable us to easily integrate new user communities and new services.
References
[1]
Broeder Daan, Jones Bob, Kelsey David, Kershaw Philip, Lders Stefan, Lyall Andrew, Nyrnen Tommi, Wartel Romain, Weyer Heinz J, Federated Identity Management for Research Collaborations, CERN-OPEN-2012-006, https://cdsweb.cern.ch/record/1442597
[2]
Shim, S.S.Y.; Geetanjali Bhalla; Vishnu Pendyala; Federated identity management, Computer, vol.38, no.12, pp. 120-122, 2005.
[3]
EUDAT, http://www.eudat.eu
[4]
CILogon, http://ca.cilogon.org/
[5]
Terena Certificate Service, http://www.terena.org/activities/tcs/
[6]
A Nadalin and M Goodner and M Gudgin and A Barbir and H Granqvist (eds): WS-Trust 1.4, OASIS Standard, February 2009.
[7]
A Nadalin and C Kaler and P Hallam-Baker and R Monzillo (eds.): Web Services Security: SOAP Message Security 1.0, OASIS Standard 200401 (March 2004).
[8]
M Goodner and A Nadalin (eds.): Web Services Federation Language 1.2, OASIS Standard 200905 (May 2009).
[9]
A Celesti and F Tusa and M Villari and A Puliafito (eds.): How To Federate Vision Clouds Through Saml/shibboleth Authentication, Lecture Notes in Computer Science, Springer vol.7592/2012, pp.259-274, 2012
[10]
A Celesti and M Fazio and M Villari (eds.): SE CLEVER: A secure message oriented Middleware for Cloud federation, IEEE Symposium on Computers and Communications (ISCC), pp.35-40, 7-10 July 2013.
[11]
G Larocca and S Monforte and D Scar-daci: Catania Science Gateway eTokenServer, http://sourceforge.net/p/ctsciencegtwys/wiki/InstalleTokenServer/
[12]
The OAuth 2.0 Authorization Framework, http://tools.ietf.org/html/rfc6749
[13]
Contrail Project, http://www.contrail-project.eu.
[14]
N Sakimura and J Bradley and M Jones and B de Medeiros and C Mortimore, OpenID Connect Core 1.0, http://openid.net/specs/openid-connect-core-1_0.html, February 25, 2014
[15]
Unity, http://www.unity-idm.eu.
[16]
https://simplesamlphp.org/
[17]
J Hughes and S Cantor and J Hodges and F Hirsch and P Mishra R Philpott and E Maler (eds.): Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, OASIS Standard 200503 (March 2005).
[18]
Argus Authorization Service, https://twiki.cern.ch/twiki/bin/view/EGEE/AuthorizationFramework
[19]
Prace Research Infrastructure, http://www.prace-ri.eu/
[20]
Canh Ngo and Y Demchenko and C de Laat: Toward a Dynamic Trust Establishment approach for multiprovider Intercloud environment, Proc. 4th Int'l Conf. on Cloud Computing, Technology and Science (IEEE CloudCom), 2012, pp. 532-538.
[21]
S Tuecke and V Welch and D Engert and L Pearlman and M Thompson: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Delegation Profile, RFC 3820, http://www.rfc-editor.org/rfc/rfc3820.txt
[22]
Kwang Mong Sim: Cloud Intelligence: agents within an InterCloud.
Index Terms
- Federated Authentication and Credential Translation in the EUDAT Collaborative Data Infrastructure
Recommendations
CILogon: a federated X.509 certification authority for cyberinfrastructure logon
XSEDE '13: Proceedings of the Conference on Extreme Science and Engineering Discovery Environment: Gateway to DiscoveryCILogon provides a federated X.509 certification authority for secure access to cyberinfrastructure such as the Extreme Science and Engineering Discovery Environment (XSEDE). CILogon relies on federated authentication (SAML and OpenID) for determining ...
CILogon: A federated X.509 certification authority for cyberinfrastructure logon
CILogon provides a federated X.509 certification authority for secure access to cyberinfrastructure such as the Extreme Science and Engineering Discovery Environment. CILogon relies on federated authentication Security Assertion Markup Language OASIS, ...
Notarized federated ID management and authentication
20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)We propose a notarized federated identity management model that supports efficient user authentication when providers are unknown to each other. Our model introduces a notary service, owned by a trusted third-party, to dynamically notarize assertions ...
Comments
Information & Contributors
Information
Published In
December 2014
1035 pages
ISBN:9781479978816
Sponsors
Publisher
IEEE Computer Society
United States
Publication History
Published: 08 December 2014
Check for updates
Author Tags
Qualifiers
- Article
Acceptance Rates
Overall Acceptance Rate 38 of 125 submissions, 30%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 64Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 17 Oct 2024
Other Metrics
Citations
Cited By
View all- Torroglosa EOrtiz JSkarmeta A(2018)Matching federation identities, the eduGAIN and STORK approachFuture Generation Computer Systems10.1016/j.future.2017.09.07680:C(126-138)Online publication date: 1-Mar-2018
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in