Identity in research infrastructure and scientific communication: Report from the 1st IRISC workshop, Helsinki Sep 12-13, 2011

Motivation for the IRISC workshop came from the observation that identity and digital identification are increasingly important factors in modern scientific research, especially with the now near-ubiquitous use of the Internet as a global medium for dissemination and debate of scientific knowledge and data, and as a platform for scientific collaborations and large-scale e-science activities.

The 1 1/2 day IRISC2011 workshop sought to explore a series of interrelated topics under two main themes: i) unambiguously identifying authors/creators & attributing their scholarly works, and ii) individual identification and access management in the context of identity federations. Specific aims of the workshop included:

• Raising overall awareness of key technical and non-technical challenges, opportunities and developments.
• Facilitating a dialogue, cross-pollination of ideas, collaboration and coordination between diverse – and largely unconnected – communities.
• Identifying & discussing existing/emerging technologies, best practices and requirements for researcher identification.

This report provides background information on key identification-related concepts & projects, describes workshop proceedings and summarizes key workshop findings

Secure data sharing and processing in heterogeneous clouds

The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

Enabling the Autonomic Management of Federated Identity Providers

The autonomic management of federated authorization infrastructures (federations) is seen as a means for improving the monitoring and use of a service provider’s resources. However, federations are comprised of independent management domains with varying scopes of control and data ownership. The focus of this paper is on the autonomic management of federated identity providers by service providers located in other domains, when the identity providers have been diagnosed as the source of abuse. In particular, we describe how an autonomic controller, external to the domain of the identity provider, exercises control over the issuing of privilege attributes. The paper presents a conceptual design and implementation of an effector for an identity provider that is capable of enabling cross-domain autonomic management. The implementation of an effector for a SimpleSAMLphp identity provider is evaluated by demonstrating how an autonomic controller, together with the effector, is capable of responding to malicious abuse

Grid infrastructures supporting paediatric endocrinology across Europe

Paediatric endocrinology is a highly specialised area of clinical medicine with many experts with specific knowledge distributed over a wide geographical area. The European Society for Paediatric Endocrinology (ESPE) is an example of such a body of experts that require regular collaboration and sharing of data and knowledge. This paper describes work, developed as a corollary to the VOTES project [1] and implementing similar architectures, to provide a data grid that allows information to be efficiently distributed between collaborating partners, and also allows wide-scale analyses to be run over the entire data-set, which necessarily involves crossing domain boundaries and negotiating data access between administrations that only trust each other to a limited degree

Identity management and e-learning standards for promoting the sharing of contents and services in higher education

In this paper, we present the status of identity management systems and e-learning standards across Europe, in order to promote the mobility and the sharing of contents and services in higher education institutions. With new requirements for authentication, authorization and identity management for Web applications, most higher education institutions implement several solutions to address these issues. At the first level, the adoption of directory Servers like LDAP, Active Directory and others, solve some problems of having multiple logins and passwords for authentication. The growing of Web applications like Learning management Systems, portals, Blogs, Wikis, and others, need a more effective way of identity management, providing security and accessibility. Web Single Sign-On (SSO) resolves some of these issues of identity management, because the authentication is managed centrally and the user can navigate through different Web applications using the same session. One example of a Web SSO system is the Central Authentication Systems (CAS). SSO systems provide an effective way to manage authentication and authorization inside institutions, but are restricted to the administrative domain of each institution. With the implementation of Bologna Process more students, lecturers and staff will be on mobility programs within European higher education institutions. The creation of identity management federations is mandatory to provide the mobility of users and to permit the exchange of contents and services between institutions. The creation of identities federations across Europe is been in discussion by TERENA (Trans-European Research and Education Networking Association) to provide a service federation like the EDUROAM WI-FI network that permits the mobility across Europe. This paper reports on some of the issues highlighted in the light of recent developments. To share contents and services within Europe, the adoption of standards is mandatory. IEEE LTSC (Learning Technology Standards Committee), IMS (IMS Global Learning, Inc) and ADL (Advanced Distributed Learning) are standards organizations that publish a set of standards to promote the interoperability, reusability and integration of e-learning contents and services. The most important standards that promote the sharing of contents and services across Europe are Sharable Content Object Reference Model (SCORM), IMS Digital Repositories Interoperability and IMS Learning Design. This paper presents the main features of e-learning standards and how it can be used in conjunction with identity management systems to create collaborative learning objects repositories to promote a more effective learning experience and a more competitive European space for higher education, with respect to the requirements of knowledge based societies