Federated Identity Management for Research Collaborations

This white-paper expresses common requirements of Research Communities seeking to leverage Identity Federation for Authentication and Authorisation. Recommendations are made to Stakeholders to guide the future evolution of Federated Identity Management in a direction that better satisfies research use cases. The authors represent research communities, Research Services, Infrastructures, Identity Federations and Interfederations, with a joint motivation to ease collaboration for distributed researchers. The content has been edited collaboratively by the Federated Identity Management for Research (FIM4R) Community, with input sought at conferences and meetings in Europe, Asia and North America

Common ELIXIR Service for Researcher Authentication and Authorisation

Linden M, Prochazka M, Lappalainen I, et al. Common ELIXIR Service for Researcher Authentication and Authorisation. F1000Research. 2018;7: 1199.A common Authentication and Authorisation Infrastructure (AAI) that would allow single sign-on to services has been identified as a key enabler for European bioinformatics. ELIXIR AAI is an ELIXIR service portfolio for authenticating researchers to ELIXIR services and assisting these services on user privileges during research usage. It relieves the scientific service providers from managing the user identities and authorisation themselves, enables the researcher to have a single set of credentials to all ELIXIR services and supports meeting the requirements imposed by the data protection laws. ELIXIR AAI was launched in late 2016 and is part of the ELIXIR Compute platform portfolio. By the end of 2017 the number of users reached 1000, while the number of relying scientific services was 36. This paper presents the requirements and design of the ELIXIR AAI and the policies related to its use, and how it can be used for serving some example services, such as document management, social media, data discovery, human data access, cloud compute and training services

GOTRIPLE:a user-centric process to develop a discovery platform

Social sciences and humanities (SSH) research is divided across a wide array of disciplines, sub-disciplines and languages. While this specialization makes it possible to investigate the extensive variety of SSH topics, it also leads to a fragmentation that prevents SSH research from reaching its full potential. The TRIPLE project brings answers to these issues by developing an innovative discovery platform for SSH data, researchers’ projects and profiles. Having started in October 2019, the project has already three main achievements that are presented in this paper: (1) the definition of main features of the GOTRIPLE platform; (2) its interoperability; (3) its multilingual, multicultural and interdisciplinary vocation. These results have been achieved thanks to different methodologies such as a co-design process, market analysis and benchmarking, monitoring and co-building. These preliminary results highlight the need for respecting diversity of practices and communities through coordination and harmonization

Authentication and Identity Management for the EPOS Project

The increase in the number of online services emphasizes the value of authentication and identity management that we, even without realizing, depend on. In EPOS this authentication and identity management are also crucial, by dealing and being responsible for large amounts of heterogeneous data in multiple formats and from various providers, that can be public or private. Controlling and identify the access to this data is the key. For this purpose, it is necessary to create a system capable of authenticating, authorizing, and account the usage of these services. While services in a development phase can have authentication and authorization modules directly implemented in them, this is not an option for legacy services that cannot be modified. This thesis regards the issue of providing secure and interoperable authentication and authorization framework, associated with correct identity management and an accounting module, stating the difficulties faced and how to be addressed. These issues are approached by implementing the proposed methods in one of the GNSS Data and Products TCS services, that will serve as a study case. While authentication mechanisms have improved constantly over the years, with the addition of multiple authentication factors, there is still not a clear and defined way of how authentication should be done. New security threats are always showing up, and authentication systems need to adapt and improve while maintaining a balance between security and usability. Our goal is, therefore, to propose a system that can provide a good user experience allied to security, which can be used in the TCS services or other web services facing similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS, devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser diretamente implementados e é possível existir uma adaptação do software aos mesmos. No entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também em outros serviços web que enfrentem problemas semelhantes

Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions

AARC: First draft of the Blueprint Architecture for Authentication and Authorisation Infrastructures

AARC (Authentication and Authorisation for Research Communities) is a two-year EC-funded project to develop and pilot an integrated cross-discipline authentication and authorisation framework, building on existing authentication and authorisation infrastructures (AAIs) and production federated infrastructure. AARC also champions federated access and offers tailored training to complement the actions needed to test AARC results and to promote AARC outcomes. This article describes a high-level blueprint architectures for interoperable AAIs

Towards Interoperable Research Infrastructures for Environmental and Earth Sciences

This open access book summarises the latest developments on data management in the EU H2020 ENVRIplus project, which brought together more than 20 environmental and Earth science research infrastructures into a single community. It provides readers with a systematic overview of the common challenges faced by research infrastructures and how a ‘reference model guided’ engineering approach can be used to achieve greater interoperability among such infrastructures in the environmental and earth sciences. The 20 contributions in this book are structured in 5 parts on the design, development, deployment, operation and use of research infrastructures. Part one provides an overview of the state of the art of research infrastructure and relevant e-Infrastructure technologies, part two discusses the reference model guided engineering approach, the third part presents the software and tools developed for common data management challenges, the fourth part demonstrates the software via several use cases, and the last part discusses the sustainability and future directions

Landscaping Country Report Portugal

This landscape analysis report aims to provide an overview of the policies, practices, roadmaps, and strategies around funding, procuring, providing, accessing, and sharing of services and resources in the EOSC scope in Portugal.info:eu-repo/semantics/publishedVersio