Download as PDF
Article
In this article, issues related to correlating account IDs derived from attributes across collaborating systems are discussed. A technical solution is described that service providers (SPs) belonging to the same project can adopt for safely correlating attribute-derived data such as account IDs.
Blog Article
I sat in on an interesting session at the CASC-HPCSIG meeting in Oxford last week, looking at different models for university-industry cooperation in high-performance computing. All considered that people, support and expertise are at least as important to a successful liaison as processors, so were slightly puzzled that publicity, bids and even informal discussions tend to focus almost entirely on size of hardware.
Article
The UK access management federation provides access to services for users based at participating institutions in the UK.
This case study is a brief summary of the process associated with registering a service with the UKAMF and the advantages (and disadvantages) of doing so.
Article
This is a little bit of a pre-case-study as the AARC project hasn't even started at the time of writing.
Nevertheless, many projects are starting up and attempt to solve or work around the types of problems that AARC aims to address - either by building on existing work, or by reinventing the wheel and "solving" the problem again.
Article
The GEANT project has published a report of its Enabling Users task. This worked with a number of international e-science communities to help them implement federated access management solutions using the eduGAIN interfederation service. The projects described are:
Article
Recently I have been trying to review the options for mapping UK-Federation identities to X509 Proxy certificates. This has been motivated by the observation that many of our potential users have UK-Federation identities but the ability to delegate proxy certificates make them a very useful technogy for building portals and other tools.
Article
Security standards
Article
Papers examining the access management requirements for European e-infrastructures:
Article
When working with AAI, it is sometimes useful to study how other projects have solved the same problems. Here is a list of projects that are doing work or have done relevant work and some core case studies from these.
EUDAT and Contrail
EUDAT is a FP7 project building a distributed "collaborative data infrastructure" (CDI in EUDAT-speak). EUDAT supports very diverse user communities which each have different ways of authenticating users and authorising them (and different models for authorisation).
The principal goals of access are:
Blog Article
Research, and particularly the on-line collaborative research referred to as e-science, creates a new challenge for federated access management systems. In teaching, the authoritative statement whether an individual is entitled to access an on-line resource comes from their home organisation: are they a member of that course? are they covered by that institutional licence? Thus it is natural to provide a source of authorisation attributes alongside, or even as part of, the home organisation's authentication systems.
Prev | Next