CORBEL work package 5 has specified the Life Science AAI, a common service for authenticating researchers and helping the Life Science services to manage their access rights. The Life Science AAI relieves the relying services of managing the researchers’ user accounts and reduces the number of login credentials researchers need in their work. During the winter, the Life Science AAI has been deployed for a pilot in the e-infrastructure coordinated AARC2 project. The webinar will present the Life Science AAI, the pilot and the future plans.
CORBEL (http://www.corbel-project.eu) is an initiative of eleven new biological and medical research infrastructures (BMS RIs), which together will create a platform for harmonised user access to biological and medical technologies, biological samples and data services required by cutting-edge biomedical research. CORBEL will boost the efficiency, productivity and impact of European biomedical research.
This webinar took place on 17th April 2018. It is best viewed in full screen mode using Google Chrome. Recording of the webinar is available through the CORBEL website.
http://www.corbel-project.eu/webinars/single-sign-on-for-life-science-services.html
For upcoming CORBEL webinars see:
http://www.corbel-project.eu/webinars
Decoding Patterns: Customer Churn Prediction Data Analysis Project
CORBEL Single sign-on webinar slides
1. Single sign-on for Life Science services
Presenters: Dr. Mikael Linden (ELIXIR Finland), Kostas Koumantaros (GRNET)
Host:Vera Matser (EMBL-EBI)
http://www.corbel-project.eu/webinars
26/04/2018footer 1
CORBEL Webinar Series
4. BACKGROUND
4
Since 2015, thirteen ESFRI Research Infrastructures from the field
of BioMedical Science (BMS RI) joined their scientific capabilities
and services to transform the understanding of biological
mechanisms and accelerate its translation into medical care.
• biobanking & biomolecular
resources
• curated databases
• marine model organisms
• systems biology
• translational research
• functional genomics
• screening & medicinal
chemistry
• microorganisms
• clinical trials
• structural biology
• biological/medical imaging• plant phenotyping
• highly pathogenic
microorganisms
5. CORBEL MISSION
5
Modern biological and biomedical research involves complex
projects and a variety of different technologies.
Some of the most important discoveries are made at the
interface between different disciplines.
CORBEL will harmonise access and services for complex
research projects involving more than one RI that offer:
• biological and medical technologies
• biological samples and
• data services
6. TODAY’S PRESENTERS
26/04/2018footer 6
Dr. Mikael Linden coordinates the Life
Science AAI (authentication and authorization
infrastructure) specification work and is the
editor of the requirements specification for
the Life Science AAI. He works for the Finnish
ELIXIR node and leads the AAI task in ELIXIR.
He holds a doctoral degree in information
security fromTampere University of
Technology.
7. TODAY’S PRESENTERS
26/04/2018footer 7
Kostas Koumantaros, Msc, is a Project Manager and Software
Engineer on GRID and CloudTechnologies at GRNET SA.
From April 2004 tillApril 2010 he was acting as the Regional
Operations Centre technical manager for South-East-Europe
(Greece, Cyprus, Israel, Romania, Bulgaria) for the series EC
project EGEE-1,2,3 (Enabling Grids for e-Science in Europe).
SinceApril 2010 he is acting as the NGI Manager for
NGI_GRNET. Kostas is currently coordinating the Joint effort by
GEANT, EGI and EUDAT to provide an AAI solution for the
LifeScience Community
.
8. OUTLINE
26/04/2018footer 8
• Federated Identity/Access management (or ”AAI”)
• Why Life Science RI collaboration onAAI
• History and future of Life Science AAI
• Some technical features of Life Science AAI
• Demo LifeScienceID
9. 1.
2.
3.
4.
Identity and Access management
Bob
Smith
Resource
(e.g. dataset)
3. Username
Password
Authentication
(verification of identity)
Resource
owner
(e.g. Data
Access
Committee)Authorisation
Audit/report
Auditor
4. Who has
permission?
1. Bob is issued
an identity
Identity
Name: Bob Smith
username: bobr
11. Example: ELIXIR AAI
(authentication and authorisation infrastructure)
ELIXIR AAI
External authentication
(e-infrastructures)
Relying services
eduGAIN IdPs Common IdPs
ELIXIR Proxy IdP
ELIXIR
Directory
Bona fide management
Dataset authorisation
management (REMS)
Group/role mgmt (PERUN)
Credential
translation
EGA eLearning
Cloud Intranet
wiki
Data archive
… …
Attribute self-management
Step-up
AuthN
12. Why Life Science RI collaboration on AAI
• Researchers using services from several LS RIs
• Less identities and usernames
• Single-sign on to services
• Many LS RIs have similar needs
• Developing and operating AAI is expensive
• More features with less costs when done centrally
• Finding a sustainable model
• Collaboration with e-infrastructures
• AAI is not a core competence for research infrastructures
12
13. History of AAI collaboration in Life Science
• 5/2016 AARC/CORBELWP5 workshop for BMS AAI developers
• Autumn 2016: Collect use cases for Life Science AAI
• Spring 2017: Develop requirements specification for LS AAI
• goo.gl/zvTQmB
• 5/2017 AARC2 starts (BBMRI, ELIXIR, Infrafrontier, INSTRUCT)
• Pilot on Life ScienceAAI included
• 11/2017 LS AAI Pilot with e-infrastructures starts
• Based on EGI, EUDAT and GEANT proposal
• 1/2018 First phase of LS AAI Pilot ends
13
14. LS AAI in EOSC-Life project proposal
• Deploying LS AAI into production part of EOSC-LifeWP5
• Based on the AARC2 pilot
• Finding a sustainable model
• Partnering with e-infrastructures for LS AAI operations
• Service ownership in LS community
• Service operations in e-infrastructures
14
15. Some technical features of LS AAI
• External authentication
• Researcher’s Home Organisation
• Commercial (Google, Linkedin)
• Hostel IdP as the last resort
• Multi-factor authentication
• Technical interfaces for
relying services
• SAML2 and OpenIDConnect
• X.509 credential translation
• Provisioning/deprovisioning
• User attributes/authorisation
• Home Organisation affiliation(s)
• Home research infrastructure(s)
• Researcher qualifications
(bona fide researcher)
• Dataset permissions
• Group memberships
• Active role selection
Requirements specification:
goo.gl/zvTQmB
15