Our Authentication and Authorisation infrastructure
What is the problem?
Researchers need to access and share resources in order to collaborate. Thanks to eduGAIN, the global network of academic identity federations, individual researchers can use their institutional credentials to access thousands of resources available to their own organisations. However, members of research collaborations need to manage, access and share resources based on their roles within these collaborations. So research collaborations need their own authentication and authorisation infrastructure (AAI) to allow their members to use a single digital identity for seamlessly accessing the resources they need.
And this is where the OpenAIRE AAI service comes in.
What is OpenAIRE AAI and how does it help users in practice?
Building on the AARC Blueprint Architecture and Interoperability Guidelines, the OpenAIRE AAI enables researchers to securely access and share common resources and services using institutional identities from eduGAIN. For users coming from the industry or citizen scientists who may not have access to eduGAIN, the OpenAIRE AAI supports additional trusted authentication providers, such as social networks, community identity providers and other platforms such as ORCID that can provide federated user identities. The OpenAIRE AAI allows connecting services using popular protocols, such as OpenID Connect, OAuth 2.0 and SAML, to securely authenticate and identify their users, organise them in groups, assign them roles and centrally manage access rights for accessing protected resources. Compliance with the REFEDS Research and Scholarship entity category, the GÉANT Data Protection Code of Conduct and the Sirtfi security framework, ensure safe identity attribute release, as well as operational security, incident response, and traceability.
OpenAIRE AAI and EOSC
The OpenAIRE AAI needs to support horizontal access across different research and e-infrastructures in the European Open Science Cloud (EOSC). So, the challenge is finding the way to integrate AAI services across different infrastructures and provide research communities with the support they need to securely share data and resources. How to do it?
The OpenAIRE AAI has already been connected to the EOSC Portal AAI which is the Infrastructure Proxy service for the EOSC Core (EOSC Core Infrastructure Proxy).
This integration enables users to access EOSC Core services using their OpenAIRE AAI managed digital identity.
We are also working on connecting the OpenAIRE AAI with the AAI services of the communities, research and e-infrastructure service providers participating in EOSC. The connection will be established through the EOSC AAI Federation that will be delivered by the EOSC Future project in order to enable support for multilateral federations and alleviate the need for establishing bilateral trust relationships. Members of the EOSC AAI Federation will include organisations providing services to EOSC; organisations operating Proxies that aggregate other service providers (Infrastructure Proxies) or enrich identities (Community AAIs); and providers of authentication Identities whose identities are used by EOSC services or Infrastructure Proxies.
The OpenAIRE AAI will join the EOSC AAI federation as both an Infrastructure Proxy and a Community AAI. This is key to allowing researchers from other Research Communities to access services in the OpenAIRE portfolio and, at the same time, allowing OpenAIRE users to access EOSC services & resources, either directly or via an Infrastructure Proxy.
The service has been developed and is provided by GRNET - the Greek NREN.