EGI was one of the major contributors of the AARC project, the EU-funded initiative that answered the increasing need among research collaborations and e-infrastructures for authentication and authorisation mechanisms and for federated access to their online services. After 4 years, the project has come to an end but its main outputs are already having a positive impact on the research community, and some AARC-based solutions have been adopted by EGI, EUDAT, GEANT and the EOSC.
AARC Blueprint Architecture (BPA) is a reference architecture that provides “building blocks” for an AAI that supports federated access. Research and e-infrastructures adopting the BPA can take advantage of the identity federations and eduGAIN and enable federated access to resources in a way that was not possible before.
The new version of the BPA focuses on allowing the AAIs of different research and e-infrastructures to inter-operate. This functionality is needed by research communities requiring access to resources that are offered by other infrastructure providers. The new BPA promotes a “community-first” approach, introducing the Community AAI. This element streamlines how researchers can access services/resources via their Community AAI using their institutional credentials from the National Identity Federations in eduGAIN, but also from other sources as needed/allowed by the community, such as social media or other community-managed identity providers.
The new version of the AARC BPA focuses on the cross-AAI interoperability aspects and provides a broader view for addressing an increasing number of use cases from research communities requiring access to federated resources offered by different infrastructure providers.
The BPA is proving to be a success and it has been adopted by EGI, EUDAT and GEANT, and provides a cornerstone AAI in the European Open Science Cloud. Also, several research infrastructures are adopting BPA-based solutions, including DARIAH, the pan-European infrastructure for arts and humanities scholars working with computational tools.
The challenge for DARIAH was to make their AAI interoperable with other e-Infrastructure services to allow, for example, a DARIAH researcher to access the Cloud Compute service offered by the EGI Federation without a new set of log in details and with the necessary authorization attributes managed by DARIAH. The BPA provided a set of software building blocks that allowed DARIAH to connect Identity Providers (IdPs) and Service Providers (SPs) through a centralized proxy.
AARC also provided guidelines for interoperability between multiple infrastructures, in this case the community AAI of DARIAH and the e-Infrastructure of EGI.
Find out more and #StartWithAARC: bit.ly/startwithaarc
The AARC Blueprint Architecture, Policy Development Kit (a toolbox of information, template documents, training materials and guidelines) and ‘AARC in Action’ collection of case studies give a head start to anyone who is seeking an Authentication and Authorisation Infrastructure (AAI) solution for their research collaboration.