ei4africa workshop- University of Lagos
Identity Federation For Authenticating and Authorizing
ResearchersCletus OkolieNOC Manager
Eko-Konnect Research and Education Initiative
19/03/2014
ei4africa workshop- University of Lagos
Outline
• What are e-Infrastructures?• What are Science Gateways• Federated Services – Terms and Principles• NgREN Catch-All Identity Provider
Demonstration
19/03/2014
ei4africa workshop- University of Lagos
e-Infrastructures• It can be defined as networked tools, data and resources that support a
community of researchers, broadly including all those who participate in and benefit from research
• ICT elements that support e-Science
• e-Science - novel, large-scale inter-disciplinary global collaborations between scientists and researchers across many different areas.
• ICT Elements – high-speed research communication networks– powerful computational resources (dedicated high performance computers, clusters,
large numbers of commodity PCs)– grid and cloud technologies, data infrastructures (data sources, scientific literature), – sensors, web-based portals, scientific gateways and mobile devices.
• When integrated together = e-Infrastructures
19/03/2014
ei4africa workshop- University of Lagos
A potential user of an e-infrastructure needs ….
• A more powerful computer to run an application• A great number of these computers to deliver results faster• Access to specialized High Performance Computing facilities• Access to large data sources• Access to software not available• To collaborate with other scientists across the world• Access to scientific literature resources• To connect to specialized instrumentation for analysis• To connect to sensors for data collection• Access to these facilities via a web-based portal or mobile
device19/03/2014
ei4africa workshop- University of Lagos
Federated Identity Services, Certification Authorities & Science Gateways
Principles and Terminology
19/03/2014
ei4africa workshop- University of Lagos
Identity Federations
• An identity federation is a group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable access via authentication
• IdF – Identity Federation– SP – Service Providers– IdP – Identity Providers– Discovery Service– Policies
19/03/2014
ei4africa workshop- University of Lagos
Public Key Infrastructure - PKI
• Certification Authority - CA• Registration Authority - RA• Validation Authority - VA• X.509 Certificates
19/03/2014
ei4africa workshop- University of Lagos
PKI
• A user applies for a certificate with his public key at a Registration Authority (RA)
• User identity is confirmed and certificate is issued• The user digitally signs the new certificate• The Validation authority checks the identity of
the issued certificate• Implemented in softwareCA =
https://ngca.eko-konnect.net.ng/CAVA = https://ngca.eko-konnect.net.ng/CA/mgt/scert.php
19/03/2014
ei4africa workshop- University of Lagos
CA
19/03/2014
ei4africa workshop- University of Lagos
Identity Federations (IdFs)
• There is only one CA and IdF per county except in some countries like US
• There can be several RAs and VAs• But with good authentication systems in place
each institution can have an IdP• Currently a “Catch-All” IdP for the NgREN is run
and maintained by Eko-konnect• These can be used by institutions without any
functional authentication system19/03/2014
ei4africa workshop- University of Lagos
Science Gateway
09/11/2013
Virtual community connecting geographically separated researchers with web based
interfaces to help them to share data, run remote computers and access applications and information in order to design, carry out studies
and interpret research results.
ei4africa workshop- University of Lagos
Problems with access to e-infrastructure
• PKI and Personal CAs• Federated credentials
19/03/2014
ei4africa workshop- University of Lagos
Components of an Identity Federations
19/03/20134
ei4africa workshop- University of Lagos
Service Provide (SP)
• Is a term used to describe anyone who has a service, resource or set of content that they want to make available to users via a login.
• The login is used to limit access to services• SP do not hold information about user• It relies on IdP to get user information• Example is the Africa Grid Science Gateway
and the EduERP portal
19/03/2014
ei4africa workshop- University of Lagos
Identity Providers (IdPs)
• An Identity Provider or 'IdP' is a term used to describe any institution or organisation that manages information about users and wants to provide access to resources for these users.
• There are currently thousands of Identity Providers worldwide supporting over 16 million users
• There is an IdP maintained and managed in Nigeria and is accessible on https://ngidp.eko-konnect.net.ng
19/03/2014
ei4africa workshop- University of Lagos
Identity Federation (IdF)
• An identity federation is a group of institutions and organisations that sign up to an agreed set of policies for exchanging information about users and resources to enable access and use of the resources
19/03/2014
ei4africa workshop- University of Lagos
Authentication vs Authorization
• Authentication establishes the user’s identity, done by identity provider– To get authenticated by an IdP people have to be enrolled on it
and registered, upon proper identification, on the registry connected to the IdP
• Authorization defines the user’s permission within the application– The fact that you are the one you claim to be (i.e., you are
authenticated by an IdP) does not imply, by portal policy, that you are automatically authorised to access and use the Africa Grid Science Gateway. To do so people have to fill the authorisation request form.
19/03/2014
ei4africa workshop- University of Lagos
Accessing the TRODAN Data withNgREN Catch-All Identity Provider
Demonstrationhttp://ngidp.eko-konnect.net.ng
19/03/2014
ei4africa workshop- University of Lagos
Accessing the TRODAN Data
• Register a user account on the NgREN IdP• Connect to sgw.africa-grid.org and be
redirected to register with an IdP in your region.
• Applications- Earth SciencesTRODAN Data Repository
19/03/2014
ei4africa workshop- University of Lagos
DEMO
19/03/2014
ei4africa workshop- University of Lagos
Thank you for listening
Questions?
19/03/2014