2014 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Attribute and Group Management in the AAI Environment

Time 10/29/14 02:15PM-03:00PM

Room White River Ballroom G-H-I

Session Abstract


It is widely acknowledged that federated access is a key aspect of supporting collaboration for large-scale research initiatives, whilst providing mechanisms to guarantee users’ privacy and security. On the other hand there is consensus that the existing authorisation model does not reflect the collaborative nature of the research and education community: not only the Identity Providers should provide attributes and group information, but also by the collaborative projects. While accounting in homogeneous environments (such as single applications, specific infrastructures, etc.) is rather common, this is not the case for highly distributed and heterogeneous infrastructures.
Within the European GN3plus project [1] one of the joint research tasks
(JRA3-T1) [2][3] is exploring this field of attributes and groups for AAI in this heterogeneous environment.

The task focuses on two topics. A) The exchange of group information: Traditionally, a group administrator must create and maintain a group for each service, which is cumbersome and error-prone. To ease the usage and to simplify maintenance, the use of an external group provider is a possible solution. In this way a group can be maintained in one place. This task continues the work on the VOOT protocol, a protocol for exchanging external group information. This task started restructuring the protocol to be a profile of SCIM.

B) New e-research use cases have emerged that require a different approach to attributes. Currently, attributes are provided by the users’ Identity Providers. However, this approach does not scale very well. A better approach would be to enable third parties (i.e., collaboration projects) to provide specific attributes about the users in the context of the collaboration. Work started amongst other in using Grouper in a cross organisational context as well creating an overview of current attribute authority solutions.

In this presentation we will give an overview of the results, use cases and outcomes from this task, which runs from April 2013 to March 2015.



[2] http://www.geant.net/Innovation/Research_Programmes/Pages/Identity_and_Trust_Technologies_for_G%C3%89ANT_Services.aspx

https://wiki.terena.org/display/gn3pjra3/GN3plus+JRA3+Information+-+Identity+and+Trust+technologies - Under construction

*Author & Affiliation*

Name: Maarten Kremers
Email: Maarten.Kremers@surfnet.nl
Affiliation: Technical Product Manager, SURFnet / Tasklead JRA3 T1, GN3plus


Speaker Maarten Kremers Surfnet BV

Presentation Media

Primary track Trust and Identity

Secondary tracks CAMP 201

platinum Sponsors

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors