Implementing AAI into existing cross-infrastructure user communities with cloud service offerings: the Instruct use case.
Friday, September 30, 2016 - 09:00
Callum Smith – Instruct, European Research Infrastructure for Structural Biology, University of Oxford, Wellcome Trust Centre for Human Genetics, Roosevelt Drive, Oxford OX3 7BN, United Kingdom.
Callum has worked with Instruct to design and develop both the ARIA system and the associated AAI infrastructure that is hosted by Instruct.
Key Words: AAI, research infrastructure, structural biology, eduGAIN, cross-platform solutions
Instruct is the European infrastructure for structural biology which offers access to facilities and platforms across Europe. The business of access provision is, on the surface, very simple. However, the actual administration and support for users is very complex and time consuming. Instruct developed an online service (ARIA) to manage access as an end-to-end solution that was designed to support any number of infrastructures and access offerings as a hosted cloud service. ARIA is now in use by multiple infrastructures and facilities, many of which have their own identity services. Future plans include the integration of the ARIA AAI with other AAI sources to provide a consistent cross-AAI authentication which will improve user experience and allow data interoperability.
- Initial design of AAI and focus on user-choice:
When first approaching the challenge of AAI within ARIA we found a number of available solutions and options, along with a number of AAI initiatives. The ARIA AAI requirement was steadily built over 12 months after discussions with representatives of Umbrella and the UK federation, particularly relating to the existing technology and identity provision. Common problems were identified across several AAI infrastructure designs such as how to manage homeless users and provide for the special requirements of industrial users. It was decided that the level of assurance, at the time, was not something that could be centrally provisioned but should be defined at the service-level.
The approach that Instruct took involved a user choice-driven design where users can choose their preferred AAI from the presented alternatives or register locally with an identity provider.
- Problems faced when introducing users to AAI solutions (user interface and user engagement):
Many users faced with the tasks of migrating to a new authentication framework and given an opportunity to connect external identity services to an internal ARIA account had difficulties navigating the procedures that were established to do this. A communication campaign to the user community warning of the upcoming migration and detailing the steps that would need to be taken for migration eventually achieved a satisfactory transition. The user interface was designed around existing principles that were in use at the Paul Scherrer Institute (PSI).
- Improvements to usability and interface based on user feedback:
Based on user feedback, the workflow and interface for AAI was enhanced to ensure that all users would understand the processes of standard authentication and federated access. Help guidelines were produced to direct users to support resources.
- Exploring a virtual single sign-across for all research infrastructures:
Instruct is working together with other service and identity providers to harmonise authentication systems across different infrastructures (each with different levels of maturity of AAI), the aim being to enable researchers to access facilities and services provided by a broad choice of institutions in Europe. This would also enhance data interoperability and will be done in collaboration with EGI, EUDAT, GÉANT, ELIXIR, CORBEL and AARC.