Presentation
ICEI: Fenix AAI services
SessionProject Poster Session
Event Type
Project Poster
Pre-Recorded
TimeTuesday, June 23rd4:16pm - 4:18pm
LocationAnalog 2
DescriptionThe ICEI (Interactive Computing e-infrastructure for the Human Brain Project) project is funded by the EC under the Framework Partnership Agreement of the Human Brain Project. Five leading European Supercomputing Centres (BSC, CEA, CINECA, CSCS and JSC) committed to perform a coordinated procurement of equipment, licences for software and R&D services to realize elements of the Fenix e-infrastructure.
The Fenix e-infrastructure will deliver federated compute and data services to European researchers by aggregating capacity from multiple resource providers and enabling access from existing community platforms. To achieve these goals, the federation needs to rely on a robust and reliable Authentication and Authorization Infrastructure (AAI), a trustworthy environment where users can be managed and granted to access resources securely and as seamlessly as possible.
The Fenix AAI provides access to infrastructure services (like e.g. storage), while platform services or community platforms retain their own authentication and authorization mechanisms. This is achieved by the creation of a central proxy (authentication requests) and an attribute provider (authorization records): the central component remains as lean as possible to provide high operational performance and infrastructure security is improved by decoupling highly critical functions from less critical ones.
The proposed AAI is designed to support different levels of assurance according to the origin of the federated identity provider and to guarantee interoperability and sustainability by leveraging on standard authentication protocols, such as OpenID Connect or SAML v2.0. The AAI is organised such that integration of new HPC centres into the Fenix e-infrastructure is possible.
The Fenix e-infrastructure will deliver federated compute and data services to European researchers by aggregating capacity from multiple resource providers and enabling access from existing community platforms. To achieve these goals, the federation needs to rely on a robust and reliable Authentication and Authorization Infrastructure (AAI), a trustworthy environment where users can be managed and granted to access resources securely and as seamlessly as possible.
The Fenix AAI provides access to infrastructure services (like e.g. storage), while platform services or community platforms retain their own authentication and authorization mechanisms. This is achieved by the creation of a central proxy (authentication requests) and an attribute provider (authorization records): the central component remains as lean as possible to provide high operational performance and infrastructure security is improved by decoupling highly critical functions from less critical ones.
The proposed AAI is designed to support different levels of assurance according to the origin of the federated identity provider and to guarantee interoperability and sustainability by leveraging on standard authentication protocols, such as OpenID Connect or SAML v2.0. The AAI is organised such that integration of new HPC centres into the Fenix e-infrastructure is possible.
Poster PDF