The EOSC-hub AAI enables seamless access to research data and services in EOSC in a secure and user-friendly way. To this end, the EOSC-hub project has built upon existing AAI services to provide a consistent, interoperable system with which researchers and resource providers can integrate.
Features
- Support for different authentications providers, including:
- institutions from national identity federations in eduGAIN
- social media (Google, Facebook, LinkedIn)
- other external authentication providers such as ORCID or community-operated identity providers
- Access to resources using different login credentials (e.g. institutional and social) via identity linking
- Access to multiple heterogeneous (web and non-web) services and resources using different technologies
- Non-web-browser based use cases include APIs and command line access (e.g. via SSH or OAuth2)
- Aggregation and harmonisation of authorisation information (e.g. groups and/or roles) from multiple sources
- Adoption of standards and open technologies, including SAML 2.0, OpenID Connect, OAuth 2.0 and X.509v3 to facilitate interoperability and integration with the existing AAIs of e-Infrastructures and research communities
- Adoption of policies compliant with global frameworks (e.g. REFEDS Research and Scholarship entity category and Sirtfi) in order to:
- support services in receiving and processing consistent user attributes in compliance with the minimal disclosure principle
- ensure good practices in operational security
- enable the coordination of incident response across federated organisations
- Support for different authentications providers, including institutions from national identity federations in eduGAIN, social media or other external authentication providers such as ORCID or community-operated identity providers
- Access to multiple heterogeneous (web and non-web) services and resources using different technologies
- Non-web-browser based use cases include APIs and command line access (e.g. via SSH or OAuth2)
- Access to resources using different login credentials (institutional/social) via identity linking
- Expressing the level of trust in the user identity assertions using standard mechanisms frameworks such as the REFEDS Assurance FrameworkAggregation and harmonisation of authorisation information (groups, roles) from multiple sources using different protocols
High-level service architecture
...