Helmholtz-AAI in 5 min
Sander Apweiler, Marcus Hardt, Uwe Jandt, Andreas Klotz
March 2021
Goals
- Seamless access to cloud services
- Helmholtz: Services for users at Helmholtz Centres and Partners
- Be very general => Don’t be limited by specific organisational structure
- Compatible with the European Open Science Cloud (EOSC)
- Users can access many federated services
- With their one account of their home Organisation
- Support services beyond the browser
- Delegation (Computing Jobs)
- REST APIs
- Shell access
Helmholtz-AAI Key Features
Basics
- EOSC compatible
- AARC Blueprint Architectures (BPA)
- AARC Policy Development Kit (PDK)
- Users supported via
- DFN-AAI / eduGAIN
- Social: ORCID + Github + Google
- Homeless Users: Can easily be supported
- Works in Production today
- Ready to include more services
- Ready to include more Communities
Authorisation
- Support for multiple means of authorisation (central and de central)
- Group Membership (aka “Virtual Organisations”)
- => Managed by Scientists themselves
- Entitlements from Home-Organisation
- => Managed by Administration
- Levels of Assurance: REFEDS Assurance Framework
- Passport seen, Work-Contract available
- Uniqueness of the identifier
- Freshness of attributes
- Membership in Home-Organisation
Service Integration
- Multi Protocol:
- Identities: SAML, OpenID Connect, X.509
- Services: OpenID Connect, SAML
- Examples for integrated services
- Helmholtz Federated IT services (HIFIS, https://www.hifis.net)
- Drives development, documentation and service integration
- Free of charge