21-25 March 2022
Academia Sinica
Europe/Zurich timezone

Exploring trust for Communities

Mar 22, 2022, 11:00 AM
Room 1

Room 1

Oral Presentation Track 7: Network, Security, Infrastructure & Operations Network, Security, Infrastructure & Operations


Maarten Kremers (SURF)


Exploring trust for Communities

Building trust for research and collaboration

When exploring the (sometimes) intimidating world of Federated Identity, research communities can reap considerable benefit from using common best practices and adopting interoperable ways of working. EnCo, the Enabling Communities task of the GEANT 4-3 Trust and Identity Work Package, provides the link between those seeking to deploy Federated Identity Management and the significant body of knowledge accumulated within the wider community. Individuals from EnCo aim to ensure that outputs from projects (e.g. AARC) and groups (e.g. WISE, FIM4R, IGTF, REFEDS) are well known, available and kept up to date as technology changes. Since many of these groups are non-funded, it’s vital for their survival that projects such as GN4-3 sponsor individuals to drive progress and maintain momentum. The ultimate aim is to enhance trust between identity providers and research communities/infrastructure, to enable researchers’ safe and secure access to resources.

Although this activity has been ongoing for some years, 2022 is a highly appropriate time to expose the value that EnCo has brought to our community. The GN4-3 project is reaching a close and EOSC is being built. Ensuring that shared knowledge is maintained and updated in the future will be essential for interoperability, trust and security.

The Federated Identity Management for Research (FIM4R) community is a forum where Research Communities meet to establish common requirements, combining their voices to send a strong message to FIM stakeholders. For example, in 2020 people from EnCo were among those who led efforts to produce a position paper on the EOSC identity management strategy from the perspective of research communities.

The WISE community promotes best practice in information security for IT infrastructures for research. EnCo has been and is leading several activities within WISE. This includes the Security for Collaborating Infrastructures working group, which has produced a guidance document to encourage self-assessment against the SCI Trust Framework and is working towards updating the AARC Policy Development Kit (PDK). Also, since information security processes need periodic exercise, the community organises challenges for communications response and mitigation of incidents affecting collaborative communities, and at times even deep forensics - all to make sure communities are prepared, and the various tests complement each other.

REFEDS is the voice that articulates the mutual needs of research and education identity federations worldwide. EnCo has been leading and participating in several activities on both assurance (the REFEDS Assurance Suite) and security to increase the level of trust in federations. Trust in community AARC proxy services is also promoted with the IGTF guidance on secure attribute authority operations and exchanging assurance for the infrastructures.

Our target audience are the communities and the infrastructures providing their services.

Aims of the presentation:
- The audience will learn about essential trust, policies and guidance
- Raise awareness of the availability of common resources, including those owned by WISE, FIM4R, REFEDS, IGTF
- Promote participation in these bodies and groups
- Share news of progress, e.g. assessment of SCI, Sirtfi
- Inform about future activities, e.g. moving to OAuth2.0 and away from X.509 and SAML

Primary authors

David Groep (Nikhef) David Kelsey (STFC-RAL) Hannah Short (CERN) Maarten Kremers (SURF) Mr Ian Neilson Jule A. Ziegler (Leibniz Supercomputing Centre)

Presentation materials