The aim of this course is to provide a general introduction to the EOSC Authentication and Authorization Infrastructure (AAI), explaining its purpose, architectural structure, the implied underlying protocols, the role of Nodes and their interconnection, and presenting the current stage of development and adoption.
Course summary
The course targets primarily the node AAI operators and architects, in need of plugging their nodes’ AAI infrastructure to the EOSC AAI to effectively integrate their nodes in the EOSC Federation, belonging to the first, second and possibly subsequent new waves of enrolment of EOSC nodes.
It is also addressed to the grantees of the Gravity Preparatory and Interproject Calls as well as organisations and experts within the EOSC community who wish to learn more about and deepen their understanding of the EOSC AAI Infrastructure and implied processes, and the required steps to join the AAI federated capability of the EOSC Federation.
AAI is by far the first and most important Federating Capability enabling the actual deployment and implementation of the EOSC Federation.
Previous knowledge of the EOSC is strongly recommended, including participation in Course “Explaining the EOSC Federation” and Course “Applying the EOSC Federation Handbook“.
Prerequisites for this course include knowledge of the objectives, vision, and context of the EOSC; an understanding of the general structure of the EOSC in terms of services and capabilities; and mastery of key EOSC terms (e.g., core, exchange, resource).
By the end of this course, the learner will be able to:
- Understand the goals of the EOSC AAI infrastructure;
- Know what the underlying basic AAI protocols implied are, and how they are used by the EOSC AAI;
- Understand the basics and the structure of the MyAccessID service, which is the fundamental component, playing the central hub and spoke role at the core of the EOSC AAI;
- Understand that the supported AAI workflows are, and what is implied for EOSC Users and for EOSC Node AAI owners, managers and operators;
- Know what the minimal requirements are for your AAI infrastructure to be able to join the EOSC Federation;
- Understand practical steps are required to join the EOSC Federation AAI.
Contributors
Mario Reale
EOSC Association
Petr Lényi
MUNI CZ
Andy Gotz
EOSC Association
Christos Kanellopoulos
GÉANT
Presenters (for webinars)
Mario Reale
EOSC Association
Petr Lényi
MUNI CZ
Irina Sidorova
GÉANT
Petr Lényi
GÉANT
Modules of this course
Module 1: Introduction to the EOSC AAI
115 Minutes
This module introduces the EOSC AAI and the role it plays as Federating Capability 1 for the EOSC Federation. It introduces the general concepts behind it, the underlying protocols used to implement it, the basics of its architectural approach, the central role of the hub, introduce the concepts behind the community and infrastructure proxy. It will also cover the fundamentals of the AARC Blueprint architecture behind interoperability, will provide an overall basic introductory landscape on the AAI for R&E at the European level.
Module 2: The EOSC Core AAI and MyAccessID
160 Minutes
This module provides an overview of the whole EOSC AAI and the MyAccessID service, the related components, what are the key concepts behind the integration of the node AAI with MyAccessID, It will also cover are the motivations and goals behind the adoption of the EOSC AAI hub and spoke architecture, and its implications for node AAI managers and for individual users.
Module 3: Required AAI components at the EOSC nodes
40 Minutes
This module describes what is requested from the EOSC nodes, to enable their registration in the EOSC Federation by plugging their Node infrastructural proxy to the EOSC-AAI infrastructure. It will cover what specific minimal, mandatory functionality must be provided by each node, what endpoints will have to be provided, and will describe the exact checklist to be operationally followed to be able to register a node in the test and production infrastructures of the EOSC-AAI. It will also cover the mandatory OIDC/OAuth2 claims and scopes to be provided to be able to join and support the EOSC AAI, enabling the EOSC federation SSO process for users. It will describe the two main supported use case, also in terms of specific authentication and authorization flows.
Module 4: Tools components overview
70 Minutes
This module provides a basic overview of what are the main tools available to implement the Infrastructural proxies and to apply the necessary configurations, for nodes to be able to be part of the EOSC-AAI. The main available tools will be described, and the sources of documentation and guides will be reported. All references to basic documentation will also be provided.
Course length
This course combines an online session (Webinar format) of approximately 90 minutes with self-paced study, exploring the available training materials with an estimated full duration of 270 minutes
Audience
- Technical IT specialists managing AAI components
- EOSC nodes services providers
- Beneficiaries of the EOSC Gravity cascading grants
- EOSC-A
Mandated Organisations - EOSC Funders
- Organisations and experts involved in EOSC projects, WGs members
- Research Performing Organisations
Keywords
Authentical and Authorization Infrastructure (AAI), EOSC Federation, EOSC Nodes, FAIR data, Federating Capabilities, OpenID Connect, OAuth2, Proxy, OIDC/OAuth2 flows and endpoints
