This shows you the differences between two versions of the page.
open:wp4:authnauthzf2f [2019/01/30 08:51] demleitner + Lecture notes for Markus' talk |
open:wp4:authnauthzf2f [2019/02/27 11:57] (current) molinaro [Schedule] |
||
---|---|---|---|
Line 7: | Line 7: | ||
---- | ---- | ||
===== Goal ===== | ===== Goal ===== | ||
- | ASTERICS, within the scope of WP4 (DADI) Task 4.3 and WP3 (OBELICS) Task 3.4.2, organizes a face-to-face meeting on the following topics: | + | ASTERICS, within the scope of WP4 (DADI) Task 4.3 and WP3 (OBELICS) Task 3.4.2, organized a face-to-face meeting on the following topics: |
* Authentication&Authorisation | * Authentication&Authorisation | ||
* Single Sign-On | * Single Sign-On | ||
Line 14: | Line 14: | ||
* their relation with the development/upgrade within IVOA standards | * their relation with the development/upgrade within IVOA standards | ||
+ | The A&A meeting was a chance to have a set of experts and interested parties discussing various aspects of the authentication and authorization mechanisms with respect to data and service providing and client access and consuming of the latter in the domain of astronomy and its interoperable framework. | ||
+ | |||
+ | The contributed presentations worked out usages specific of the single organizations as well as depicting more genral scenarios and touching critical points in the open standardization framework provided by the IVOA. | ||
+ | |||
+ | The outcomes of the meeting included: | ||
+ | * networking different actors (data/service providers, VO experts, federated authentication experts, identity providers and managers, A&A consumers including both web based and programmatic UI developers) | ||
+ | * solving specific A&A description in the VO framework (e.g. for the TAP protocol) | ||
+ | * identifying pathways to improve credential delegation and its usage | ||
+ | * expressing advantages and drawbacks in hiding data and resources behind authentication layers | ||
+ | * evaluating the risks of having commercial resource vendors provide outsourcing for tasks that, untill now, most research infrastructures provide by themselves | ||
+ | |||
+ | The meeting, even if short and dense, proved important for all the attendees and having dedicated discussion events like this continues to prove efficient with respect to lengthy remote discussions. | ||
+ | |||
+ | [[aandanotes|Notes]] reporting the various meeting outcomes can be found [[aandanotes|here]]. | ||
===== Registration ===== | ===== Registration ===== | ||
Registration handling is done through the ASTRON provided indico platform. Here you can find the (sibling)[[https://indico.astron.nl/conferenceDisplay.py?confId=199|meeting page]] and the | Registration handling is done through the ASTRON provided indico platform. Here you can find the (sibling)[[https://indico.astron.nl/conferenceDisplay.py?confId=199|meeting page]] and the | ||
Line 22: | Line 36: | ||
===== Schedule ===== | ===== Schedule ===== | ||
- | Proposed meeting agenda. (2019-01-27) | + | Final agenda, reflecting the actual schedule for talks and discussions held. |
- | + | ||
- | The final schedule will be finalised while the meeting goes on. | + | |
- | + | ||
- | Discussion sessions might be also in the form of splinter discussion on different topics, e.g. emerging during the presentation sessions or related to other discussed topics. | + | |
^ Tuesday 29.01.2019 ^^^^ | ^ Tuesday 29.01.2019 ^^^^ | ||
Line 35: | Line 45: | ||
| 11:00 | Meeting format description ||| | | 11:00 | Meeting format description ||| | ||
^ 11:15 ^ Session 1 ^^^ | ^ 11:15 ^ Session 1 ^^^ | ||
- | | | Brian Major | Authentication&Authorization at the CADC | {{open:wp4:authnauthzf2f:aaatcadc.pdf|PDF}} | | + | | | Brian Major | Authentication & Authorization at the Canadian Astronomy Data Centre | {{open:wp4:authnauthzf2f:aaatcadc.pdf|PDF}} | |
- | | | Markus Demleitner | VOSI, A&A, and the real world | | + | | | Markus Demleitner | VOSI, A&A, and the real world | {{open:wp4:authnauthzf2f:vosi-reform.pdf|PDF}} | |
- | {{open:wp4:authnauthzf2f:vosireform.pdf|PDF}} | | + | |
| 12:30 | **lunch** ||| | | 12:30 | **lunch** ||| | ||
^ 13:30 ^ Session 2 ^^^ | ^ 13:30 ^ Session 2 ^^^ | ||
- | | | Patrick Dowler | Authentication Requirements and Use in IVOA Services | | | + | | | Patrick Dowler | Authentication in Web Services and TAP-1.1 specific issues | {{open:wp4:authnauthzf2f:web-service-auth-jan2019.pdf|PDF}} | |
- | | | Mark Taylor | %%GUI%% application client perspective | {{open:wp4:clientauth.pdf|PDF}} | | + | | | Mark Taylor | Authentication: A Client %%[G]UI%% Perspective | {{open:wp4:clientauth.pdf|PDF}} | |
- | | | discussion || | + | | | Franco Tinarelli | %%RAP%% authenticator application demo | {{open:wp4:authnauthzf2f:tinarelli_notes_rap.pdf|PDF}} | |
- | | | TAP-1.1 Authenticated Endpoints | (splinter) || | + | |
| 15:30 | **break** ||| | | 15:30 | **break** ||| | ||
^ 16:00 ^ Session 3 ^^^ | ^ 16:00 ^ Session 3 ^^^ | ||
- | | | (continue) Discussion and/or Splinter ||| | + | | General discussion (chair: Dave Morris) ||| [[aandanotes#day_1_open_discussion|notes]] | |
- | | | Suggested (additional) topic: Implications of having lots of data behind protected access controls ||| | + | | | data behind authentication ||| |
+ | | | labeling data resources for authenticated access ||| | ||
+ | | | commercial cloud solutions and drawbacks ||| | ||
+ | | | authenticator solutions, certificates, delegation, proxy modules ||| | ||
| 18:00 | //day 1 sessions closure// ||| | | 18:00 | //day 1 sessions closure// ||| | ||
| (19:30) | **Working Dinner (Hostaria Malcanton)** | community & networking || | | (19:30) | **Working Dinner (Hostaria Malcanton)** | community & networking || | ||
^ Wednesday 30.01.2019 ^^^^ | ^ Wednesday 30.01.2019 ^^^^ | ||
^ 09:00 ^ Session 4 ^^^ | ^ 09:00 ^ Session 4 ^^^ | ||
- | | | Vincenzo Forchì | Data publishing at ESO: How to publish protected astronomical data via VO protocols? | materials | | + | | | Vincenzo Forchì | Data publishing at ESO: How to publish protected astronomical data via VO protocols? | {{open:wp4:authnauthzf2f:asterics201901_micol.pdf|PDF}} | |
- | | | Sara Bertocco | A possible model for SKA Regional Centers interoperability | | | + | | | Sara Bertocco | A possible model for SKA Regional Centers interoperability | {{open:wp4:authnauthzf2f:talk_SaraBertocco.pdf|PDF}} | |
- | | | Peter Hague | Applications of STOA workflow management in Astronomy | | | + | | | Peter Hague | Applications of STOA workflow management in Astronomy | {{open:wp4:authnauthzf2f:Stoa.pdf|PDF}} | |
- | | | Andrea Bignamini | Athentication and User Management in Yabi workflows (TBC)| | | + | | | Andrea Bignamini | Authentication and Authorization Management in Yabi | {{open:wp4:authnauthzf2f:Trieste_bignamini.pdf|PDF}} | |
| 10:30 | **break** ||| | | 10:30 | **break** ||| | ||
^ 11:00 ^ Session 5 ^^^ | ^ 11:00 ^ Session 5 ^^^ | ||
- | | | Overflow discussion from Session 4 and/or Splinter ||| | + | | | Matthew Viljoen | EGI AAI community solutions | {{open:wp4:authnauthzf2f:20190130_community_aai_with_check-in.pdf|PDF}} | |
- | | | Suggested topic: Certificate Delegation and other protocols | All | | | + | | General discussion (chair: Morris/Molinaro) ||| [[aandanotes#day_2_morning_discussion|notes]] | |
- | | | Datalink revision | (splinter) | | | + | | | TAP-1.1 Authenticated endpoints ||| |
+ | | | ADQL-2.1 (& DALI) REGION xtype ||| | ||
| 12:30 | **lunch** ||| | | 12:30 | **lunch** ||| | ||
^ 13:30 ^ Session 6 ^^^ | ^ 13:30 ^ Session 6 ^^^ | ||
- | | | Suggested topic: User Experience using GUI tools and/or programmatic APIs | All | | | + | | General discussion (chair: Dave Morris) ||| [[aandanotes#day_2_afternoon_discussion|notes]] | |
- | | | "REGION" in DALI/ADQL | (splinter) | | | + | | | Credential Delegation ||| |
+ | | | Centralised authentication solution ||| | ||
| 15:00 | **break** ||| | | 15:00 | **break** ||| | ||
^ 15:30 ^ Session 7 ^^^ | ^ 15:30 ^ Session 7 ^^^ | ||
- | | | Reports from discussions and splinters | All | | | + | | | DataLink-1.1 revision start splinter || [[aandanotes#datalink_revision_splinter|notes]] | |
^ 16:30 ^ wrap-up & conclusion ^^^ | ^ 16:30 ^ wrap-up & conclusion ^^^ | ||
| 17:00 | //end of the meeting// ||| | | 17:00 | //end of the meeting// ||| |