Community News

Year one of T&I in the GN4-3 project

It’s hard to believe, but 2019 is almost coming to an end! And in line with the pre-festive mood, it is nice to look back at all the work that has happened during this year in the Trust & Identity (T&I) work package. The work encompasses delivery and support for T&I services, exploring new ideas in the T&I incubator, and work with the wider T&I community via a dedicated community task.

There are four service families within the T&I portfolio: eduGAIN, eduroam, eduTEAMS and InAcademia. These services started at different maturity levels throughout the year, but all of them progressed significantly with considerable developments.

2019 has been the year of eduTEAMS, the GÉANT platform (AARC Blueprint Architecture compliant) to enable members of the Research & Education (R&E) community to create and manage virtual teams and provide access to their services using existing federated identities, available via eduGAIN and offered by other trusted identity providers. eduTEAMS, under the lead of Christos Kanellopoulos (GÉANT) evolved into a flexible and secure service that can be offered in different flavours to better fit the needs of the community.

The eduTEAMS service is provided by GÉANT to small and medium sized communities who want to get started with their virtual collaborations and take full advantage of the federated access without having to deal with the complexity of operating and supporting their own Authentication and Authorisation infrastructure (AAI). For  larger communities requiring full control of their AAI, GÉANT can host and operate a dedicated AAI service powered by the eduTEAMS technology. For those communities who require tailor-made functionality, such as integration with custom back-office and front-office systems, new features or enhancing their existing AAIs with new functionality available in eduTEAMS, GÉANT can also provide bespoke solutions.

eduTEAMS is at the moment offered to international research collaborations to empower them to manage their users and services using federated access and eduGAIN. There are also pilots ongoing with several National Research and Education Networks (NRENs) interested in using eduTEAMS. For more information, please refer to the eduTEAMS website and the eduTEAMS roadmap.

InAcademia is the new entry in the T&I service portfolio. InAcademia, led by Michelle Williams (GÉANT), offers a reliable and secure way to verify students’ identities, as long as the student is registered with a participating eduGAIN Identity Provider. InAcademia is aimed at services with simple use cases that only need to validate the “studentness” of a user. The number of services that offer discounts for education keeps increasing and so is the students’ interest in them. By using InAcademia, R&E federations ensure that the validation is done in a privacy-preserving manner, using federated access and eduGAIN. This year was particularly exciting for InAcademia, as its business pilot helped to shape two InAcademia service offerings:  a community edition is available free of charge to service providers that meet the agreed qualification criteria along with a commercial version where charges will apply to supplied services. Much was done to keep NRENs involved with these developments by working closely with them, holding webinars and promotions at various venues. As the business side is essential for early-life success of the service, the InAcademia team made good progress in engaging with a variety of merchants. InAcademia will go into production in early 2020.

eduGAIN, under the lead of Davide Vaghetti (GARR), continues to grow with seven new members joining in 2019.  eduGAIN consolidated the various activities into dedicated internal teams. eduGAIN has now an operational team, a support team and a security support team; the latter was created in response to the FIM4Rv2 paper and generally to an increased security awareness. The security support team enables central coordination of security incidents that span federation borders, liaising with with the federation operators and national CSIRT teams as needed. eduGAIN also formalised the secretariat function to manage the applications of new federations that join eduGAIN and support the eduGAIN SG Chair.

eduGAIN started to look at baseline requirements for participating entities with the goal to improve the overall services and end-users’ experiences. We will see this work developing further in 2020. For more information, please refer to the eduGAIN website and the eduGAIN roadmap.

eduroam maintains its popularity and keeps improving its wide range of supporting tools, under the consolidated lead of Miroslav Milinovic (SRCE). Effort went into reinforcing DevOps aspects, improving the eduroam CAT tool (a new version was released in November 2019), introducing the National Roaming Operator (NRO) audit with the purpose of evaluating the service level and recognising excellence and identifying possible weak spots with the objective to maintain and improve the overall quality of service. Additional effort went also into user training and promotion of the Managed Identity Provider (IdP) service. The development activities focus on supporting services, with the eduroam Managed Service Provider (SP) service, and diagnostics being the main activities. Work is also ongoing to improve the RadSec proxy, a new release of which was issued in June 2019. Check out the eduroam roadmap to see what is expected for 2020.

eduroam was recognised by the WiFi industry and nominated as a finalist for “Product of the Year” at the annual WiFi Awards https://thewifiawards.com/.

Staying in the focus of new T&I initiatives, GÉANT joined the Coalition for Seamless Access that aspires to ease and enhance users’ experience when they access federated services. The Coalition launched a pilot for the Seamless Access discovery service where the T&I Work Package provides service operations. With a number of publishers lining up to use this service, an exciting year awaits SeamlessAccess.org.

GÉANT also joined the Identity Python initiative, which supports a set of projects providing implementation of key federation and identity technologies including OpenID Connect, SAML, xmldsig, OAuth, JWT, etc in Python. GÉANT chose SaToSa as the cornerstone product for eduTEAMS and InAcademia; SaToSa is one of the projects maintained by the Identity Python initiative as a community open source effort. For more information about Identity Python, please refer to the Identity Python website where you can also find information on how to participate in the Identity Python community.

Our New Year’s resolution is to present in more detail the work carried out in different areas of T&I and to report on specific results more in depth.

With Season’s Greetings from the WP5 T&I Team.