Back to Home
  • FAQs
  • CONTACT US
  • SITEMAP
  • COOKIE POLICY
  • GEANT GATEWAY
  • About GEANT
    • Partners
      • NREN Development and Support
    • Governance and Management
      • Partners' Assembly
      • Executive Board
    • Activities
    • European e-Infrastructure
      • Europe 2020 and GEANT
      • GEANT Expert Group
      • Women in ICT
    • Value of GEANT
      • History of GEANT
  • Network
    • The Network
    • Network Operations
      • Operations Teams
      • Operations Centre
      • Network Security
    • Global Connectivity
      • Global Connectivity: The Benefits
      • Global Connectivity: World Regions
      • Global Users and Applications
      • How to Connect to the network
      • Global Service Collaboration
    • Research and Education Networks
    • Campus Best Practice
    • Environmental Impact
      • Carbon accounting
      • Adopting a Greener Corporate Outlook
      • Events & Case Studies
      • Sustainability Policy
  • Innovation
    • Research Programmes
      • Network Architectures for Horizon 2020
      • Technology Testing for Specific Service Applications
      • Identity and Trust Technologies for GEANT Services
    • Testbeds
    • Foresight
    • Open Call
    • Standards
  • Services
    • Connectivity Services
      • GEANT IP
      • GEANT L3VPN
      • GEANT Plus
      • GEANT Lambda
      • GEANT Open
      • GEANT Bandwidth on Demand
      • GEANT Testbeds Service
    • Network Performance Services
      • perfSONAR
      • eduPERT
      • GEANT Security
      • GEANT Framework
    • User Access and Applications
      • eduroam
      • eduGAIN
      • eduPKI
      • eduCONF
    • Cloud Services
    • Services Registration Authority
      • SSL Certificates
      • Request a Certificate
    • Namespace Registry
      • urn:geant Registry
      • URN: FAQs
      • URN: Request Form
      • geant.net/uri Registry
    • Training
      • Geant Showcase
  • Users
    • Health and Medicine
      • DECIDE
      • neuGRID
      • OutGRID
      • Sim-e-Child
      • TEMDEC
      • ITHANET
      • EMBL-EBI
    • Energy
      • CAREN
      • ITER
    • Earth Observation
      • PAGASA
      • EMSA
      • CAREN glaciers
      • TIGGE and GEANT
      • THEOS and GEANT
    • Particle Physics
      • LHCOPN
      • LHCONE
      • BELLE II and GEANT
    • Space
      • GEANT and ORIENTplus
      • EXPReS Project
      • NEXPReS
    • Society
      • Sichuan earthquake
    • Arts and Education
      • ShanghAI Lectures
      • LOLA
      • ASTRA Project
      • perfSONAR MDM
      • Opera Oberta
      • e-Education
    • Horizon 2020
    • User Advisory Committee
    • User Support
    • User Posters
  • News & Events
    • News
      • News Archive - 2013
      • Press coverage
    • Events
      • TNC 2015
    • CONNECT magazine
      • Archived Issues
    • Representing GEANT
    • Press Kit
    • Follow Us
  • Resources
    • Deliverables
    • Open Call deliverables
    • White Papers
    • Knowledge Sharing
    • Media Library
      • GEANT Case Studies
      • GEANT Media Library: Project videos
      • GEANT Media Library: Interviews
      • GEANT Showcase Presentations
      • GEANT Media Library: Audio
      • GEANT Media Library: Maps
      • GEANT Media Library: Brochures
      • GEANT Media Library: Presentations
      • User Posters
    • Partner Resources
      • Exhibition Stands
      • Image Library
    • Intellectual Property
  • Open Call
    • About
    • Applications and Tools
    • Authentication
    • Network Architecture and Optical Projects
    • Software Defined Networking
    • Videos

BA Test
Cloud Services
Connectivity Services
Namespace Registry
Network Performance Services
Services Registration Authority
Training
User Access and Applications

The GÉANT AA Framework

A robust authentication and authorisation solution for software development in the GÉANT project

 

Software Development Environments

The network services delivered by the GÉANT project, are developed by teams of specialist networking and software engineers. These teams are aided by of software environments, platforms and best practice guidelines that support and guide the engineers in their service development work. This helps to ensure the software applications and services are developed to optimum quality, functionality and security, assuring that NRENs and their academic and research users have high quality, secure services.

GÉANT AA Framework Explained

The Authentication and Authorisation (AA) framework addresses security issues for a number of different GÉANT multi‐domain network services in the GÉANT Service Area. It provides software developers in the GÉANT project, for example those developing the cNIS, AutoBAHN and I-SHARe tools, with a common and flexible authentication authorisation solution to facilitate their software development process. It also provides them to incorporate maximum control over authorisation decisions (Attribute/Role entitlements) to the web resource provider. Such authorisation decisions typically cover attribute and role entitlements.

The GÉANT AA Framework implementation uses existing frameworks, industry standards and best practices in order to avoid re-inventing the wheel and to take advantage of the extensible design. It is Java-based, making use of Spring Security Framework, Crowd Integration library, OIOSAML.java library and Maven.

 

The architecture of the AA Framework

The current AA Framework implementation allows developers to make their own choice of Authentication Providers, User Attributes Providers and ACL services to use: the diagram below shows the options offered to the service developers.

 

Authentication Provider

User Attributes Provider

ACL Services

Atlassian Crowd

Yes

Yes

N.A.

eduGAIN

Yes

N.A.

LDAP

Yes

Yes

N.A.

Relational Databases

Yes

Yes

Yes

XML

Yes

Yes

Yes

Implementation choices available for developers

Taking care of security

The AA Framework provides a simple and configurable authentication and authorisation solution for software developers. Its plug-in based extensible design makes it suitable to meet the various needs for several services in the GÉANT Service Area. In this way, the software developers can focus on the core functionality of their service, leaving security aspects with the AA Framework.

Users

Currently, the AutoBAHN provisioning tool and the I-SHARe workflow tool use the AA Framework in their architecture.

  • AutoBAHN uses XML Authentication and User Attributes Provider.
  • I-SHARe uses Crowd Authentication and User Attributes Provider.

There are a number of other GÉANT services and applications that are potential users of the AA framework:

  • cNIS
  • perfSONAR
  • LHCOPN Portal
  • GÉANT Mail Archives
  • GÉANT Tools Portal
  • GEANT
  • EU flag
  • European Commission Communications Networks, Content and Technology
  • Copyright
  • Credits
  • Legal