terena networking conference 2010

A simple proposal for federating current and legacy applications and services

José Alfonso Accino, Victoriano Giralt (University of Málaga)

Federation technologies are one of the areas of middleware that have expanded most in recent years. However, the success of federations will most likely depend on the availability of federated applications and services that end users perceive as truly useful. In an ideal world, applications should provide some way for allowing easy integration into a federation using an API or any other suitable mechanism. However, we cannot expect that all applications will move along such path. Moreover, there are several identity and access management mechanisms (SAML, PAPI, CAS, OpenID...) and others that might arise in the future, all of them requiring different application patches to maintain. We have taken a simple approach to solve the problem: developing a mechanism that decouples the application from the identity and access management mechanisms used in each federation, so that progress can be made in adapting services without paying constant attention to changes in IAM technologies. This mechanism may be expanded later with new methods to meet new needs as they arise, i.e. VO management. The specific IAM mechanism in use is provided as an interchangeable plugin and we have developed plugins for connecting to simpleSAMLphp and PHP PAPI. The proposed simple and easy to apply solution is a first step to increase the availability of services that could be integrated into a federation, also open to extension to any other identity and access management mechanisms that could become available in the future.

Download poster (PDF)