UK e-Infrastructure Security & Access Management WG

Last updated: 
2 months 1 week ago
Group Manager

At the request of the Research Councils UK e-Infrastructure group, Janet established a working group from 2013-2016 to support those providing and using e-infrastructure services in achieving an approach that both protects services from threats and is usable by practitioners. More detail about the group can be found in the Terms of Reference

The Working Group published the following papers:

Information about the Working Group's activities, as well as discussion documents, links and recommendations is linked under the following categories. Unless marked otherwise, all items are works-in-progress and we very much welcome your comments and contributions.

Meetings   Presentations
Case Studies Discussions Technologies

Andrew Cormack (WG Chair)


Recently I have been trying to review the options for mapping UK-Federation identities to X509 Proxy certificates. This has been motivated by the observation that many of our potential users have UK-Federation identities but the ability to delegate proxy certificates make them a very useful technogy for building  portals and other tools.


When working with AAI, it is sometimes useful to study how other projects have solved the same problems. Here is a list of projects that are doing work or have done relevant work and some core case studies from these.

EUDAT and Contrail

EUDAT is a FP7 project building a distributed "collaborative data infrastructure" (CDI in EUDAT-speak). EUDAT supports very diverse user communities which each have different ways of authenticating users and authorising them (and different models for authorisation).

The principal goals of access are:

Blog Article

Research, and particularly the on-line collaborative research referred to as e-science, creates a new challenge for federated access management systems. In teaching, the authoritative statement whether an individual is entitled to access an on-line resource comes from their home organisation: are they a member of that course? are they covered by that institutional licence? Thus it is natural to provide a source of authorisation attributes alongside, or even as part of, the home organisation's authentication systems.


At the recent Working Group meeting I presented this diagram, which I've been using to get my head around the various components of an e-infrastructure and how they fit together. It's very much a work in progress: the typefaces show areas I'm reasonably confident of (in Roman) versus those (in Italic) where the implementation, and in some cases even the best combination of functions, are less clear to me. I'm still refining the diagram so comments and suggestions are welcome.