This story is from the category Services and the dossier Identity Management

The recipe for cutting-edge international research

For two years, SWITCH has led a team aiming to make international research easier. Now it is time to take stock.

Text: Lukas Hämmerle, published on 23.07.2015

Enabling Users is the title of a task in the European GÉANT3 Plus project that SWITCH has successfully led over the past two years. GÉANT is the pan-European research and education network interconnecting national networks, and the Enabling Users task is all about helping research groups to set up cross-border data access infrastructure using the eduGAIN system. The task has been carried over into the successor project GÉANT4, which began in May 2015, and it includes a wide range of different sub-tasks. To understand what this task is and what it entails, it is important to know how research is carried out in today's world.

The more services a researcher uses, the more accounts he or she needs. This is annoying.

Successful research still hinges first and foremost on having a team of appropriately qualified, dedicated researchers who are passionate about driving their particular field forward. Major research projects involve scientists from numerous countries collaborating with each other, often across national borders. This can only work if they use the same tools, for example to exchange research data such as genome information, measurements or unpublished reports securely, to control experiments remotely or to perform highly complex calculations on supercomputers. This is often where they encounter obstacles, since access to the data they need is in many cases protected, i.e. an account with a user name and password is needed to gain access. The more services a researcher uses, the more accounts he or she needs. This is annoying not only for the researcher, but also for the service operators who have to administer all of the accounts.

We have a tried-and-tested solution to this problem in Switzerland that has been around for some years now: SWITCHaai, the authentication and authorisation infrastructure (AAI) SWITCH operates in conjunction with the universities and research institutes. So why do we not simply extend the use of AAI to international research projects? Almost all countries in the West now have their own AAI. Until just a few years ago, these could only be used nationally. As mentioned above, however, much of the research done these days is international. AAI can only be used for international research projects if there is a service that coordinates and connects the various national AAIs. This is referred to as interfederation, and it was launched in 2011 under the name eduGAIN. It provides the requisite technical and legal basis for the reliable cross-border sharing of authentication and authorisation information.

The advantage for research projects is that they spend less time dealing with account administration

A third of the almost 60 Swiss organisations using AAI are already benefiting from eduGAIN. The interfederation service allows researchers to access shared applications and data from anywhere in the world with their AAI account. The advantage for research projects is that they spend less time dealing with account administration and receive researchers' up-to-date identity information directly from their universities.

However, the devil is in the detail. The technology behind AAI is rather complex. It takes time and know-how to integrate international authentication with eduGAIN, but scientists need to focus on their research work. For them, an international AAI login is merely a tool that makes collaborating within their project easier. With this in mind, the EU's GÉANT project, which developed eduGAIN and now operates it, launched the Enabling Users task two years ago. More than half a dozen AAI experts from various European countries support research groups that want to integrate their services into eduGAIN.

However, the devil is in the detail. The technology behind AAI is rather complex.

Over the past two years, the experts have worked with five large research groups and institutions as well as several smaller ones in a wide range of fields. They have, for example, helped CERN to link up to eduGAIN and done the groundwork for the European Space Agency (ESA) to do the same in the near future. Both of these organisations are special cases because they are spread over a number of countries. Other collaborations have involved research into photons and neutrons (PaNdata), biology (ELIXIR), and languages and social sciences (DARIAH and CLARIN).

The focus has varied greatly in each case due to considerable differences in the research groups’ existing infrastructures and prior knowledge of AAI. This cooperation has been beneficial not only to the researchers, but also to eduGAIN itself. Some groups decided to play an active role in developing eduGAIN going forward – particularly in the areas of incident handling and level of assurance, which are especially important for certain projects. Enabling Users has been a success for all concerned overall.

This article appeared in the SWITCH Journal October 2015.


About the author
Lukas   Hämmerle

Lukas Hämmerle

Lukas Hämmerle has worked at SWITCH as a Software Engineer since 2005. Together with his colleagues, he is responsible for the development and operation of several SWITCHaai services and the Swiss edu-ID. Within the GÉANT4 project, he is in charge of the Enabling Users task, which helps research groups to use and integrate eduGAIN services.

Other articles