Software Toolkit

Discover a suite of software that will enhance your organisation’s trust and identity capabilities. For each software we offer an overview highlighting its:

  • main capabilities
  • licensing and support
  • interoperability with other technologies and standards
  • examples of use cases for where this software have been applied.

Quick links: CILogon I COmanage I Resource Entitlement Management System (REMS) I Keycloak

CILogon

CILogon provides an integrated open-source identity and access management platform for research collaborations, combining federated identity management with collaborative organisation management.

Federated identity management enables researchers to use their home organisation identities to access research applications, rather than requiring a separate username and password.

Collaborative organisation management enables research projects to define user groups for authorisation to collaboration platforms (e.g., wikis, mailing lists, and domain applications).

CILogon implements the AARC Blueprint Architecture and the REFEDS Assurance Framework.

Capabilities
  • Authentication
  • Attribute aggregation
  • Account linking
  • Protocol translation
Support and Licensing

CILogon subscription agreements are managed by the University of Illinois. CILogon subscribers receive contracted support for CILogon services under a detailed service level agreement.

Interoperability / Integrations
  • OpenSSL
  • Globus toolkit (for MyProxy server)
  • Apache Tomcat (for CILogon OpenID Connect server)
Use Cases
  • AAF supported collaborative research environments such as the Australian BioCommons Threatened Species Initiative.
  • CILogon implements the AARC Blueprint Architecture and the REFEDS Assurance Framework.
  • Federated X.509 certification authority for secure access to cyber infrastructure – http://dx.doi.org/10.1002/cpe.3265
  • Connect application(s) to the federation using OpenID Connect, JWTs, SAML, and/or LDAP.
  • Manage identity attributes, groups, policies, and workflows for collaborative research environments.

COmanage

COmanage tools help streamline and manage the digital lifecycle and identity data management for the collaboration environment.

COmanage tools are a flexible component of the InCommon Trusted Access Platform architecture that can be used to support identity lifecycle needs.

Capabilities
  • Authentication
  • Authorisation
  • Attribute management
  • Group membership
Support and Licensing
  • Open-source (Apache2)
  • COmanage was designed around virtual organisation requirements, with enrolment and hierarchical/delegated administration capabilities to support typical VO models.
Interoperability / Integrations
  • COmanage is based on the CakePHP framework, and runs via a web server, typically Apache.
  • An RDBMS is required, typically PostgreSQL or MySQL.
  • COmanage itself is standard agnostic.
  • A typical deployment involves a SAML federation, however, this is not a requirement and other authentication protocols can be leveraged as well or instead.
  • LDAP is supported for provisioning.
Use Cases

Resource Entitlement Management System (REMS)

Resource Entitlement Management System (REMS) is a tool for managing access rights to resources, such as research datasets.

Applicants can use their federated user IDs to log in to REMS, fill in the data access application and agree to the dataset’s terms of use. The REMS system then circulates the application to the resource owner or designated representative for approval. REMS also produces the necessary reports on the applications and the granted data access rights.

Capabilities
  • Authorisation
  • Workflow management
Support and Licensing
Interoperability / Integrations
  • CILogon
  • REMS is an extension for CKAN. Enables use of REMS access rights management with CKAN datasets.
  • The REMS plugin currently depends on the Kata extension.
Use Cases
  • Sensitive data sharing
  • A dynamic way to handle applications and manage access rights
  • Configurable approval process flow
  • An audit trail of all committed actions and enhanced reporting tools to improve application traceability
  • Customisable application process
  • Automation: Some functions, such as approving and rejecting applications, can be automated to reduce unnecessary workload.
Asian Scientist Sitting at His Desk Consults Senior Engineer about Sophisticated Coding and Programming. In the Background Computer Science Research Laboratory with Robotic Arm Model.

Keycloak

Keycloak is an open-source software product to allow single sign-on with identity and access management.

Capabilities
  • User federation
  • Strong authentication
  • User management
  • Fine-grained authorisation
Support and Licensing

Keycloak is an open-source identity management system. Resources available to support are:

Interoperability / Integrations
Use Cases
  • Self supported identity and access management infrastructure
  • A single place to manage authentication for many systems
Screenshot 2023-05-18 at 3.52.45 pm