Applying eduGAIN work operationsThe perfSONAR case Diego R. Lopez (RedIRIS) Maurizio Molina (DANTE) perfSONAR perfSONAR is a highly distributed and work measurement infrastructure User Interface Layer Service Layer Measurement Point Layer User interface 1 User interface 2 Domain A - services Domain B - services Domain C - services Metric type 1 Measurement Point Metric type 2 Measurement Point Metric type 3 Measurement Point Domain A Domain B Domain C perfSONAR and AAI perfSONAR is built upon many ponents Independently deployed Subject to local rules for access and usage Federating solutions for AuthN/AuthZ seem the only acceptable ones Already existing federations in many domains It is necessary to federate federations eduGAIN is the GÉANT2 solution for this eduGAIN: AAI for GÉANT2 Started from Scattered AAI implementations in the EU and abroad The basic idea of federating them, preserving hard-won achievements Based on the idea of confederation A loosely-coupled set of cooperating identity federations Identity management and AuthN/AuthZ must be properly handled by the participating federations Dynamically established trust links The perfSONAR Model for AuthN/AuthZ At each perfSONAR participating domain there exists an instance of the Authentication Service (AS) Acting as a proxy between the AuthN/AuthZ and the perfSONAR infrastructures There is a direct trust relationship between resources and the AS in their domain AS relieves resources from deployment and administrative overhead related to AuthN/AuthZ operations AS takes resource access (AuthZ) decisions on the basis mon domain policies Though resources or resource protectors can ultimately deny access because of resource availability The eduGAIN Model Use a set of interconnection points (Bridging Element, BE) at each federation Announce BE metadata through the FPP (Federation Peering Point) Distribute these metadata through the Metadata Service (MDS) Metadata is used by the requesting