The month of August marked an important anniversary for EUDAT team. One of our foundational services, B2ACCESS was launched ten years ago, when the landscape of data management services was being tested and iterated to handle the increased variety, velocity, and volume of data from diverse sources. One of the members involved in the launch of B2ACCESS back in 2015 was also Sander Apweiler, current member of CDI Secretariat.
In our recent conversation, Sander reflected one of the main motivation behind the creation of B2ACCESS was to offer the users same feel and look of all EUDAT services, accessible via one account for the whole service suite. Instead of the creation of new accounts, EUDAT provided a possibility of re-using existing accounts from research community or home organisation, making services seamless and interoperable.
In 2015 only few services offered login with existing accounts and most of them where not accessible from other federations outside of the country from the services provider. In most cases user needed to create new accounts on each services they want to use. The first research communities and e-Infrastructures started to develop their own identity management systems that user can use at least all of the services from the research community or e-infrastructure with only one account.
During the B2ACCESS's initial development, some of the most significant technical decisions involved singing in with an existing external accounts. While it became a standard in the last decade, this feature was unique a decade ago, and quickly became adopted across e-infrastructures or research communities.
While early adoption of new services might come with its own social and technical hurdles, EUDAT has been community-driven from the start, and thus lowering any potential distrust to integration or interation with B2ACCESS. hey saw the benefits for their users, using additional services with their accounts, or for the their services, not taking care about central user management. More difficult was getting mandatory information about the user from their home organization, if the users want to re-use this accounts. The list of mandatory information within the federation was and even today is often ignored.
At the time of B2ACCESS's launch, best practices, guidelines or experience from other research infrastructures did not exist in a systemic way. In the past past decade the Authentication and Authorisation for Research and Collaboration (AARC) initiative started and was also funded by three EC projects. AARC created many guidelines about information handling and created an blueprint architecture, how “Idp-SP-proxies”, like B2ACCESS, should look like. B2ACCESS adopted the information handling to the guidelines. The blueprint architecture was fulfilled already before. Those guidelines and the participation in projects, like EOSC-Hub, made it possible to integrate with other e-infrastructures. Also new features where implemented, which simplifies the cross infrastructure integration of services.
B2ACCESS aimed to serve and collaborate with the research communities. For instance, in 2019 the HIFIS platform, from Helmholtz Association in Germany, started and B2ACCESS was a role-model for their own identity management service Helmholtz ID. Beside the Helmholtz ID, were also two EUDAT partners contribute, there was additional exchange between EUDAT and HIFIS in other areas for setting up and kick-starting an e-infrastructure.
While looking back at the lessons learned over the past decade, we also asked Apweiler on what potentially lies in the future of identity and access in open science. Most notably, the NRENs are creating the life-long IDs for researchers, the so called eduID systems. In that systems user have only one account for their whole career and link always the current organization to it. In case of switching the home organization, users keep their accounts and do not need to transfer accounts. Sadly those systems only handle the organization switch within the country and not across Europe or world-wide. Also the digital wallets and the eIDAS is becoming more relevant for the user authentication. The upcoming federation within EOSC and the integration and use cases across the different nodes are also areas where B2ACCESS is going to be active.
About Sander Apweiler
He has worked at Jülich Supercomputing Centre (JSC) of Forschungszentrum Jülich since 2014 and is active in EUDAT. Sander has different roles with the B2ACCESS (user authentication and authorisation) and B2DROP services, and a valuable knowledge of the EUDAT service suite. Besides EUDAT, Sander is working in the area of AAI in other projects and is participating in the EOSC AAI taskforce.