An overview of the EFP AAI

This documentation explains how a EuroHPC Hosting Entity (HE) can integrate its systems with the EFP Authentication and Authorisation Infrastructure (AAI). The EFP AAI uses three main components:

• GEANT MyAcademicID for user identity;
• EFP Federation Infrastructure Proxy (FIP) for connecting EFP services; and
• EFP Secure Shell (SSH) Certification Authority (CA) for SSH certificates.

To integrate with the EFP AAI, an HE must complete the following tasks.

1. Register the relevant HE staff members with the EFP AAI using MyAccessID accounts. This will enable them to access the EFP's services. This is discussed in
   • EFP and MyAccessID.
2. Configure their systems to trust the SSH CA. This will enable them to validate end user certificates issued by the SSH CA. This configuration is described step-by-step in the following links:
   • An overview of the SSH CA,
   • Trusting the SSH CA, and
   • Authorising certificates and users.
3. Optionally, an HE can register its infrastructure proxy with MyAccessID. This enables EFP users (and other MyAccessID users) to access their services. For more information, consult
   • Registering Relying Parties (link to GEANT MyAccessID Wiki).