Security toolset release for BBMRI-ERIC

This deliverable describes the security toolset for BiobankCloud and the extensions performed in EGI-Engage since February 2016, the release of milestone M6.2 (Security and privacy requirements and secure storage architectural design are agreed). BiobankCloud builds on a Hadoop distribution, called Hops (www.hops.io), which was developed in the BiobankCloud project, to provide scalable storage and processing for genomic and Biobank data. BiobankCloud provides a web-based user interface for accessing and processing data stored in Hops that already provides 2-factor authentication. In this deliverable, we present extensions to support federated authentication with Shibboleth, which will enable easier integration of BiobankCloud in large organizations that run Shibboleth (such as EGI, universities, and Biobanks). Our solution is based on implementing an Apache webserver as a service provider (SP) that facilitates authentication with a Shibboleth Identity Provider (IDP) and as a proxy-frontend to BiobankCloud. We also integrate our shibboleth extensions with both the UI (Hopsworks) and our platform for automated installation based on Karamel and Chef.