Speaker
Description
INDIGO IAM is an Identity and Access Management service providing authentication and authorization across distributed research infrastructures. It is a Spring Boot application relying on OAuth/OpenID Connect (OIDC) technologies and is currently evolving to meet increasingly stringent requirements in terms of security, interoperability and observability.
A key aspect is the progressive hardening of the platform, including the migration from the no longer maintained MITREid Connect library to the modern Spring Authorization Server (SAS). This transition strengthens security and reliability while enabling improved scalability, modularity and tighter integration with the Spring ecosystem.
Further security measures include support for client-bound access tokens and stronger adoption of Multi-Factor Authentication (MFA), which can now be enforced via configuration. OAuth client secrets are never stored in clear text but are securely hashed before being persisted, reducing the impact of potential data breaches. In addition, access tokens are no longer stored in the database, reducing overhead and improving performance during authentication workflows.
Operational usability and observability are being enhanced through a new Web dashboard that simplifies service management and decouples user-facing functionality from core services. At the same time, a proof of concept based on OpenTelemetry is being developed to enable better monitoring, tracing and troubleshooting.
In parallel, INDIGO IAM is integrating OpenID Federation to strengthen interoperability and federated identity capabilities. This allows the dynamic establishment of trust relationships between Identity Providers and Relying Parties based on shared Trust Anchors, addressing the limitations of static onboarding in heterogeneous, multi-community research environments.