News

Webinar Recap – GA4GH Passports: Implementing GA4GH Passports and AAI: Technical Deep Dive (Part 2)


On Wednesday, June 24, the GA4GH Data Use and Researcher Identity (DURI) Work Stream hosted the webinar “GA4GH Passports: Implementing GA4GH Passports and AAI: Technical Deep Dive.” Craig Voisin of Google and Mikael Linden of ELIXIR—heads of the Passports development team—dove into the technical aspects of implementing GA4GH Passports alongside the GA4GH Authorization and Authentication Infrastructure (AAI) specification. Voisin and Linden discussed the passport visa format, OIDC flows, security implications. Presentation slides and a recording of this webinar are available online. To get an overview of GA4GH Passports, visit Part 1 of this webinar series here: GA4GH Passports: Benefits of Integrating a Global Electronic ID for Accessing Biomedical Data.

If you have any feedback on system requirements for implementing GA4GH Passports, you may fill out this form to provide your input. If you have any questions, wish to learn more, or get involved with GA4GH Passports development, you may reach out to Program Manager Melissa Konopko.

Please find a list of helpful resources from the webinar below:

  1. GA4GH specs: bit.ly/ga4gh-passport-v1 and bit.ly/ga4gh-aai-profile
  2. OIDC Specification
    • 3.1.2.4.  Authorization Server Obtains End-User Authorization
  3. RFC 6819 and other current best practices for OIDC / oauth2 token (required by GA4GH AAI spec)
    • 5.1.5.5.  Bind Tokens to a Particular Resource Server (Audience)
  4. OIDC sequence diagrams:
  5. Example open source implementations: