Identity Federation (IdF, aka Federated Identity) is the means of interlinking people's
electronic identities stored across multiple distinct identity management systems. This
technology has gained momentum in the last several years and is becoming popular in academic
organisations involved in international collaborations. One example of such a federation is
eduGAIN, which interconnects European educational and research organisations, and enables
trustworthy exchange of identity-related information. In this work we will show an integrated
Web-oriented solution code-named “Kipper” with a goal of providing access to WLCG
resources using a user's IdF credentials from their home institute with no need for user-acquired
X.509 certificates. Kipper achieves “X.509-free” access to Grid resources with the help of two
additional services: STS and IOTA CA. STS allows credential translation from the SAML2
format used by Identity Federation to the VOMS-enabled X.509 used by most of the Grid, and
the IOTA CA is responsible for automatic issuing of short-lived X.509 certificates. Kipper
comes with a JavaScript API considerably simplifying development of rich and convenient
“X.509-free” Web-interfaces to Grid resources, and also encouraging adoption of IOTA-class
CAs among WLCG sites. We will describe a working prototype of IdF support in the WebFTS
interface to the FTS3 data transfer engine, enabled by integration of multiple services: WebFTS,
CERN SSO (member of eduGAIN), CERN IOTA CA, STS, and VOMS.