Modern research computing environments increasingly rely on federated identity
management to provide seamless access to distributed resources. However, many
computer centres face a significant challenge: they need to support federated
users while maintaining compatibility with traditional Unix-based systems that
require local account mappings. ALISE (Account LInking SErvice) addresses this
gap by providing a robust solution that enables users to link their federated
identities with local computer centre accounts.

ALISE is a comprehensive web application designed to serve three distinct user
communities. End users can easily manage their account linkages through an
intuitive web interface. Application developers can integrate federated identity
mapping into their services via a well-defined REST API. System administrators
can deploy and configure ALISE to implement institution-specific policies while
maintaining operational simplicity.

Within the AARC Blueprint Architecture framework, ALISE operates at the
"End-Services" layer, implementing account linking at the service level rather
than at higher authentication layers. This design choice enables direct
integration with existing infrastructure while maintaining security and
governance requirements.

The service workflow begins when users authenticate with their existing computer
centre accounts. Subsequently, they can link multiple federated identities to
their local accounts, creating a comprehensive mapping database. Authorised
services can then query this database through the ALISE REST API to resolve
federated identities to their corresponding local Unix accounts, enabling
seamless integration with traditional authorisation systems.

ALISE has been successfully deployed to support storage systems such as dCache
and general-purpose services like teapot. The system is available as open source
software under the MIT License, encouraging community adoption and contribution.