Successfully reported this slideshow.
Your SlideShare is downloading. ×

CILogon 2.0 at Oct 2017 CICI PI meeting

Advertisement

More Related Content

Advertisement

CILogon 2.0 at Oct 2017 CICI PI meeting

  1. 1. CILogon www.cilogon.org
  2. 2. Jim Basney jbasney@ncsa.illinois.edu CILogon 2.0 This material is based upon work supported by the National Science Foundation under grant number 1547268. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
  3. 3. CILogon www.cilogon.org CILogon 2.0 Project ❏ 3 year NSF CICI award ❏ January 2016 - December 2018 ❏ Provide an integrated open source Identity and Access Management (IdAM) platform for cyberinfrastructure ❏ CILogon: federated identity management ❏ COmanage: collaborative organization management ❏ Support international collaborations
  4. 4. CILogon www.cilogon.org CILogon 2.0 Team Members ❏ Jim Basney ❏ Terry Fleury ❏ Jeff Gaynor ❏ Venkat Yekkirala ❏ Heather Flanagan ❏ Scott Koranda ❏ Benn Oshrin ❏ Arlen Johnson
  5. 5. CILogon www.cilogon.org Science Partners ❏ NANOGrav Physics Frontiers Center ❏ Laser Interferometer Gravitational-Wave Observatory (LIGO) ❏ Data Observation Network for Earth (DataONE)
  6. 6. CILogon www.cilogon.org Cyberinfrastructure Partners ❏ Operational support ❏ Integration platform ❏ International use cases ❏ Support for European identities ❏ Using eduGAIN
  7. 7. CILogon www.cilogon.org CILogon in Europe ❏ Supporting international research collaborations ❏ Int’l IdP support at cilogon.org via InCommon’s eduGAIN membership ❏ Depends on int’l R&S and SIRTFI adoption ❏ European CILogon instance ❏ Addresses EU attribute release policies ❏ IGTF accredited CA: https://rcauth.eu/
  8. 8. CILogon www.cilogon.org SAML SP OIDC Provider X.509 CA HSM OIDC SP MFA (OATH) LDAP COmanage Identities MFA Tokens SSH Keys Groups Attributes SAML AA User Registry Interface eduGAIN IdP Google IdP Science App OAuth SP ORCID Science App Science App Science App InCommon IdP Logical Component View
  9. 9. CILogon www.cilogon.org SAML to OpenID Connect (OIDC) Proxy ❏ Supporting e-Science clients ❏ Review & approval by CILogon staff ❏ User consent based on requested scopes ❏ openid, profile, email ❏ org.cilogon.userinfo (eppn, affiliation) ❏ edu.uiuc.ncsa.myproxy.getcert (to allow X.509 certificate issuance) ❏ VO attributes www.cilogon.org/oidc
  10. 10. CILogon www.cilogon.org CILogon User Consent
  11. 11. CILogon www.cilogon.org Managing Virtual Organizations ❏ enrollment flows ❏ expiration policies ❏ delegated group management ❏ attribute mapping ❏ application registration ❏ plug-ins and pipelines
  12. 12. CILogon www.cilogon.org Bridging Campus and VO IAM ❏ CILogon passes campus/VO attributes to the e-Science SP ❏ Always requiring user consent ❏ Attribute scopes approved per-client ❏ COmanage displays terms and conditions during VO enrollment ❏ VO attribute release policy applied per client
  13. 13. CILogon www.cilogon.org CILogon 2.0: Status ❏ Successes so far ❏ OpenID Connect (OIDC) support ❏ International interoperability ❏ COmanage integration ❏ ORCID integration ❏ Use with Globus, JupyterHub, Kubernetes, and SciGaP ❏ Challenges ❏ Interoperability with campus IdPs
  14. 14. CILogon www.cilogon.org Enabling Access from Campus ❏ Operate an InCommon IdP https://incommon.org/federation/info/all-entities ❏ Meet InCommon's Baseline Expectations https://spaces.internet2.edu/display/BE ❏ Support REFEDS R&S https://incommon.org/federation/info/all-entity-categories ❏ Support SIRTFI https://incommon.org/federation/info/all-idps-certified https://cilogon.org/testidp
  15. 15. CILogon www.cilogon.org ATLAS Connect Brandeis Clemson CyberGIS CERN CMS Connect DataONE DOE KBase Duke CI Connect Fermilab Globus Indiana University LIGO LRZ MIT NANOGrav (Pilot) Northwestern Notre Dame OOI OSC OnDemand OSG Connect SciGaP SeedMe SWAMP UNL XSEDE ... and more CILogon-enabled Sites
  16. 16. CILogon www.cilogon.org
  17. 17. CILogon www.cilogon.org Want to work with us? ❏ Research projects with collaborators across multiple institutions ❏ Using federated identity ❏ Managing group memberships and application authorization ❏ OAuth, OpenID Connect, SAML, LDAP, SSH, X.509 ❏ Outsourcing IAM services ❏ Consistent with InCommon Research & Scholarship definition jbasney@ncsa.illinois.edu info@cilogon.org

×