Successfully reported this slideshow.
Your SlideShare is downloading. ×

CILogon 2.0 at 2016 Internet2 Global Summit

CILogon 2.0 at 2016 Internet2 Global Summit

Download to read offline

When scientists work together, they use web sites and other software to share their ideas and data. To ensure the integrity of their work, these systems require the scientists to log in and verify that they are part of the team working on a particular science problem. Too often, the identity and access verification process is a stumbling block for the scientists. Scientific research projects are forced to invest time and effort into developing and supporting Identity and Access Management (IdAM) services, distracting them from the core goals of their research collaboration. The "CILogon 2.0" project provides an IdAM platform that enables scientists to work together to meet their IdAM needs more effectively so they can allocate more time and effort to their core mission of scientific research. Partnerships with the Laser Interferometer Gravitational-Wave Observatory (LIGO) Scientific Collaboration, the North American Nanohertz Observatory for Gravitational Waves (NANOGrav) Physics Frontiers Center, and the Data Observation Network for Earth (DataONE) ensure that the "CILogon 2.0" project makes a real contribution to scientific collaborations. The project also provides training and outreach to additional scientific collaborations, and the project supports integration with the Extreme Science and Engineering Discovery Environment (XSEDE), which provides a national-scale cyberinfrastructure for scientific research in the US.

Prior to the "CILogon 2.0" project, the CILogon and COmanage projects separately developed platforms for federated identity management and collaborative organization management. Federated identity management enables researchers to use their home organization identities to access cyberinfrastructure, rather than requiring yet another username and password to log on. Collaborative organization management enables research projects to define user groups for authorization to collaboration platforms (e.g., wikis, mailing lists, and domain applications). The "CILogon 2.0" project integrates and expands on the existing CILogon and COmanage software to provide an integrated Identity and Access Management (IdAM) platform for cyberinfrastructure, provided as an InCommon research and scholarship (R&S) service and internationally federated via eduGAIN. This IdAM platform serves the unique needs of research collaborations, namely the need to dynamically form collaboration groups across organizations and countries, sharing access to data, instruments, compute clusters, and other resources to enable scientific discovery. The project provides a software-as-a-service platform to ease integration with cyberinfrastructure, while making all software components publicly available under open source licenses to enable re-use.

When scientists work together, they use web sites and other software to share their ideas and data. To ensure the integrity of their work, these systems require the scientists to log in and verify that they are part of the team working on a particular science problem. Too often, the identity and access verification process is a stumbling block for the scientists. Scientific research projects are forced to invest time and effort into developing and supporting Identity and Access Management (IdAM) services, distracting them from the core goals of their research collaboration. The "CILogon 2.0" project provides an IdAM platform that enables scientists to work together to meet their IdAM needs more effectively so they can allocate more time and effort to their core mission of scientific research. Partnerships with the Laser Interferometer Gravitational-Wave Observatory (LIGO) Scientific Collaboration, the North American Nanohertz Observatory for Gravitational Waves (NANOGrav) Physics Frontiers Center, and the Data Observation Network for Earth (DataONE) ensure that the "CILogon 2.0" project makes a real contribution to scientific collaborations. The project also provides training and outreach to additional scientific collaborations, and the project supports integration with the Extreme Science and Engineering Discovery Environment (XSEDE), which provides a national-scale cyberinfrastructure for scientific research in the US.

Prior to the "CILogon 2.0" project, the CILogon and COmanage projects separately developed platforms for federated identity management and collaborative organization management. Federated identity management enables researchers to use their home organization identities to access cyberinfrastructure, rather than requiring yet another username and password to log on. Collaborative organization management enables research projects to define user groups for authorization to collaboration platforms (e.g., wikis, mailing lists, and domain applications). The "CILogon 2.0" project integrates and expands on the existing CILogon and COmanage software to provide an integrated Identity and Access Management (IdAM) platform for cyberinfrastructure, provided as an InCommon research and scholarship (R&S) service and internationally federated via eduGAIN. This IdAM platform serves the unique needs of research collaborations, namely the need to dynamically form collaboration groups across organizations and countries, sharing access to data, instruments, compute clusters, and other resources to enable scientific discovery. The project provides a software-as-a-service platform to ease integration with cyberinfrastructure, while making all software components publicly available under open source licenses to enable re-use.

More Related Content

CILogon 2.0 at 2016 Internet2 Global Summit

  1. 1. Jim Basney Scott Koranda CILogon 2.0 This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, and 1547268 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
  2. 2. CILogon www.cilogon.org CILogon 2.0 Project ❏ 3 year NSF CICI award ❏ January 2016 - December 2018 ❏ Provide an integrated open source Identity and Access Management (IdAM) platform for cyberinfrastructure ❏ CILogon: federated identity management ❏ COmanage: collaborative organization management ❏ Support international collaborations
  3. 3. CILogon www.cilogon.org NSF CICI Program ❏ Cybersecurity Innovation for Cyberinfrastructure (CICI) ❏ Funds projects in the areas of ❏ Cybersecurity Center of Excellence ❏ Regional Cybersecurity Collaboration ❏ Secure and Resilient Architecture ❏ Secure Architecture Design ❏ Data Provenance for Cybersecurity https://www.nsf.gov/funding/pgm_summ.jsp?pims_id=505159
  4. 4. CILogon www.cilogon.org CILogon 2.0 Team Members ❏ Jim Basney ❏ Terry Fleury ❏ Jeff Gaynor ❏ Venkat Yekkirala ❏ Heather Flanagan ❏ Scott Koranda ❏ Benn Oshrin ❏ Arlen Johnson
  5. 5. CILogon www.cilogon.org Science Partners ❏ NANOGrav Physics Frontiers Center ❏ Laser Interferometer Gravitational-Wave Observatory (LIGO) ❏ Data Observation Network for Earth (DataONE)
  6. 6. CILogon www.cilogon.org Cyberinfrastructure Partners ❏ Operational support ❏ Integration platform ❏ International use cases ❏ Support for European identities ❏ Using eduGAIN
  7. 7. CILogon www.cilogon.org SAML SP OIDC Provider X.509 CA HSM OIDC SP MFA (OATH) LDAP COmanage Identities MFA Tokens SSH Keys Groups Attributes SAML AA User Registry Interface eduGAIN IdP Google IdP Science App OAuth SP ORCID Science App Science App Science App InCommon IdP Logical Component View
  8. 8. CILogon www.cilogon.org SAML to OpenID Connect (OIDC) Gateway ❏ Supporting e-Science clients ❏ Review & approval by CILogon staff ❏ User consent based on requested scopes ❏ openid, profile, email ❏ org.cilogon.userinfo (eppn, affiliation) ❏ edu.uiuc.ncsa.myproxy.getcert (to allow X.509 certificate issuance) ❏ VO attributes www.cilogon.org/oidc
  9. 9. CILogon www.cilogon.org CILogon User Consent
  10. 10. CILogon www.cilogon.org A Transparent Gateway ❏ CILogon passes campus/VO attributes to the e-Science SP ❏ Always requiring user consent ❏ Attribute scopes approved per-client ❏ COmanage displays terms and conditions during VO enrollment ❏ VO attribute release policy applied per client
  11. 11. CILogon www.cilogon.org Open Researcher and Contributor ID (ORCID) ❏ Linking ORCID iDs to federated IDs ❏ orcid.org ❏ on campus ❏ search.dataone.org ❏ cilogon.org ❏ eduPersonOrcid ❏ REFEDS ORCID working group
  12. 12. CILogon www.cilogon.org Demo SAML SP OIDC Provider LDAP COmanage User Registry Interface Demo App InCommon IdP ❏ Initial integration of CILogon OIDC with COmanage LDAP to retrieve VO memberships and ORCID iD
  13. 13. CILogon www.cilogon.org
  14. 14. CILogon www.cilogon.org
  15. 15. CILogon www.cilogon.org
  16. 16. CILogon www.cilogon.org
  17. 17. CILogon www.cilogon.org
  18. 18. CILogon www.cilogon.org
  19. 19. CILogon www.cilogon.org Demo
  20. 20. CILogon www.cilogon.org Demo { "sub":"http://cilogon.org/serverA/users/534", "name":"James Alan Basney", "given_name":"James", "family_name":"Basney", "email":"jbasney@illinois.edu" "idp_name":"University of Illinois at Urbana-Champaign", "idp":"urn:mace:incommon:uiuc.edu", "affiliation": "employee@illinois.edu;member@illinois.edu;staff@illinois.edu", "eppn":"jbasney@illinois.edu", "eptid":"urn:mace:incommon:uiuc.edu!https://cilogon.org/shibboleth! cyXC3O5fi0t1NBsW1NsOxZDyDd4=", "eduPersonOrcid":["http://orcid.org/0000-0002-0139-0640"], "isMemberOf":["members","members:Research","Publication Policy"], }
  21. 21. CILogon www.cilogon.org CILogon in Europe ❏ Supporting international research collaborations ❏ Int’l IdP support at cilogon.org soon via InCommon’s eduGAIN membership ❏ Depends on int’l R&S adoption ❏ European CILogon instance ❏ Addresses EU attribute release policies ❏ IGTF accredited CA: https://rcauth.eu/
  22. 22. CILogon www.cilogon.org CILogon Monthly Usage
  23. 23. CILogon www.cilogon.org CILogon Monthly Usage
  24. 24. CILogon www.cilogon.org ❏ In February 2016, Globus began listing InCommon IdPs directly, rather than as “alternate login” option ❏ InCommon / CILogon use doubled! Encouraging Federated Logins
  25. 25. CILogon www.cilogon.org Attribute Release Challenges ❏ R&S attributes not released for students ❏ Affiliate researcher ❏ Former student ❏ Former employee ❏ IdP operational failures Students do research!
  26. 26. CILogon www.cilogon.org Most Used IdPs in Apr 2016 1. LIGO 2. NIH 3. U of Michigan 4. Purdue University 5. U of Chicago 6. UIUC 7. UCLA 8. University of Colorado at Boulder 9. Google (was #1 in 2012) 10.University of California, Berkeley 11.Argonne Nat’l Lab 12.Indiana University 13.University of Minnesota 14.LBNL 15.Johns Hopkins 16.Yale University 17.Cornell University 18.Case Western Reserve University 19.Stanford University 20.University of Nebraska-Lincoln R&S ECP R&S R&S R&S R&S R&S R&S R&S R&S R&S R&S R&S R&S R&S ECP ECP ECP (unique active users per IdP)
  27. 27. CILogon www.cilogon.org COmanage News ❏ COmanage Registry Release 1.0.0 in December 2015 ❏ COmanage Registry Release 1.0.3 in TIER Release 1 ❏ COmanage Release 1.0.4 current
  28. 28. CILogon www.cilogon.org Thanks! jbasney@ncsa.illinois.edu skoranda@sphericalcowgroup.com

×