The document provides an overview of the CILogon 2.0 project, detailing its funding sources from the National Science Foundation and Department of Energy, along with its primary goals such as integration, collaboration management, and authentication support. It lists team members, science partners, and cyberinfrastructure partners involved in the project. Additionally, it discusses technical aspects like SAML, OIDC, and user consent mechanisms for identity management.

1. Jim Basney
Scott Koranda
CILogon 2.0
This material is based upon work supported by the National Science Foundation under grant numbers
0850557, 0943633, 1053575, 1440609, and 1547268 and by the Department of Energy under award
number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this
material are those of the authors and do not necessarily reflect the views of the United States
Government or any agency thereof.

2. CILogon www.cilogon.org
Project Goals
❏ CILogon-COmanage Integration
❏ VO collaboration management
❏ International Interfederation (eduGAIN)
❏ Supporting Campus Cyberinfrastructure
(LDAP and SSH Key Management)
❏ Levels of Assurance and Multi-factor
Authentication
❏ Web Single Sign-On Gateway (IdPoLR,
SAML AA, SAML-OIDC, ORCID)

3. CILogon www.cilogon.org
Team Members
❏ Jim Basney
❏ Terry Fleury
❏ Jeff Gaynor
❏ Venkat Yekkirala
❏ Heather Flanagan
❏ Scott Koranda
❏ Benn Oshrin
❏ Arlen Johnson

4. CILogon www.cilogon.org
Science Partners
❏ NANOGrav Physics
Frontiers Center
❏ Laser Interferometer
Gravitational-Wave
Observatory (LIGO)
❏ Data Observation Network
for Earth (DataONE)

5. CILogon www.cilogon.org
Cyberinfrastructure Partners

6. CILogon www.cilogon.org
SAML
SP
OIDC
Provider
X.509 CA HSM
OIDC SP
MFA
(OATH)
LDAP
COmanage
Identities
MFA
Tokens
SSH Keys
Groups
Attributes
SAML
AA
User
Registry
Interface
eduGAIN
IdP
Google
IdP
Science
App
OAuth
SP
ORCID
IdP
Science
App
Science
App
Science
App
InCommon
IdP

7. CILogon www.cilogon.org
NCSA
NICS
Cloud
COmanage
DB
LDAP
Server
CILogon
Web App
X.509 CA
X.509 CA
DB
X.509 CA
HSM
HSM
HSM
CILogon
Web App
DB
CILogon
Web App
DB
SAML AA

8. CILogon www.cilogon.org
SAML to OpenID Connect
Gateway
❏ Supporting only e-Science clients
❏ Client review & approval by CILogon staff
❏ Compatible with R&S? New entity category?
❏ User consent based on requested scopes
❏ openid, profile, email
❏ org.cilogon.userinfo (eppn, affiliation)
❏ edu.uiuc.ncsa.myproxy.getcert
(to allow X.509 certificate issuance)
❏ VO attributes

9. CILogon www.cilogon.org

10. CILogon www.cilogon.org
OpenID Connect Claims
❏ Including eduPerson attributes in OIDC ID
Token claims
❏ Standard OIDC claims: name and email
❏ eduPersonScopedAffiliation
❏ Use IANA JSON Web Token Claims
registry?

11. CILogon www.cilogon.org
Thanks!
jbasney@ncsa.illinois.edu
skoranda@sphericalcowgroup.com