Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CILogon 2.0 at REFEDS 30

an introduction to the new CILogon 2.0 project, a collaboration between NCSA and Spherical Cow Group, funded by the US National Science Foundation

  • Login to see the comments

  • Be the first to like this

CILogon 2.0 at REFEDS 30

  1. 1. Jim Basney Scott Koranda CILogon 2.0 This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, and 1547268 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
  2. 2. CILogon Project Goals ❏ CILogon-COmanage Integration ❏ VO collaboration management ❏ International Interfederation (eduGAIN) ❏ Supporting Campus Cyberinfrastructure (LDAP and SSH Key Management) ❏ Levels of Assurance and Multi-factor Authentication ❏ Web Single Sign-On Gateway (IdPoLR, SAML AA, SAML-OIDC, ORCID)
  3. 3. CILogon Team Members ❏ Jim Basney ❏ Terry Fleury ❏ Jeff Gaynor ❏ Venkat Yekkirala ❏ Heather Flanagan ❏ Scott Koranda ❏ Benn Oshrin ❏ Arlen Johnson
  4. 4. CILogon Science Partners ❏ NANOGrav Physics Frontiers Center ❏ Laser Interferometer Gravitational-Wave Observatory (LIGO) ❏ Data Observation Network for Earth (DataONE)
  5. 5. CILogon Cyberinfrastructure Partners
  6. 6. CILogon SAML SP OIDC Provider X.509 CA HSM OIDC SP MFA (OATH) LDAP COmanage Identities MFA Tokens SSH Keys Groups Attributes SAML AA User Registry Interface eduGAIN IdP Google IdP Science App OAuth SP ORCID IdP Science App Science App Science App InCommon IdP
  7. 7. CILogon NCSA NICS Cloud COmanage DB LDAP Server CILogon Web App X.509 CA X.509 CA DB X.509 CA HSM HSM HSM CILogon Web App DB CILogon Web App DB SAML AA
  8. 8. CILogon SAML to OpenID Connect Gateway ❏ Supporting only e-Science clients ❏ Client review & approval by CILogon staff ❏ Compatible with R&S? New entity category? ❏ User consent based on requested scopes ❏ openid, profile, email ❏ org.cilogon.userinfo (eppn, affiliation) ❏ edu.uiuc.ncsa.myproxy.getcert (to allow X.509 certificate issuance) ❏ VO attributes
  9. 9. CILogon
  10. 10. CILogon OpenID Connect Claims ❏ Including eduPerson attributes in OIDC ID Token claims ❏ Standard OIDC claims: name and email ❏ eduPersonScopedAffiliation ❏ Use IANA JSON Web Token Claims registry?
  11. 11. CILogon Thanks!