Successfully reported this slideshow.
Your SlideShare is downloading. ×

CILogon: An Integrated Identity and Access Management Platform for Science

Loading in …3
×

Check these out next

1 of 10
1 of 10

CILogon: An Integrated Identity and Access Management Platform for Science

Download to read offline

CILogon presentation at AGU16
https://agu.confex.com/agu/fm16/meetingapp.cgi/Paper/144086

When scientists work together, they use web sites and other software to share their ideas and data. To ensure the integrity of their work, these systems require the scientists to log in and verify that they are part of the team working on a particular science problem. Too often, the identity and access verification process is a stumbling block for the scientists. Scientific research projects are forced to invest time and effort into developing and supporting Identity and Access Management (IAM) services, distracting them from the core goals of their research collaboration. CILogon provides an IAM platform that enables scientists to work together to meet their IAM needs more effectively so they can allocate more time and effort to their core mission of scientific research.
The CILogon platform enables federated identity management and collaborative organization management. Federated identity management enables researchers to use their home organization identities to access cyberinfrastructure, rather than requiring yet another username and password to log on. Collaborative organization management enables research projects to define user groups for authorization to collaboration platforms (e.g., wikis, mailing lists, and domain applications). CILogon's IAM platform serves the unique needs of research collaborations, namely the need to dynamically form collaboration groups across organizations and countries, sharing access to data, instruments, compute clusters, and other resources to enable scientific discovery. CILogon provides a software-as-a-service platform to ease integration with cyberinfrastructure, while making all software components publicly available under open source licenses to enable re-use. Figure 1 illustrates the components and interfaces of this platform.

CILogon has been operational since 2010 and has been used by over 7,000 researchers from more than 170 identity providers to access cyberinfrastructure including Globus, LIGO, Open Science Grid, SeedMe, and XSEDE. The "CILogon 2.0" platform, launched in 2016, adds support for virtual organization (VO) membership management, identity linking, international collaborations, and standard integration protocols, through integration with the Internet2 COmanage collaboration software.

CILogon presentation at AGU16
https://agu.confex.com/agu/fm16/meetingapp.cgi/Paper/144086

When scientists work together, they use web sites and other software to share their ideas and data. To ensure the integrity of their work, these systems require the scientists to log in and verify that they are part of the team working on a particular science problem. Too often, the identity and access verification process is a stumbling block for the scientists. Scientific research projects are forced to invest time and effort into developing and supporting Identity and Access Management (IAM) services, distracting them from the core goals of their research collaboration. CILogon provides an IAM platform that enables scientists to work together to meet their IAM needs more effectively so they can allocate more time and effort to their core mission of scientific research.
The CILogon platform enables federated identity management and collaborative organization management. Federated identity management enables researchers to use their home organization identities to access cyberinfrastructure, rather than requiring yet another username and password to log on. Collaborative organization management enables research projects to define user groups for authorization to collaboration platforms (e.g., wikis, mailing lists, and domain applications). CILogon's IAM platform serves the unique needs of research collaborations, namely the need to dynamically form collaboration groups across organizations and countries, sharing access to data, instruments, compute clusters, and other resources to enable scientific discovery. CILogon provides a software-as-a-service platform to ease integration with cyberinfrastructure, while making all software components publicly available under open source licenses to enable re-use. Figure 1 illustrates the components and interfaces of this platform.

CILogon has been operational since 2010 and has been used by over 7,000 researchers from more than 170 identity providers to access cyberinfrastructure including Globus, LIGO, Open Science Grid, SeedMe, and XSEDE. The "CILogon 2.0" platform, launched in 2016, adds support for virtual organization (VO) membership management, identity linking, international collaborations, and standard integration protocols, through integration with the Internet2 COmanage collaboration software.

More Related Content

CILogon: An Integrated Identity and Access Management Platform for Science

  1. 1. CILogon An Integrated Identity and Access Management Platform for Science This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, and 1547268 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof. Jim Basney jbasney@ncsa.illinois.edu December 2016
  2. 2. CILogon www.cilogon.org CILogon - Launched Sep 2010 ❏ Enables use of federated identities for access to cyberinfrastructure ❏ Translates across federations and protocols ❏ Supported by XSEDE
  3. 3. CILogon www.cilogon.org
  4. 4. CILogon www.cilogon.org 162 Active IdPs (Nov 2016) Fermi National Accelerator Laboratory LIGO Scientific Collaboration Ohio State University National Institutes of Health University of Michigan Purdue University Main Campus Google University of Chicago University of Illinois at Urbana-Champaign University of California-Los Angeles Johns Hopkins Indiana University University of Colorado at Boulder University of Minnesota Argonne National Laboratory University of California, Berkeley New York University University of Cincinnati Main Campus University of Nebraska-Lincoln The George Washington University Lawrence Berkeley National Laboratory University of Southern California University of Florida The University of Arizona Stanford University Yale University University of Wisconsin-Madison Michigan State University Cornell University Northwestern University University of Hawaii University of Utah University of North Carolina at Chapel Hill University of California-San Diego University of California, Davis Princeton University University of Wyoming University of Texas at Austin Oak Ridge National Laboratory Duke University Case Western Reserve University University of Washington University of Rochester Montana State University - Bozeman Clemson University Texas A & M University University of Notre Dame Massachusetts Institute of Technology West Virginia University University of Pittsburgh Rice University University of New Mexico Penn State Carnegie Mellon University University of South Dakota North Carolina State University University of California-Santa Barbara Columbia University California Institute of Technology Arizona State University University of Maryland College Park Rutgers Iowa State University Georgia Institute of Technology University of Iowa University of Pennsylvania University of California-Irvine Ohio University Main Campus Boston University Vanderbilt University Texas Tech University Oklahoma State University System Ohio Technology Consortium Colorado School of Mines Boise State University Virginia Polytechnic Institute and State University Tufts University Stony Brook University Marshall University Georgetown University Florida International University Brown University Weill Cornell Medical College University of Texas at Dallas University of North Carolina At Charlotte University of Dayton University of California, San Francisco Rockefeller University Old Dominion University Harvey Mudd College ESnet Colorado State University Baylor College of Medicine Woods Hole Oceanographic Institution Uppsala University University of Vermont University of Massachusetts Amherst University of Illinois at Chicago University of Delaware University of Alabama, The University of Alabama at Birmingham National Center for Supercomputing Applications Lund University Kansas State University George Mason University CERN University of Wisconsin-Milwaukee University of Tennessee University of Nebraska Medical Center University of Kansas University of Houston University of California, Santa Cruz United ID Texas State University - San Marcos Syracuse University Stevens Institute of Technology Southern Illinois University Nikhef Louisiana State University Lehigh University Lamar University Florida Atlantic University Wayne State University Vassar College University of Virginia University of South Florida University of South Carolina University of Oklahoma University of Nevada, Reno University of Nebraska University of Missouri System University of Miami University of Massachusetts - Dartmouth University of Maryland Baltimore University of California, Riverside University of Basel University of Arkansas University of Alaska Statewide System The University of Memphis The Broad Institute of MIT and Texas A&M University-Corpus Christi Rensselaer Polytechnic Institute PSI - Paul Scherrer Institut Oregon State University NOAA CAC Moss Landing Marine Laboratories Miami University Loyola University of Chicago Lafayette College Goucher College EPFL - EPF Lausanne College of William and Mary Cedarville University Carleton College California State University, Fullerton Brookhaven National Laboratory Brandeis University Baylor University International IdPs are highlighted
  5. 5. CILogon www.cilogon.org CILogon-enabled Sites ❏ ATLAS Connect ❏ CMS Connect ❏ DataONE ❏ DOE KBase ❏ Duke CI Connect ❏ Fermilab ❏ Globus ❏ IU CI Gateway ❏ LIGO ❏ OOI ❏ OSC OnDemand ❏ OSG Connect ❏ SeedMe ❏ XSEDE ECP ECP
  6. 6. CILogon www.cilogon.org SAML SP OIDC Provider X.509 CA HSM OIDC SP MFA LDAP COmanage Identities MFA Tokens SSH Keys Groups Attributes SAML AA User Registry eduGAIN IdP Google IdP Science App OAuth SPORCID IdP Science App Science App Science App InCommon IdP CILogon 2.0 CILogon: federated identity management COmanage: collaborative organization management
  7. 7. CILogon www.cilogon.org Managing Project Groups/Roles COmanage provides: ❏ enrollment flows ❏ expiration policies ❏ self service permissions ❏ pipelines https://spaces.internet2.edu/display/COmanage/COmanage+Technical+Manual
  8. 8. CILogon www.cilogon.org Policy Issues ❏ Assurance https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group ❏ Federated attribute release https://refeds.org/category/research-and-scholarship ❏ Federated security incident response https://refeds.org/sirtfi
  9. 9. CILogon www.cilogon.org #1 Request: Add My Home Org ❏ Does Org operate a federated IdP? ❏ Is Org's IdP in eduGAIN ? ❏ Is Org's IdP interoperable? ❏ Does Org's IdP meet assurance/security requirements? ❏ We automate the federation process
  10. 10. CILogon www.cilogon.org Thanks! Contact us: jbasney@ncsa.illinois.edu help@cilogon.org

×