SlideShare a Scribd company logo

Identity Access and Management with Globus

Download as PPTX, PDF
Globus
Globus

This talk was given at the annual Middleware And Grid Interagency Coordination (MAGIC) meeting at the Supercomputing 2018 Conference in Dallas, Texas.

Technology
1 of 18
Identity Access and Management with Globus Rachana Ananthakrishnan rachana@globus.org
Globus Auth: Foundational IAM service • Protects REST API communications between and among apps and services • Federated login for diverse app ecosystem • Based on OAuth2 and OpenID Connect – Least privileges security model: scopes/consents – Access via OAuth2 and OIDC libraries of your choice – Programming language and framework agnostic 4
Globus Auth: Identity broker for research apps Brokers authentication and authorization among… • End-users • Identity providers: enterprise, external (e.g. Google) • Services: resource servers with REST APIs • Apps: web, mobile, desktop, command line clients • Services acting as clients to other services 5
Use Case: Log in with Globus • Similar to: “Log in with Google” “Log in with Facebook” • Using existing identities • Providing access to community services 6
Use Case: App calling service on user’s behalf 8 Authorization Code Grant
Use Case: Native Apps calling services High performance, high throughput, computing workflows Globus command line client application Native App Code Grant
Use Case: Apps that need offline access Recurring transfers with sync option Copy /ingest Daily @ 3:30am High performance, high throughput, computing workflows Refresh tokens
Use Case: Apps invoking service as itself Client Credential Grant
Examples: Securing service’s REST API Outsource all IAM, authorization on your own
Use case: Invoking dependent services Concierge Service Identifier Mint persistent identifiers Transfer Transfer data Groups Manage groups FAIR Research Data Portal Concierge Service Manage data bags Restricted delegation down the call chain
High Assurance support in Globus Auth • Determine which identities in a user’s identity set have been used to authenticate and when • Session context = app instance, device • Information returned via token introspection • Services make access control decisions • Failed operation  app generates specific redirect URL docs.globus.org/api/auth/sessions
Services using high assurance features • Globus transfer and groups • Additional authentication assurance – Enforce user authentication with specific identity within session with specific timeframe • Application instance isolation – Authentication context is per app, per session
Additional authentication assurance userX@anl.govuserX@anl.gov
Additional authentication assurance userX@anl.gov userX@uchicago.edu
Re-authentication timeout userX@anl.gov userX@uchicago.edu
Application instance isolation userX@uchicago.edu Authenticated in browser session (app instance 1) Re-authentication required in different app, same browser(app instance 2) userX@uchicago.edu
Application Instance Isolation userX@uchicago.edu Authenticated in browser session (app instance 1) Re-authentication required in CLI session (app instance 2) userX@uchicago.edu
More information • Documentation – docs.globus.org • Globus Auth documentation – docs.globus.org/api/auth/ • Python SDK – globus-sdk-python.readthedocs.io/en/stable/ • Support – support@globus.org • Subscribe to blog posts and news/announcements – www.globus.org/contact-us

Recommended

Azure AD for browser-based application developers
Azure AD for browser-based application developersAzure AD for browser-based application developers
Azure AD for browser-based application developersBob German
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_UglySteve Markey
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 

Recommended

Azure AD for browser-based application developers
Azure AD for browser-based application developersAzure AD for browser-based application developers
Azure AD for browser-based application developersBob German
 
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
WSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2Con USA 2017: Building a Secure Enterprise
WSO2Con USA 2017: Building a Secure EnterpriseWSO2
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderForgeRock
 
SSO_Good_Bad_Ugly
SSO_Good_Bad_UglySSO_Good_Bad_Ugly
SSO_Good_Bad_UglySteve Markey
 
WSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedWSO2 Identity Server - Getting Started
WSO2 Identity Server - Getting StartedIsmaeel Enjreny
 
Introduction to Web Security
Introduction to Web SecurityIntroduction to Web Security
Introduction to Web SecurityKamil Lelonek
 
Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowMike Reams
 
Gestión de identidad en Cloud
Gestión de identidad en CloudGestión de identidad en Cloud
Gestión de identidad en CloudIbon Landa
 
MH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for SalesforceMH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for Salesforcesonumanoj
 
Microsoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete TrainingMicrosoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete Trainingmaefrova
 
Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Mike Reams
 
Sitecore Security Overview
Sitecore Security OverviewSitecore Security Overview
Sitecore Security OverviewRandy Woods
 
Ladies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State ManagementLadies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State Managementgemziebeth
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantNCCOMMS
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universitybpowell29a
 
Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkCode Mastery
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Azure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure ADAzure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure ADBob German
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azureMichele Leroux Bustamante
 
Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformIan Foster
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for DevelopersGlobus
 

More Related Content

What's hot

Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net coreIsmaeel Enjreny
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identitiesclounoud
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowMike Reams
 
Gestión de identidad en Cloud
Gestión de identidad en CloudGestión de identidad en Cloud
Gestión de identidad en CloudIbon Landa
 
MH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for SalesforceMH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for Salesforcesonumanoj
 
Microsoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete TrainingMicrosoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete Trainingmaefrova
 
Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Mike Reams
 
Sitecore Security Overview
Sitecore Security OverviewSitecore Security Overview
Sitecore Security OverviewRandy Woods
 
Ladies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State ManagementLadies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State Managementgemziebeth
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantNCCOMMS
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Mads Toustrup-Lønne
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universitybpowell29a
 
Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkCode Mastery
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS EnhancementGuo Albert
 
Azure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure ADAzure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure ADBob German
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CAnton Staykov
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)gemziebeth
 

What's hot (20)

Wso2 is integration with .net core
Wso2 is integration with .net coreWso2 is integration with .net core
Wso2 is integration with .net core
 
70 346 Managing office 365 identities
70 346 Managing office 365 identities70 346 Managing office 365 identities
70 346 Managing office 365 identities
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
Visio Diagram of a user SSO Flow
Visio Diagram of a user SSO FlowVisio Diagram of a user SSO Flow
Visio Diagram of a user SSO Flow
 
Gestión de identidad en Cloud
Gestión de identidad en CloudGestión de identidad en Cloud
Gestión de identidad en Cloud
 
MH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for SalesforceMH Trailblazer Group - Understanding SSO Solution for Salesforce
MH Trailblazer Group - Understanding SSO Solution for Salesforce
 
Microsoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete TrainingMicrosoft 70-331 Share Point Server 2013 Complete Training
Microsoft 70-331 Share Point Server 2013 Complete Training
 
Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)Sample Template for Single Sign-On (SSO)
Sample Template for Single Sign-On (SSO)
 
Sitecore Security Overview
Sitecore Security OverviewSitecore Security Overview
Sitecore Security Overview
 
Ladies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State ManagementLadies Be Architects: Integration Study Group: Security & State Management
Ladies Be Architects: Integration Study Group: Security & State Management
 
SPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You WantSPUnite17 Who Are You and What Do You Want
SPUnite17 Who Are You and What Do You Want
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
 
Upgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland universityUpgrading to cas 4.0 at oakland university
Upgrading to cas 4.0 at oakland university
 
Session 3c The SF SaaS Framework
Session 3c The SF SaaS FrameworkSession 3c The SF SaaS Framework
Session 3c The SF SaaS Framework
 
CAS Enhancement
CAS EnhancementCAS Enhancement
CAS Enhancement
 
Azure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure ADAzure for SharePoint Developers - Workshop - Part 1: Azure AD
Azure for SharePoint Developers - Workshop - Part 1: Azure AD
 
The bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2CThe bits and pieces of Azure AD B2C
The bits and pieces of Azure AD B2C
 
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
Ladies Be Architects - Study Group III: OAuth 2.0 (Ep 1)
 
Deep thoughts from the real world of azure
Deep thoughts from the real world of azureDeep thoughts from the real world of azure
Deep thoughts from the real world of azure
 

Similar to Identity Access and Management with Globus

Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformIan Foster
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for DevelopersGlobus
 
Building Research Data Portals (GlobusWorld Tour - UMich)
Building Research Data Portals (GlobusWorld Tour - UMich)Building Research Data Portals (GlobusWorld Tour - UMich)
Building Research Data Portals (GlobusWorld Tour - UMich)Globus
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Globus
 
Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Mary Bass
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersGlobus
 
Building the Services Ecosystem (GlobusWorld Tour - STFC)
Building the Services Ecosystem (GlobusWorld Tour - STFC)Building the Services Ecosystem (GlobusWorld Tour - STFC)
Building the Services Ecosystem (GlobusWorld Tour - STFC)Globus
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CJoonas Westlin
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Amazon Web Services
 
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)Globus
 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaSGlobus
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Amazon Web Services
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Amazon Web Services
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
 
Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Globus
 
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 

Similar to Identity Access and Management with Globus (20)

Globus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management PlatformGlobus Auth: A Research Identity and Access Management Platform
Globus Auth: A Research Identity and Access Management Platform
 
Getting Started with Globus for Developers
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
 
Building Research Data Portals (GlobusWorld Tour - UMich)
Building Research Data Portals (GlobusWorld Tour - UMich)Building Research Data Portals (GlobusWorld Tour - UMich)
Building Research Data Portals (GlobusWorld Tour - UMich)
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus Managing Protected and Controlled Data with Globus
Managing Protected and Controlled Data with Globus
 
Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...Foundational Identity Management Services for Research Computing - ARCC Works...
Foundational Identity Management Services for Research Computing - ARCC Works...
 
Introduction to the Globus Platform for Developers
Introduction to the Globus Platform for DevelopersIntroduction to the Globus Platform for Developers
Introduction to the Globus Platform for Developers
 
Building the Services Ecosystem (GlobusWorld Tour - STFC)
Building the Services Ecosystem (GlobusWorld Tour - STFC)Building the Services Ecosystem (GlobusWorld Tour - STFC)
Building the Services Ecosystem (GlobusWorld Tour - STFC)
 
Introduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2CIntroduction to Azure AD and Azure AD B2C
Introduction to Azure AD and Azure AD B2C
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)
Best Practices for Data Sharing (GlobusWorld Tour - Columbia University)
 
Building Research Applications with Globus PaaS
Building Research Applications with Globus PaaSBuilding Research Applications with Globus PaaS
Building Research Applications with Globus PaaS
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS
 
Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5Tutorial: Managing Protected Data with Globus Connect Server v5
Tutorial: Managing Protected Data with Globus Connect Server v5
 
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
Globus High Assurance for Protected Data (GlobusWorld Tour - UCSD)
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 

More from Globus

Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration TopicsGlobus
 
Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowGlobus
 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesGlobus
 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusGlobus
 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for ResearchersGlobus
 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with GlobusGlobus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System AdministratorsGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersGlobus
 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Globus
 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeGlobus
 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New UsersGlobus
 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsGlobus
 
Globus Automation
Globus AutomationGlobus Automation
Globus AutomationGlobus
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System AdministrationGlobus
 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to GlobusGlobus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System AdministratorsGlobus
 

More from Globus (20)

Advanced Globus System Administration Topics
Advanced Globus System Administration TopicsAdvanced Globus System Administration Topics
Advanced Globus System Administration Topics
 
Instrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a FlowInstrument Data Automation: The Life of a Flow
Instrument Data Automation: The Life of a Flow
 
Reliable, Remote Computation at All Scales
Reliable, Remote Computation at All ScalesReliable, Remote Computation at All Scales
Reliable, Remote Computation at All Scales
 
Best Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using GlobusBest Practices for Data Sharing Using Globus
Best Practices for Data Sharing Using Globus
 
An Introduction to Globus for Researchers
An Introduction to Globus for ResearchersAn Introduction to Globus for Researchers
An Introduction to Globus for Researchers
 
Introduction to Research Automation with Globus
Introduction to Research Automation with GlobusIntroduction to Research Automation with Globus
Introduction to Research Automation with Globus
 
Globus for System Administrators
Globus for System AdministratorsGlobus for System Administrators
Globus for System Administrators
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Introduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for ResearchersIntroduction to Data Transfer and Sharing for Researchers
Introduction to Data Transfer and Sharing for Researchers
 
Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)Introduction to the Command Line Interface (CLI)
Introduction to the Command Line Interface (CLI)
 
Automating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and ComputeAutomating Research Data with Globus Flows and Compute
Automating Research Data with Globus Flows and Compute
 
Automating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus PlatformAutomating Research Data Flows and Introduction to the Globus Platform
Automating Research Data Flows and Introduction to the Globus Platform
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 
Introduction to Globus for New Users
Introduction to Globus for New UsersIntroduction to Globus for New Users
Introduction to Globus for New Users
 
Working with Globus Platform Services and Portals
Working with Globus Platform Services and PortalsWorking with Globus Platform Services and Portals
Working with Globus Platform Services and Portals
 
Globus Automation
Globus AutomationGlobus Automation
Globus Automation
 
Advanced Globus System Administration
Advanced Globus System AdministrationAdvanced Globus System Administration
Advanced Globus System Administration
 
Introduction to Globus
Introduction to GlobusIntroduction to Globus
Introduction to Globus
 
Introduction to Globus for System Administrators
Introduction to Globus for System AdministratorsIntroduction to Globus for System Administrators
Introduction to Globus for System Administrators
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Identity Access and Management with Globus

  • 1. Identity Access and Management with Globus Rachana Ananthakrishnan rachana@globus.org
  • 2. Globus Auth: Foundational IAM service • Protects REST API communications between and among apps and services • Federated login for diverse app ecosystem • Based on OAuth2 and OpenID Connect – Least privileges security model: scopes/consents – Access via OAuth2 and OIDC libraries of your choice – Programming language and framework agnostic 4
  • 3. Globus Auth: Identity broker for research apps Brokers authentication and authorization among… • End-users • Identity providers: enterprise, external (e.g. Google) • Services: resource servers with REST APIs • Apps: web, mobile, desktop, command line clients • Services acting as clients to other services 5
  • 4. Use Case: Log in with Globus • Similar to: “Log in with Google” “Log in with Facebook” • Using existing identities • Providing access to community services 6
  • 5. Use Case: App calling service on user’s behalf 8 Authorization Code Grant
  • 6. Use Case: Native Apps calling services High performance, high throughput, computing workflows Globus command line client application Native App Code Grant
  • 7. Use Case: Apps that need offline access Recurring transfers with sync option Copy /ingest Daily @ 3:30am High performance, high throughput, computing workflows Refresh tokens
  • 8. Use Case: Apps invoking service as itself Client Credential Grant
  • 9. Examples: Securing service’s REST API Outsource all IAM, authorization on your own
  • 10. Use case: Invoking dependent services Concierge Service Identifier Mint persistent identifiers Transfer Transfer data Groups Manage groups FAIR Research Data Portal Concierge Service Manage data bags Restricted delegation down the call chain
  • 11. High Assurance support in Globus Auth • Determine which identities in a user’s identity set have been used to authenticate and when • Session context = app instance, device • Information returned via token introspection • Services make access control decisions • Failed operation  app generates specific redirect URL docs.globus.org/api/auth/sessions
  • 12. Services using high assurance features • Globus transfer and groups • Additional authentication assurance – Enforce user authentication with specific identity within session with specific timeframe • Application instance isolation – Authentication context is per app, per session
  • 16. Application instance isolation userX@uchicago.edu Authenticated in browser session (app instance 1) Re-authentication required in different app, same browser(app instance 2) userX@uchicago.edu
  • 17. Application Instance Isolation userX@uchicago.edu Authenticated in browser session (app instance 1) Re-authentication required in CLI session (app instance 2) userX@uchicago.edu
  • 18. More information • Documentation – docs.globus.org • Globus Auth documentation – docs.globus.org/api/auth/ • Python SDK – globus-sdk-python.readthedocs.io/en/stable/ • Support – support@globus.org • Subscribe to blog posts and news/announcements – www.globus.org/contact-us

Editor's Notes

  1. Jetstream, FaceBase (Globus groups service), GPCR (DERIVA USC based projects use login and calling Groups), WholeTale (Groups and transfer)
  2. Recurring replication, Pasrl using refresh tokens
  3. RDA manages user permissions when data is ready for user download. Invokes Globus transfer/sharing as the portal to set permissions. WholeTale does the same (Whole Tale uses its client to create and manage shared endpoints for transferring data in to the system.  We use this so that we create a shared endpoint for each user who deposits data.)
  4. NIH Data Commons Object Resolution Service (As part of the commons the DataCite Object Registration Service was registered with its own scope for allowing programmatic access by other commons services and we have a Jupyter notebook that does the auth flow for creating new identifiers: https://ors.datacite.org/ (this is somewhat like our identifiers service). For the Data Commons, we implemented and secured the Workflow Execution Service (WES) API using Globus Auth and ran several demos with our clients and others accessing it. This was a way to provide a common API across several workflow engines (e.g., Galaxy). https://fair-research.org/deliverables/cross-stack-4m.html
  5. Access Control Identities provided and managed by institution Globus acts as identity broker only, does not access or store any institutional user credentials Institution controls all access policies (at multiple levels) who can access what data and with what permissions who can share what data and with what permissions all access policies can be changed or revoked at any time
  6. Administrator configurable reauthentication timeout