case studies in identity management for scientific collaboration 2014 technology exchange jim basney...
TRANSCRIPT
Case Studies in Identity Management for Scientific Collaboration
2014 Technology Exchange
Jim Basney
CILogon
This material is based upon work supported by the National Science Foundation under grant numbers 0943633 and 1053575 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
CILogon www.cilogon.org
CILogon – https://cilogon.org/
• Provides personal digital certificates for access to cyberinfrastructure
• Uses federated authentication for user identification
CILogon www.cilogon.org
Federated Authentication
• Log on to CILogon using your campus (InCommon) or Google (OpenID) account
CILogon www.cilogon.org
Bridging InCommon and IGTF
• Translating mechanism and policy across higher education and grid trust federations
CILogon www.cilogon.org
Multiple Levels of Assurance
• CILogon Silver CA– InCommon Silver IDs– IGTF accredited February
2011
• CILogon Basic CA– “Basic” InCommon IDs– IGTF accredited
June 2014
• Google Authenticator provides second authentication factor
CILogon www.cilogon.org
Multiple Interfaces
• SAML/OpenID Web Browser SSO– PKCS12 certificate download– Certificate issuance via OAuth– Coming Soon:
• OpenID Connect token issuance
• SAML ECP– Command-line certificate issuance
CILogon www.cilogon.org
ligo-proxy-init using SAML ECP$ ligo-proxy-init scott.koranda
Your identity: [email protected]
Enter pass phrase for this identity:
Creating proxy .................................... Done
Your proxy is valid until: Mar 5 13:45:16 2013 GMT
$ grid-proxy-info -all
subject : /DC=org/DC=cilogon/C=US/O=LIGO/CN=Scott Koranda [email protected]
issuer : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
identity : /DC=org/DC=cilogon/C=US/O=LIGO/CN=Scott Koranda [email protected]
type : end entity credential
strength : 2048 bits
path : /tmp/x509up_u1000
timeleft : 71:59:52 (3.0 days)
CILogon www.cilogon.org
Integrated with CyberInfrastructure
CILogon www.cilogon.org
Integrated with Globus
CILogon www.cilogon.org
Used by DOE KBase
CILogon www.cilogon.org
Used by OSG Connect
CILogon www.cilogon.org
Used by ATLAS Connect
CILogon www.cilogon.org
Integrated with Campus
CILogon www.cilogon.org
CILogon and XSEDE
• CILogon is– a component in the XSEDE architecture– following the XSEDE engineering process:
architecture, design, and security reviews and operational acceptance tests
• XSEDE provides sustained operational support to CILogon users (ATLAS, DataONE, OOI, OSG, KBASE, LIGO, etc.)
• Including backup CILogon instance at NICS
CILogon
CILogon www.cilogon.org
InCommon R&S SP
CILogon www.cilogon.org
Jun-
10
Aug-1
0
Nov-1
0
Mar
-11
May
-11
Aug-1
1
Nov-1
1
Feb-1
2
May
-12
Aug-1
2
Nov-1
2
Feb-1
3
May
-13
Aug-1
3
Nov-1
3
Feb-1
4
May
-14
Aug-1
40
20
40
60
80
100
120
140
IdPs Added via R&S
IdPs Added via CILogon
To
tal
Ide
nti
ty P
rov
ide
rs
CILogon www.cilogon.org
May
-10
Sep-1
0
Jan-
11
May
-11
Sep-1
1
Jan-
12
May
-12
Sep-1
2
Jan-
13
May
-13
Sep-1
3
Jan-
14
May
-14
Sep-1
40
500
1000
1500
2000
2500
3000
3500
4000
Other InC IDs
LIGO IDs
NIH IDs
Google IDs
ProtectNetwork IDs
To
tal
Us
ers
CILogon www.cilogon.org
Replicating CILogon Internationally