SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing
Article No.: 45, Pages 1 - 5
Abstract
We introduce a new end-to-end software environment that enables experimentation with using SciTokens for capability-based authorization in scientific computing. This set of interconnected Docker containers enables science projects to gain experience with the SciTokens model prior to adoption. It is a product of our SciAuth project, which supports the adoption of the SciTokens model through community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development.
References
[1]
Mine Altunay, Brian Bockelman, Andrea Ceccanti, Linda Cornwall, Matt Crawford, David Crooks, Thomas Dack, David Dykstra, David Groep, Ioannis Igoumenos, Michel Jouvin, Oliver Keeble, David Kelsey, Mario Lassnig, Nicolas Liampotis, Maarten Litmaath, Andrew McNab, Paul Millar, Mischa Sallé, Hannah Short, Jeny Teheran, and Romain Wartel. 2019. WLCG Common JWT Profiles. Zenodo. https://doi.org/10.5281/zenodo.3460258
[2]
Brian Aydemir. 2022. scitokens-jupyter 0.0.3. Zenodo. https://doi.org/10.5281/zenodo.6425179
[3]
Jim Basney, Heather Flanagan, Terry Fleury, Jeff Gaynor, Scott Koranda, and Benn Oshrin. 2019. CILogon: Enabling Federated Identity and Access Management for Scientific Collaborations. PoS ISGC2019(2019), 031. https://doi.org/10.22323/1.351.0031
[4]
V. Bertocci. 2021. JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens. RFC 9068. IETF. https://doi.org/10.17487/RFC9068
[5]
Brian Bockelman, Andrew Hanushevsky, Oliver Keeble, Mario Lassnig, Paul Millar, Derek Weitzel, and Wei Yang. 2019. Bootstrapping a new LHC data transfer ecosystem. In EPJ Web of Conferences, Vol. 214. EDP Sciences, EDP Sciences, France, 04045. https://doi.org/10.1051/epjconf/201921404045
[6]
Duncan Brown, Derek Weitzel, and Jeff Gaynor. 2022. scitokens/lightweight-issuer: First release. Zenodo. https://doi.org/10.5281/zenodo.6418252
[7]
D. Hardt. 2012. The OAuth 2.0 Authorization Framework. RFC 6749. IETF. https://doi.org/10.17487/RFC6749
[8]
M. Jones, J. Bradley, and N. Sakimura. 2015. JSON Web Token (JWT). RFC 7519. IETF. https://doi.org/10.17487/RFC7519
[9]
M. Jones and D. Hardt. 2012. The OAuth 2.0 Authorization Framework: Bearer Token Usage. RFC 6750. IETF. https://doi.org/10.17487/RFC6750
[10]
M. Jones, A. Nadalin, B. Campbell, J. Bradley, and C. Mortimore. 2020. OAuth 2.0 Token Exchange. RFC 8693. IETF. https://doi.org/10.17487/RFC8693
[11]
M. Jones, N. Sakimura, and J. Bradley. 2018. OAuth 2.0 Authorization Server Metadata. RFC 8414. IETF. https://doi.org/10.17487/RFC8414
[12]
Zach Miller, Dan Bradley, Todd Tannenbaum, and Igor Sfiligoi. 2010. Flexible session management in a distributed environment. Journal of Physics: Conference Series 219, 4 (2010), 042017. https://doi.org/10.1088/1742-6596/219/4/042017
[13]
Craig Voisin, Mikael Linden, Stephanie O.M. Dyke, Sarion R. Bowers, Pinar Alper, Maxmillian P. Barkley, David Bernick, Jianpeng Chao, Mélanie Courtot, Francis Jeanson, Melissa A. Konopko, Martin Kuba, Jonathan Lawson, Jaakko Leinonen, Stephanie Li, Vivian Ota Wang, Anthony A. Philippakis, Kathy Reinold, Gregory A. Rushton, J. Dylan Spalding, Juha Törnroos, Ilya Tulchinsky, Jaime M. Guidry Auvil, and Tommi H. Nyrönen. 2021. GA4GH Passport standard for digital identity and access permissions. Cell Genomics 1, 2 (2021), 100030. https://doi.org/10.1016/j.xgen.2021.100030
[14]
Alex Withers, Brian Bockelman, Derek Weitzel, Duncan Brown, Jason Patton, Jeff Gaynor, Jim Basney, Todd Tannenbaum, You Alex Gao, and Zach Miller. 2019. SciTokens: Demonstrating Capability-Based Access to Remote Scientific Data using HTCondor. In Proceedings of the Practice and Experience in Advanced Research Computing (Chicago, IL, USA) (PEARC ’19). ACM, New York, NY, USA, Article 118, 4 pages. https://doi.org/10.1145/3332186.3333258
Recommendations
Recommendation Models for Open Authorization
Major online platforms such as Facebook, Google, and Twitter allow third-party applications such as games, and productivity applications access to user online private data. Such accesses must be authorized by users at installation time. The Open ...
Comments
Information & Contributors
Information
Published In
July 2022
455 pages
ISBN:9781450391610
DOI:10.1145/3491418
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 July 2022
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
Acceptance Rates
Overall Acceptance Rate 133 of 202 submissions, 66%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 173Total Downloads
- Downloads (Last 12 months)83
- Downloads (Last 6 weeks)25
Reflects downloads up to 22 Sep 2024
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatGet Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in