View
2
Download
0
Category
Preview:
Citation preview
CILogon www.cilogon.org
Jim Basneyjbasney@ncsa.illinois.edu
CILogon 2.0
This material is based upon work supported by the National Science Foundation under grant number 1547268. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors
and do not necessarily reflect the views of the United States Government or any agency thereof.
CILogon www.cilogon.org
CILogon 2.0 Project
❏ 3 year NSF CICI award❏ January 2016 - December 2018
❏ Provide an integrated open source Identity and Access Management (IdAM) platform for cyberinfrastructure❏ CILogon: federated identity management❏ COmanage: collaborative organization
management❏ Support international collaborations
CILogon www.cilogon.org
CILogon 2.0 Team Members
❏ Jim Basney❏ Terry Fleury❏ Jeff Gaynor❏ Venkat Yekkirala
❏ Heather Flanagan❏ Scott Koranda❏ Benn Oshrin❏ Arlen Johnson
CILogon www.cilogon.org
Science Partners
❏ NANOGrav Physics Frontiers Center
❏ Laser Interferometer Gravitational-Wave Observatory (LIGO)
❏ Data Observation Network for Earth (DataONE)
CILogon www.cilogon.org
Cyberinfrastructure Partners
❏ Operational support❏ Integration platform❏ International use
cases
❏ Support for European identities
❏ Using eduGAIN
CILogon www.cilogon.org
CILogon in Europe
❏ Supporting internationalresearch collaborations
❏ Int’l IdP support at cilogon.org via InCommon’s eduGAIN membership❏ Depends on int’l R&S and SIRTFI adoption
❏ European CILogon instance❏ Addresses EU attribute release policies❏ IGTF accredited CA: https://rcauth.eu/
CILogon www.cilogon.org
SAML SP
OIDC Provider
X.509 CA HSM
OIDC SP
MFA (OATH)
LDAP
COmanage
Identities
MFA Tokens
SSH Keys
Groups
Attributes
SAML AA
User Registry Interface
eduGAIN IdP
Google IdP
Science App
OAuth SPORCID
Science App
Science App
Science App
InCommon IdP
Logical Component
View
CILogon www.cilogon.org
SAML to OpenID Connect (OIDC) Proxy
❏ Supporting e-Science clients❏ Review & approval by CILogon staff
❏ User consent based on requested scopes❏ openid, profile, email❏ org.cilogon.userinfo (eppn, affiliation)❏ edu.uiuc.ncsa.myproxy.getcert
(to allow X.509 certificate issuance)❏ VO attributes
www.cilogon.org/oidc
CILogon www.cilogon.org
CILogon User Consent
CILogon www.cilogon.org
Managing Virtual Organizations
❏ enrollment flows❏ expiration policies❏ delegated group
management❏ attribute mapping❏ application
registration❏ plug-ins and
pipelines
CILogon www.cilogon.org
Bridging Campus and VO IAM
❏ CILogon passes campus/VO attributes to the e-Science SP❏ Always requiring user consent❏ Attribute scopes approved per-client
❏ COmanage displays terms and conditions during VO enrollment❏ VO attribute release policy applied per client
CILogon www.cilogon.org
CILogon 2.0: Status
❏ Successes so far❏ OpenID Connect (OIDC) support❏ International interoperability❏ COmanage integration❏ ORCID integration❏ Use with Globus, JupyterHub, Kubernetes,
and SciGaP❏ Challenges
❏ Interoperability with campus IdPs
CILogon www.cilogon.org
Enabling Access from Campus
❏ Operate an InCommon IdPhttps://incommon.org/federation/info/all-entities
❏ Meet InCommon's Baseline Expectationshttps://spaces.internet2.edu/display/BE
❏ Support REFEDS R&Shttps://incommon.org/federation/info/all-entity-categories
❏ Support SIRTFIhttps://incommon.org/federation/info/all-idps-certified
https://cilogon.org/testidp
CILogon www.cilogon.org
ATLAS ConnectBrandeisClemson CyberGISCERNCMS ConnectDataONEDOE KBaseDuke CI Connect
FermilabGlobusIndiana UniversityLIGOLRZMITNANOGrav (Pilot)NorthwesternNotre Dame
OOIOSC OnDemandOSG ConnectSciGaPSeedMeSWAMPUNLXSEDE... and more
CILogon-enabled Sites
CILogon www.cilogon.org
CILogon www.cilogon.org
Want to work with us?
❏ Research projects with collaborators across multiple institutions
❏ Using federated identity❏ Managing group
memberships and application authorization
❏ OAuth, OpenID Connect, SAML, LDAP, SSH, X.509
❏ Outsourcing IAM services
❏ Consistent with InCommon Research & Scholarship definition
jbasney@ncsa.illinois.eduinfo@cilogon.org
Recommended