Show simple item record

dc.contributor.author Heiland, Randy
dc.contributor.author Koranda, Scott
dc.contributor.author Marru, Suresh
dc.contributor.author Pierce, Marlon
dc.contributor.author Welch, Von
dc.date.accessioned 2016-01-26T20:50:46Z
dc.date.available 2016-01-26T20:50:46Z
dc.date.issued 2015-06-16
dc.identifier.citation Randy Heiland, Scott Koranda, Suresh Marru, Marlon Pierce, and Von Welch. 2015. Authentication and Authorization Considerations for a Multi-tenant Service. In Proceedings of the 1st Workshop on The Science of Cyberinfrastructure: Research, Experience, Applications and Models (SCREAM '15). ACM, New York, NY, USA, 29-35. DOI=http://dx.doi.org/10.1145/2753524.2753534 en
dc.identifier.uri https://hdl.handle.net/2022/20619
dc.description.abstract Distributed cyberinfrastructure requires users (and machines) to perform some sort of authentication and authorization (together simply known as "auth"). In the early days of com- puting, authentication was performed with just a username and password combination, and this is still prevalent today. But during the past several years, we have seen an evolution of approaches and protocols for auth: Kerberos, SSH keys, X.509, OpenID, API keys, OAuth, and more. Not surpris- ingly, there are trade-offs, both technical and social, for each approach. The NSF Science Gateway communities have had to deal with a variety of auth issues. However, most of the early gateways were rather restrictive in their model of access and development. The practice of using community credentials (certificates), a well-intentioned idea to alleviate restrictive access, still posed a barrier to researchers and challenges for security and auditing. And while the web portal-based gate- way clients offered users easy access from a browser, both the interface and the back-end functionality were constrained in the flexibility and extensibility they could provide. Design- ing a well-defined application programming interface (API) to fine-grained, generic gateway services (on secure, hosted cyberinfrastructure), together with an auth approach that has a lower barrier to entry, will hopefully present a more welcoming environment for both users and developers. This paper provides a review and some thoughts on these topics, with a focus on the role of auth between a Science Gateway and a service provider. en
dc.description.sponsorship National Science Foundation, Grant Numbers 1339774 and 1234408. en
dc.language.iso en_US en
dc.publisher ACM en
dc.rights Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Permissions@acm.org. SCREAM ’15, June 16 2015, Portland, OR, USA Copyright is held by the owner/author(s). Publication rights licensed to ACM. ACM 978-1-4503-3566-9/15/06...$15.00 en
dc.subject cybersecurity en
dc.subject authentication en
dc.subject usability en
dc.subject science gateways en
dc.title Authentication and Authorization Considerations for a Multi-tenant Service en
dc.type Article en
dc.identifier.doi http://dx.doi.org/10.1145/2753524.2753534
dc.identifier.doi dx.doi.org/10.1145/2753524.2753534
dc.altmetrics.display true en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search IUScholarWorks


Advanced Search

Browse

My Account

Statistics