Apache Airavata Security Manager: Authentication and Authorization Implementations for a Multi-Tenant eScience Framework

Thumbnail Image
Files
airavata-security-escience16.pdf (898.88 KB)
If you need an accessible version of this item, please email your request to iusw@iu.edu so that they may create one and provide it to you.
Date
2016-12-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Permanent Link
https://hdl.handle.net/2022/21092
Abstract
eScience middleware frameworks integrating multiple virtual organizations must incorporate comprehensive user identity and access management solutions. In this paper we examine usage patterns for these systems and map the patterns to widely used security standards and approaches. We focus on science gateways, a class of distributed system cyberinfrastructure. Science gateways are end user environments that provide access to a wide range of academic and commercial computing and storage resources for virtual organizations. Successful gateways focus on specific scientific communities and domains, but they build on many reusable features that can be provided by general purpose hosted platform services that can support multiple tenants. Providing a security framework for identity and access management for such hosted service removes the burden for each gateway to handle its user identity management and control access to its critical resources. From the resource provider’s point of view, it provides a basis for more uniform accounting and auditing. Challenges arise from the range of gateways (both legacy and newly created), the range of technologies used to build them, and the range of end user environments (Web, mobile, desktop, and programmatic API clients) that gateways provide. Using Apache Airavata as an implementation, we examine three common gateway types based on where the user identity information is held and how these can be treated in a unified manner using OAuth2 and OpenID-Connect. Our solutions for identity and access management are not specific to Apache Airavata but can be generally applied to any e-Science platform.
Description
Keywords
science gateways, identity management, distributed systems security
Citation
DOI
Link(s) to data and video for this item
Relation
Rights
Type
Article
Collections
Peer-reviewed Publications