An OAuth service for issuing certificates to science gateways for TeraGrid users

Authors:
Jim Basney;Jeff Gaynor
Affiliations:
University of Illinois at Urbana-Champaign, Urbana, Illinois;University of Illinois at Urbana-Champaign, Urbana, Illinois
Venue:
Proceedings of the 2011 TeraGrid Conference: Extreme Digital Discovery
Year:
2011

Citing 11
Cited 2

The MyProxy online credential repository: Research Articles

Software—Practice & Experience - Grid Security
Science gateway, portal and other community interfaces to high end resources

Proceedings of the 2006 ACM/IEEE conference on Supercomputing
A AAAA model to support science gateways with community accounts: Research Articles

Concurrency and Computation: Practice & Experience - Science Gateways—Common Community Interfaces to Grid Resources
Special Issue: Science Gateways—Common Community Interfaces to Grid Resources: Editorials

Concurrency and Computation: Practice & Experience - Science Gateways—Common Community Interfaces to Grid Resources
TeraGrid Science Gateways and Their Impact on Science

Computer
Building the PolarGrid portal using web 2.0 and OpenSocial

Proceedings of the 5th Grid Computing Environments Workshop
Using dynamic accounts to enable access to advanced resources through science gateways

Proceedings of the 5th Grid Computing Environments Workshop
Federated login to TeraGrid

Proceedings of the 9th Symposium on Identity and Trust on the Internet
TeraGrid Science Gateway AAAA Model: implementation and lessons learned

Proceedings of the 2010 TeraGrid Conference
Accelerating science gateway development with Web 2.0 and Swift

Proceedings of the 2010 TeraGrid Conference
The Quakesim portal and services: new approaches to science gateway development techniques

Concurrency and Computation: Practice & Experience - Proceedings of the 6th ACES Symposium, May 11–16, 2008, Cairns, Australia

Distributed web security for science gateways

Proceedings of the 2011 ACM workshop on Gateway computing environments
CILogon: a federated X.509 certification authority for cyberinfrastructure logon

Proceedings of the Conference on Extreme Science and Engineering Discovery Environment: Gateway to Discovery

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a TeraGrid OAuth service, integrated with the TeraGrid User Portal and TeraGrid MyProxy service, that provides certificates to science gateways. The OAuth service eliminates the need for TeraGrid users to disclose their TeraGrid passwords to science gateways when accessing their individual TeraGrid accounts via gateway interfaces. Instead, TeraGrid users authenticate at the TeraGrid User Portal to approve issuance of a certificate by MyProxy to the science gateway they are using. We present the design and implementation of the TeraGrid OAuth service, describe the underlying network protocol, and discuss design decisions and security considerations we made while developing the service in consultation with TeraGrid working groups and staff.