Boost your cybersecurity with help from Trusted CI, the NSF Cybersecurity Center of Excellence
Trusted CI, the NSF Cybersecurity Center of Excellence, offers a variety of information and services that are relevant to science gateways.
- Training materials easily accessible online:
- For gateway development, materials associated with software assurance (writing secure code) and identity management
- For gateway operation, materials associated with log analysis, incident response, and situational awareness
- One-on-one engagements with NSF-funded projects that vary in scope (see the application details, including important dates). Engagements may range from a very brief (couple of weeks) cybersecurity “checkup” to a more in-depth, six-month engagement.
- Trusted CI also contributes to SGCI's biannual Science Gateways Bootcamp, run by the Incubator, that provides a week-long workshop for gateway PIs and developers.
Finally, we encourage those in the science gateways community to reach out to us and join our mailing lists. We are here to help!
Trusted CI Webinar: SciTokens—Federated Authorization for Distributed Scientific Computing, Jan 25, 2021
Please register here. Be sure to check spam/junk folder for registration confirmation email.
SciTokens (https://scitokens.org/), an NSF CICI project, works to advance the use of bearer tokens and capabilities in distributed scientific infrastructures. It applies the JSON Web Token (JWT) and OAuth standards to the needs of scientific cyberinfrastructure, where widely-distributed computing, data, instruments, and software services are harnessed for scientific workflows, requiring an authorization mechanism that itself is distributed. Typically, JWTs are used in a single web application, with a single token issuer and verifier and OAuth2 deployment scenarios support only one or a few token issuers, using opaque tokens that must be validated by a callback to the corresponding issuer. In contrast, SciTokens supports many token issuers, with signing keys, policies, and endpoint URLs published via OAuth Authorization Server Metadata, using self-describing JWTs rather than opaque tokens, so the tokens can be independently verified by distributed services without requiring a callback to the token issuer.
The use of JWTs with OAuth is now a draft profile of the IETF OAuth working group. OAuth token refresh enables long-lived scientific workflows, and OAuth Token Exchange enables workflow systems to reduce token privileges, effectively implementing least-privilege delegation across the cyberinfrastructure ecosystem.
In this webinar, members of the SciTokens project will discuss progress since their 2019 NSF Summit presentation, including the project's latest open source software releases, interoperability with the WLCG Common JWT Profiles, updates from Fermilab, LIGO, XSEDE, and WLCG (presented at the recent TAGPMA Workshop on Token-Based Authentication and Authorization), and support for SciTokens in CILogon and HTCondor.
Speaker Bios: Jim Basney is a Principal Research Scientist in NCSA's Cybersecurity Division, Brian Bockelman is an Investigator at Morgridge Institute for Research, Todd Tannenbaum is a Researcher in Distributed Computing at University of Wisconsin-Madison, and Derek Weitzel is a Research Assistant Professor at University of Nebraska-Lincoln.