Webinar: Authorizing Access to Science Gateway Resources
January 9, 2019
Authorizing Access to Science Gateway Resources
Presented by Jim Basney of NCSA & Trusted CI, Marlon Pierce of Indiana University & SGCI, and Tom Barton of the University of Chicago & Internet2
Data use agreements, controlled-access data sets, and restricted-access scientific instruments are just a few examples of authorization challenges faced by science gateways. There are many options for authenticating science gateway users, but fewer options for implementing complex authorization policies after users log on. The three panelists for this webinar will present their perspectives and experiences with authorization solutions applicable to science gateways.
Q&A from the webinar:
- Q: In OAuth, can the user choose which items they allow and which not from the list of access requested by the app?
A: In general a gateway should only request what items they need, so a user would accept or deny all.
- Q: What is a good resource for getting started with Research & Scholarship attributes? I collect these attributes for my gateway with a custom sign-up form.
A: InCommon's Research & Scholarship info is here: https://spaces.at.internet2.
edu/display/InCFederation/ Research+and+Scholarship+ Category.
- Q: What is the URL for the paper "Federated Identity Management for Research Collaborations"?
- Q: Is there any sort of federation body that takes into consideration students in K-12?
A: The Steward program was started to address this audience https://www.incommon.org/
steward/, but there hasn't been enough perceived need to carry the project forward. As of now, there is no federation body for K-12.
- Q: Any tips or success paths for gateways that must deal with PII information? I know this is not directly related to security but security plays a huge role in the overall infrastructure plan.
A: That's a big question! Some things that come to mind: First, I hope that on your campus the CISO's office is viewed as a good enabling resource. If so, they should be able to provide in-depth guidance and assistance. Second, the TrustedCI Open Science Cyber Risk Profile https://trustedci.org/oscrp can be useful to help you think through how to suitably protect the PII.
- Q: How do I learn more about Airavata?
A: See http://airavata.apache.org/
mailing-list.html to subscribe to the Airavata dev list.