Webinar: Authorizing Access to Science Gateway Resources
January 9, 2019
Authorizing Access to Science Gateway Resources
Presented by Jim Basney of NCSA & Trusted CI, Marlon Pierce of Indiana University & SGCI, and Tom Barton of the University of Chicago & Internet2
Data use agreements, controlled-access data sets, and restricted-access scientific instruments are just a few examples of authorization challenges faced by science gateways. There are many options for authenticating science gateway users, but fewer options for implementing complex authorization policies after users log on. The three panelists for this webinar will present their perspectives and experiences with authorization solutions applicable to science gateways.
Q&A from the webinar:
- Q: In OAuth, can the user choose which items they allow and which not from the list of access requested by the app?
A: In general a gateway should only request what items they need, so a user would accept or deny all.
- Q: What is a good resource for getting started with Research & Scholarship attributes? I collect these attributes for my gateway with a custom sign-up form.
A: InCommon's Research & Scholarship info is here: https://spaces.at.internet2.
edu/display/InCFederation/ Research+and+Scholarship+ Category.
- Q: What is the URL for the paper "Federated Identity Management for Research Collaborations"?
- Q: Is there any sort of federation body that takes into consideration students in K-12?
A: The Steward program was started to address this audience https://www.incommon.org/
steward/, but there hasn't been enough perceived need to carry the project forward. As of now, there is no federation body for K-12.
- Q: Any tips or success paths for gateways that must deal with PII information? I know this is not directly related to security but security plays a huge role in the overall infrastructure plan.
A: That's a big question! Some things that come to mind: First, I hope that on your campus the CISO's office is viewed as a good enabling resource. If so, they should be able to provide in-depth guidance and assistance. Second, the TrustedCI Open Science Cyber Risk Profile https://trustedci.org/oscrp can be useful to help you think through how to suitably protect the PII.
- Q: How do I learn more about Airavata?
A: See http://airavata.apache.org/
mailing-list.html to subscribe to the Airavata dev list.
Webinar: Cybersecurity for the Modern Science Gateway
February 14, 2018
Cybersecurity for the Modern Science Gateway
Presented by Von Welch, Director, Indiana University Center for Applied Cybersecurity Research and Center for Trustworthy Scientific Cyberinfrastructure
Mark Krenz, Lead Security Analyst, Indiana University Center for Applied Cybersecurity Research
Science Gateways may be varied in their individual design and purpose, but can all benefit from a commonly used approach to Cybersecurity. Join security experts from the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) as they present an easy-to-follow overview of the resources available to start or improve your gateway's cybersecurity program. From this presentation, you will learn the three key cybersecurity aspects that science gateways share as well as the three goals your program should strive to achieve in cybersecurity. An overview of techniques and tools will be shown to provide guidance to those not focused on cybersecurity, but wishing to address its challenges.
Resources mentioned during the webinar:
- More information about CTSC: https://trustedci.org/
- Federated Identity Management for Research Organizations, Jim Basney and Scott Koranda http://hdl.handle.net/2022/21329
- Facilitating Scientific Collaborations by Delegating Identity Management: Reducing Barriers & Roadmap for Incremental Implementation. Robert Cowles, Craig Jackson, and Von Welch http://hdl.handle.net/2022/20357
- “Developing Cybersecurity Programs for NSF Projects” Bob Cowles, Craig Jackson, Jim Marsteller, Susan Sons: http://hdl.handle.net/2022/21327
- “Science Gateway Security Recommendations” J. Basney, V. Welch http://www.ncsa.illinois.edu/People/jbasney/201309-gwsec.pdf
- CTSC's call for engagements: https://trustedci.org/application/
- Further questions always welcome through SGCI or firstname.lastname@example.org