Trusted CI Webinar: SciTokens—Federated Authorization for Distributed Scientific Computing, Jan 25, 2021
- Published on Thursday, 14 January 2021 19:00
ciTokens: Federated Authorization for Distributed Scientific Computing on Monday, January 25th at 11am (Eastern)
Please register here. Be sure to check spam/junk folder for registration confirmation email.
SciTokens (https://scitokens.org/), an NSF CICI project, works to advance the use of bearer tokens and capabilities in distributed scientific infrastructures. It applies the JSON Web Token (JWT) and OAuth standards to the needs of scientific cyberinfrastructure, where widely-distributed computing, data, instruments, and software services are harnessed for scientific workflows, requiring an authorization mechanism that itself is distributed. Typically, JWTs are used in a single web application, with a single token issuer and verifier and OAuth2 deployment scenarios support only one or a few token issuers, using opaque tokens that must be validated by a callback to the corresponding issuer. In contrast, SciTokens supports many token issuers, with signing keys, policies, and endpoint URLs published via OAuth Authorization Server Metadata, using self-describing JWTs rather than opaque tokens, so the tokens can be independently verified by distributed services without requiring a callback to the token issuer.
The use of JWTs with OAuth is now a draft profile of the IETF OAuth working group. OAuth token refresh enables long-lived scientific workflows, and OAuth Token Exchange enables workflow systems to reduce token privileges, effectively implementing least-privilege delegation across the cyberinfrastructure ecosystem.
In this webinar, members of the SciTokens project will discuss progress since their 2019 NSF Summit presentation, including the project's latest open source software releases, interoperability with the WLCG Common JWT Profiles, updates from Fermilab, LIGO, XSEDE, and WLCG (presented at the recent TAGPMA Workshop on Token-Based Authentication and Authorization), and support for SciTokens in CILogon and HTCondor.
Speaker Bios: Jim Basney is a Principal Research Scientist in NCSA's Cybersecurity Division, Brian Bockelman is an Investigator at Morgridge Institute for Research, Todd Tannenbaum is a Researcher in Distributed Computing at University of Wisconsin-Madison, and Derek Weitzel is a Research Assistant Professor at University of Nebraska-Lincoln.