Speaker
Description
DataHarbor is a modern web application designed to provide researchers with secure, intuitive access to large-scale data stored on distributed storage systems through the XRootD protocol. The system provides a web-based file browser that enables seamless directory navigation, metadata inspection, and on-demand file downloads. Files are streamed directly from XRootD storage to the user's browser using chunked transfer encoding with adaptive buffering, eliminating intermediate storage and enabling efficient and secure downloads of multi-gigabyte datasets over WAN connections.
The architecture implements comprehensive security at multiple layers using the Backend-For-Frontend (BFF) pattern. User authentication is managed through OpenID Connect (OIDC) with enterprise-grade security: all OAuth tokens are stored exclusively server-side, Secure, and SameSite cookies, preventing XSS and CSRF attacks. The frontend Vue.js application never accesses authentication tokens, while the Go backend handles all security-critical operations including session management, token validation, and automatic refresh token rotation.
A key technical contribution is the integration and extension of the native Go XRootD client from the go-hep.org/x/hep HEP project. While the original library provided basic XRootD functionality, we significantly extended it to support Zero-Trust Networking (ZTN) protocol authentication combined with TLS encryption for the native xrd:// protocol. This enhancement enables secure, token-based authentication on native XRootD connections using OAuth tokens from OIDC-compliant identity providers such as Keycloak, previously only possible via HTTP. The ZTN implementation validates tokens server-side through SciTokens, maps authenticated users to Unix credentials via the multiuser plugin, and ensures TLS-encrypted data transport while maintaining native protocol performance.