Speaker
Description
The Institute of High Energy Physics (IHEP), Chinese Academy of Sciences,is a leading research institution in China dedicated to high-energy physics, advanced accelerator technology development, and nuclear technology applications. IHEP undertakes several major national science infrastructure projects, the most prominent of which is the High Energy Photon Source (HEPS). With an electron beam energy of 6 GeV and 14 user beamlines planned for its first phase, HEPS will deliver synchrotron radiation with high energy (up to 300 keV), high brightness, and high coherence. In addition, IHEP operates multiple large-scale facilities such as the Beijing Synchrotron Radiation Facility (BSRF) and the China Spallation Neutron Source (CSNS) across different campuses, all of which require interconnection. This distributed, multi-source environment presents significant challenges to identity management, data security, and system integration.
To address cross-site, multi-source authentication, the HEPS authentication system integrates user information from the CAS Large Scientific Facilities Sharing Platform (LSSF), CSNS, IHEP, and HEPS itself. This enables researchers to use a single set of credentials across different campuses to perform experiment applications, computations, reconstructions, and data retrieval.
IHEP also maintains multiple remote computing clusters with complex storage architectures closely tied to experimental data. To facilitate seamless data access and collaborative computation across these clusters, we have developed a unified computing environment interconnection solution. This solution uses Active Directory (AD) as the central identity repository and employs customized SSSD templates to accurately map consistent user identities onto each cluster. By overcoming barriers caused by physical separation and divergent storage systems, this architecture ensures uniformity in user attributes and provides robust, efficient, and scalable identity and permission support for interdisciplinary collaboration.
To meet growing demands for domestic and international cooperation, the HEPS authentication system has joined both the CARSI (China Academic Research and Collaboration Infrastructure) federation and the international EduGAIN network. These memberships enable researchers from universities, institutes, and organizations worldwide to log in conveniently and securely, laying the foundation for smooth experimental workflows.
In summary, to address these multifaceted requirements, IHEP’s authentication system has undergone comprehensive upgrades and functional expansions. These enhancements provide strong technical support for stable facility operations and greatly improve convenience and reliability for scientists conducting cutting-edge experiments.
| Desired slot length | 15 |
|---|---|
| Speaker release | Yes |