Speaker
Paul Millar
(Deutsches Elektronen-Synchrotron (DE))
Description
X.509, the dominant identity system from grid computing, has proved
unpopular for many user communties. More popular alternatives
generally assume the user is interacting via their web-browser. Such
alternatives allow a user to authenticate with many services with the
same credentials (username and password). They also allow users
from different organisations form collaborations quickly and simply.
Scientists generally require that their custom analysis software has
direct access to the data. Such direct access is not currently
supported by alternatives to X.509, as they require the use of a
web-browser.
Various approaches to solve this issue are being investigated as part
of the Large Scale Data Management and Analysis (LSDMA) project, a
German funded national R&D project. These involve dynamic credential
translation (creating an X.509 credential) to allow backwards
compatibility in addition to direct SAML- and OpenID Connect-based
authentication.
We present a summary of the current state of art and the current
status of the federated identity work funded by the LSDMA project
along with the future road map.
Authors
Arsen Hayrapetyan
(ANSL (Yerevan Physics Institute) (AM))
Christian Bernardt
(Deutsches Elektronen-Synchrotron (DE))
Dmitry Litvintsev
(FNAL)
Gerd Behrmann
(NDGF)
Karsten Schwank
Marcus Hardt
(Kalrsruhe Institute of Technology)
Dr
Patrick Fuhrmann
(DESY)
Paul Millar
(Deutsches Elektronen-Synchrotron (DE))
Tigran Mkrtchyan
(Unknown)
