Unlocking data: federated identity with LSDMA and dCache

Not scheduled


1919-1 Tancha, Onna-son, Kunigami-gun Okinawa, Japan 904-0495
poster presentation Track3: Data store and access


Paul Millar (Deutsches Elektronen-Synchrotron (DE))


X.509, the dominant identity system from grid computing, has proved unpopular for many user communties. More popular alternatives generally assume the user is interacting via their web-browser. Such alternatives allow a user to authenticate with many services with the same credentials (username and password). They also allow users from different organisations form collaborations quickly and simply. Scientists generally require that their custom analysis software has direct access to the data. Such direct access is not currently supported by alternatives to X.509, as they require the use of a web-browser. Various approaches to solve this issue are being investigated as part of the Large Scale Data Management and Analysis (LSDMA) project, a German funded national R&D project. These involve dynamic credential translation (creating an X.509 credential) to allow backwards compatibility in addition to direct SAML- and OpenID Connect-based authentication. We present a summary of the current state of art and the current status of the federated identity work funded by the LSDMA project along with the future road map.

Primary authors

Arsen Hayrapetyan (ANSL (Yerevan Physics Institute) (AM)) Christian Bernardt (Deutsches Elektronen-Synchrotron (DE)) Dmitry Litvintsev (FNAL) Gerd Behrmann (NDGF) Karsten Schwank Marcus Hardt (Kalrsruhe Institute of Technology) Dr Patrick Fuhrmann (DESY) Paul Millar (Deutsches Elektronen-Synchrotron (DE)) Tigran Mkrtchyan (Unknown)

Presentation materials