Speaker
Lassi Tuura
(Northeastern University)
Description
The CMS experiment at the Large Hadron Collider has deployed numerous web-based services in order to serve the collaboration effectively. We present the two-phase authentication and authorisation system in use in the data quality and computing monitoring services, and in the data- and workload management services. We describe our techniques intended to provide a high level of security with minimum harassment, and how we have applied a role-based authorisation model to a variety of services depending on the task and the strength of the authentication. We discuss the experience of implementing authentication at front-end servers separate from application servers, and challenges authenticating both humans and programs effectively. We describe our maintenance procedures and report capacity and performance results.
Authors
Derek Feichtinger
(PSI)
Giulio Eulisse
(Northeastern University)
Lassi Tuura
(Northeastern University)
Ricky Egeland
(University of Minnesota)
Simon Metson
(Bristol University)
Valentin Kuznetsov
(Cornell University)
