Lassi Tuura (Northeastern University)
The CMS experiment at the Large Hadron Collider has deployed numerous web-based services in order to serve the collaboration effectively. We present the two-phase authentication and authorisation system in use in the data quality and computing monitoring services, and in the data- and workload management services. We describe our techniques intended to provide a high level of security with minimum harassment, and how we have applied a role-based authorisation model to a variety of services depending on the task and the strength of the authentication. We discuss the experience of implementing authentication at front-end servers separate from application servers, and challenges authenticating both humans and programs effectively. We describe our maintenance procedures and report capacity and performance results.