ARCHIVED: Completed project: Distributed web security for science gateways

This content has been archived, and is no longer maintained by Indiana University. Resources linked from this page may no longer be available or reliable.

Primary UITS contact: Marlon Pierce

Completed: July 31, 2014

Description: Science gateways broaden and simplify access to cyberinfrastructure (CI) by providing web-based interfaces to collaboration, analysis, data management, and other tools for students and researchers. In a recent survey of 5,000 NSF PIs, NSF's Campus Bridging Task Force found that "the most common method of accessing CI across the entire dimension of providers is via web browser/portal." As these science gateway interfaces to cyberinfrastructure grow in popularity, web portal developers adopt ad hoc approaches to the security challenges of authentication, authorization, and delegation. Science gateways integrate cyberinfrastructure resources on the researcher's behalf, i.e., accessing data, compute cycles, instruments, and other valuable resources. Resource access often requires use of the researcher's security credentials, in some cases exposing the researcher's password to potential compromise at the science gateway. There is no standard approach for a researcher to control and limit a science gateway's access to his or her resources. Thus, researchers are required to accept an unnecessarily high security risk when using science gateways.

For more, see Gateway Security.

Outcome: The project enhances cyberinfrastructure for research and education by providing common software building blocks for science gateway security. These building blocks will facilitate secure connections between gateways and other cyberinfrastructure, increasing scientists' and resource providers' trust in web-based interfaces. The ongoing migration from command-line to web-based interfaces promises to broaden the use of cyberinfrastructure by researchers and students, enhancing educational impact and researcher productivity. Too often, security is a stumbling block for cyberinfrastructure deployment and use. By addressing common security use cases, the project will provide standard methods to facilitate secure cyberinfrastructure access.

Milestones and status: For project milestones, status, and recognition, see Gateway Security: News.

Comment process: To contribute or become a part of the group, see Gateway Security: Discussion. For issues, questions, and clarifications, create a JIRA issue for the team. To contact the IU Science Gateway Group (SGG), use the IU SGG contact page.

Benefits: The project's software directly addresses security risks by providing authorization and delegation for science gateways that comply with the Internet Engineering Task Force's standard OAuth protocol, which has been widely adopted in the Web 2.0, cloud, and social networking worlds. The project provides:

  • A robust, well-documented OAuth server implementation supporting science gateway use cases
  • A set of client libraries and authentication modules to enable current and future gateways to interact with the server implementation out of the box with common web platforms
  • Full integration with popular gateways and cyberinfrastructure providers

For downloads, see Gateway Security: Downloads.

Related information: For more, see:

Client impact: See Gateway Security. The site's pages describe the services and facilities offered to the targeted audience. For client impact information, see Gateway Security: About and Gateway Security: Case Studies.

Project team: See Gateway Security: Staff.

Governance: The project is governed by open source software governance; see Apache Corporate Governance.

This is document bedr in the Knowledge Base.
Last modified on 2018-01-18 17:33:33.

Contact us

For help or to comment, email the UITS Support Center.