The goal of the SciAuth project is to improve the usability and interoperability of the security credentials that scientists use to access NSF cyberinfrastructure, thereby improving the productivity of the many scientific collaborations supported by NSF cyberinfrastructure. SciAuth does not propose a new credential mechanism for NSF cyberinfrastructure, but rather it provides community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development to enable improved interoperability and usability for security credentials across NSF cyberinfrastructure. SciAuth aims to help the community realize the benefits of an interoperable, capability-based ecosystem when transitioning between credential technologies.

Usable mechanisms for privilege management are critical for enabling productive scientific collaborations across a diverse and distributed scientific cyberinfrastructure ecosystem. The SciTokens project demonstrated that the use of JWTs with the IETF OAuth standard for privilege delegation provides a breakthrough for interoperable, least-privilege resource sharing in scientific collaborations. Now our challenge is to make that breakthrough technology usable by scientists across disciplines, project sizes, and software ecosystems by enabling coordinated deployments across cyberinfrastructures in active use today.

Demo

Try our Jupyter Notebooks that demonstrate basic usage of SciTokens:

• Python: Notebook Repo
• C/C++: Notebook Repo

Mailing List

To join the discuss@sciauth.org mailing list, send email to discuss+subscribe@sciauth.org. The list archives are public.

YouTube Channel

Please subscribe to our YouTube channel for tutorials and other project videos.

News

• Aug 26, 2024

  Trusted CI Webinar: JSON Web Tokens for Science

  The SciAuth project presented a hands-on tutorial at the August 2024 Trusted CI Webinar about “JSON Web Tokens for Science”. The slides and video are available.

• Aug 15, 2023

  SciAuth Student Fellows: Fall 2023 Cohort

  The SciAuth project is now inviting applications for the Fall 2023 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.

• Jul 24, 2023

  SciAuth at PEARC23

  The SciAuth project presented a tutorial at PEARC23 on “Capability Tokens for Science” on Monday, July 24 at 1:30-4:30pm local time. Also, SciAuth student fellow Md Jobair Hossain Faruk from Kennesaw State University presented a paper at PEARC23 titled “A Comparative Analysis Between SciTokens, Verifiable Credentials, and Smart Contracts: Novel Approaches for Authentication and Secure Access to Scientific Data”.

• Jul 11, 2023

  SciAuth at HTC 23

  The SciAuth project is participating in HTC 23, July 10-14 in Madison, Wisconsin, including a presentation on “Migrating to Token-based Authorization” on Tuesday, July 11. Please join us for discussions about authorization in HTCondor and Open Science Grid.

• Dec 11, 2022

  SciAuth Student Fellows: Spring 2023 Cohort

  The SciAuth project is now inviting applications for the Spring 2023 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.

• Dec 6, 2022

  Slides from TechEx22 Panel

  Slides from the December 6 panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange are now available. Quick links: 1 2 3 4

• Dec 5, 2022

  SciAuth at TechEx 2022

  The SciAuth project is participating in a FIM4R/TAGPMA working group meeting and a panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange December 5-9 in Denver.

• Oct 18, 2022

  WoTBAn&Az 2022

  The 2022 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2022) will be held Tuesday, October 18, co-located with the 2022 NSF Cybersecurity Summit. Visit https://sciauth.org/workshop/2022/ for details.

• Sep 15, 2022

  ARC-CE/HTCondor Token Authentication Hackathon

  On September 15-16, 2022, Nikhef, Nordugrid, and the Center for High Throughput Computing will host a hackathon to work on interoperability between ARC-CE and HTCondor using token authentication in Amsterdam, NL. The goal of the hackathon is to have working end-to-end pilot jobs submitted to ARC-CEs using only tokens for the authentication, authorization, mapping, etc. Visit https://indico.nikhef.nl/event/3612/ for details.

• Jul 22, 2022

  SciAuth Student Fellows: Fall 2022 Cohort

  After a very successful SciAuth Student Fellows cohort at the beginning of the year, the SciAuth project is now inviting applications for the Fall 2022 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.

• Jul 10, 2022

  SciAuth at PEARC22

  The SciAuth project is presenting our paper on “SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing” at PEARC22. The paper preprint is available at https://hdl.handle.net/2142/114191.

• May 23, 2022

  SciAuth at HTCondor Week 2022

  The SciAuth project is participating in HTCondor Week 2022 on May 23-26. SciAuth personnel are offering a SciTokens tutorial on Monday, May 23. See https://youtu.be/kfTNVdgSGKo for a preview of the tutorial.

• Mar 14, 2022

  Token Transition Updates at OSG All-Hands Meeting

  The SciAuth project is participating in the 2022 OSG All-Hands Meeting on March 14-18. The OSG Technology session on Wednesday includes an “OSG 3.6 and Token Transition Update”, and the OSG and U.S. LHC session on Friday includes a “Discussion about token transition and GSI retirement”. Slides and recordings will be posted.

• Oct 28, 2021

  WLCG AuthZ Call: Merging SciTokens and WLCG Profiles

  Merging the SciTokens and WLCG profiles for greater interoperability is an important goal of the SciAuth project. The WLCG AuthZ working group will be discussing it on our Oct 28 2021 call.

• Oct 22, 2021

  RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

  The newly published “JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens” (RFC 9068) is a valuable standards reference for our use of JWTs with OAuth for interoperable, least-privilege resource access in scientific collaborations. RFC 9068 includes guidance about issuing the “aud”, “scope”, “groups”, “roles”, and “entitlements” claims, about using the “resource” parameter in requests, and about validating tokens. It also addresses important security and privacy considerations. Work is already underway to align existing SciTokens and WLCG profiles with this new standard.

• Oct 18, 2021

  Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021)

  SciAuth is co-organizing the Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) with TAGPMA on October 18, 2021. Visit https://sciauth.org/workshop/2021/ for workshop schedule, materials, and additional information.

• Oct 14, 2021

  OSG Token Transition Workshop

  The SciAuth project will be participating in the Open Science Grid Token Transition Workshop to be held October 14-15, 2021. See https://opensciencegrid.org/technology/policy/gridftp-gsi-migration/ for additional details on OSG token transition plans.

• Oct 11, 2021

  SciAuth at the NSF Cybersecurity Summit

  The SciAuth project is participating in multiple sessions at the 2021 NSF Cybersecurity Summit, including a plenary presentation about the SciAuth project and a workshop on Token-Based Authentication and Authorization. The Summit is online the weeks of October 11 & 18. See our talks page for links to presentation materials and recordings.

• Oct 4, 2021

  Now Accepting SciAuth Student Felows Applications

  The SciAuth project is now accepting applications for our student fellows program. For more information about the program and the application process, please visit https://sciauth.org/fellows/ and/or contact fellows@sciauth.org.

• Sep 30, 2021

  WoTBAn&Az 2021 Call for Proposals

  The 2021 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) call for proposals is open until September 14 September 30. To present at the workshop, please send the names, affiliations, and emails for the presenters along with the title and a short description of the topic to be presented to workshop@sciauth.org. See https://sciauth.org/workshop/ for more details.

• Aug 31, 2021

  August 2021 Token Pilot Infrastructure Integration Hackathon

  The August 2021 Token Pilot Infrastructure Integration Hackathon will be held on Tuesday, August 31 from 1-5pm CDT. See our mailing list post for details.

• Jul 27, 2021

  IAM Online: CILogon

  SciAuth PI Jim Basney presented about CILogon project updates for IAM Online on July 27 at 2pm (Eastern), including the latest about CILogon support for SciTokens. The webinar recording is available at https://youtu.be/7F-q2HRRGUE.

• Jul 26, 2021

  Trusted CI Webinar

  SciAuth co-PI Brian Bockelman presented the talk “A capability-based authorization infrastructure for distributed High Throughput Computing” on Monday July 26th at 11am (Eastern). See the Trusted CI blog for details. The recording is available at https://youtu.be/VTnGuBL6PYI.

• May 11, 2021

  Preparing for Project Start

  The SciAuth project will start on July 1, 2021. We’ve posted our SciAuth Project Proposal to the site.

subscribe via RSS