The goal of the SciAuth project is to improve the usability and interoperability of the security credentials that scientists use to access NSF cyberinfrastructure, thereby improving the productivity of the many scientific collaborations supported by NSF cyberinfrastructure. SciAuth does not propose a new credential mechanism for NSF cyberinfrastructure, but rather it provides community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development to enable improved interoperability and usability for security credentials across NSF cyberinfrastructure. SciAuth aims to help the community realize the benefits of an interoperable, capability-based ecosystem when transitioning between credential technologies.
Usable mechanisms for privilege management are critical for enabling productive scientific collaborations across a diverse and distributed scientific cyberinfrastructure ecosystem. The SciTokens project demonstrated that the use of JWTs with the IETF OAuth standard for privilege delegation provides a breakthrough for interoperable, least-privilege resource sharing in scientific collaborations. Now our challenge is to make that breakthrough technology usable by scientists across disciplines, project sizes, and software ecosystems by enabling coordinated deployments across cyberinfrastructures in active use today.
Try our Jupyter Notebook that demonstrates basic usage of SciTokens: https://sciauth.org/notebook-demo
To join the firstname.lastname@example.org mailing list, send email to email@example.com. The list archives are public.
Please subscribe to our YouTube channel for tutorials and other project videos.
SciAuth Student Fellows: Spring 2023 Cohort
The SciAuth project is now inviting applications for the Spring 2023 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.
Slides from TechEx22 Panel
Slides from the December 6 panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange are now available. Quick links: 1 2 3 4
SciAuth at TechEx 2022
The SciAuth project is participating in a FIM4R/TAGPMA working group meeting and a panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange December 5-9 in Denver.
The 2022 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2022) will be held Tuesday, October 18, co-located with the 2022 NSF Cybersecurity Summit. Visit https://sciauth.org/workshop/2022/ for details.
ARC-CE/HTCondor Token Authentication Hackathon
On September 15-16, 2022, Nikhef, Nordugrid, and the Center for High Throughput Computing will host a hackathon to work on interoperability between ARC-CE and HTCondor using token authentication in Amsterdam, NL. The goal of the hackathon is to have working end-to-end pilot jobs submitted to ARC-CEs using only tokens for the authentication, authorization, mapping, etc. Visit https://indico.nikhef.nl/event/3612/ for details.
SciAuth Student Fellows: Fall 2022 Cohort
After a very successful SciAuth Student Fellows cohort at the beginning of the year, the SciAuth project is now inviting applications for the Fall 2022 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.
SciAuth at PEARC22
The SciAuth project is presenting our paper on “SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing” at PEARC22. The paper preprint is available at https://hdl.handle.net/2142/114191.
SciAuth at HTCondor Week 2022
The SciAuth project is participating in HTCondor Week 2022 on May 23-26. SciAuth personnel are offering a SciTokens tutorial on Monday, May 23. See https://youtu.be/kfTNVdgSGKo for a preview of the tutorial.
Token Transition Updates at OSG All-Hands Meeting
The SciAuth project is participating in the 2022 OSG All-Hands Meeting on March 14-18. The OSG Technology session on Wednesday includes an “OSG 3.6 and Token Transition Update”, and the OSG and U.S. LHC session on Friday includes a “Discussion about token transition and GSI retirement”. Slides and recordings will be posted.
WLCG AuthZ Call: Merging SciTokens and WLCG Profiles
Merging the SciTokens and WLCG profiles for greater interoperability is an important goal of the SciAuth project. The WLCG AuthZ working group will be discussing it on our Oct 28 2021 call.
RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
The newly published “JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens” (RFC 9068) is a valuable standards reference for our use of JWTs with OAuth for interoperable, least-privilege resource access in scientific collaborations. RFC 9068 includes guidance about issuing the “aud”, “scope”, “groups”, “roles”, and “entitlements” claims, about using the “resource” parameter in requests, and about validating tokens. It also addresses important security and privacy considerations. Work is already underway to align existing SciTokens and WLCG profiles with this new standard.
Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021)
SciAuth is co-organizing the Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) with TAGPMA on October 18, 2021. Visit https://sciauth.org/workshop/2021/ for workshop schedule, materials, and additional information.
OSG Token Transition Workshop
The SciAuth project will be participating in the Open Science Grid Token Transition Workshop to be held October 14-15, 2021. See https://opensciencegrid.org/technology/policy/gridftp-gsi-migration/ for additional details on OSG token transition plans.
SciAuth at the NSF Cybersecurity Summit
The SciAuth project is participating in multiple sessions at the 2021 NSF Cybersecurity Summit, including a plenary presentation about the SciAuth project and a workshop on Token-Based Authentication and Authorization. The Summit is online the weeks of October 11 & 18. See our talks page for links to presentation materials and recordings.
Now Accepting SciAuth Student Felows Applications
The SciAuth project is now accepting applications for our student fellows program. For more information about the program and the application process, please visit https://sciauth.org/fellows/ and/or contact firstname.lastname@example.org.
WoTBAn&Az 2021 Call for Proposals
The 2021 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) call for proposals is open until
September 14September 30. To present at the workshop, please send the names, affiliations, and emails for the presenters along with the title and a short description of the topic to be presented to email@example.com. See https://sciauth.org/workshop/ for more details.
August 2021 Token Pilot Infrastructure Integration Hackathon
The August 2021 Token Pilot Infrastructure Integration Hackathon will be held on Tuesday, August 31 from 1-5pm CDT. See our mailing list post for details.
IAM Online: CILogon
SciAuth PI Jim Basney presented about CILogon project updates for IAM Online on July 27 at 2pm (Eastern), including the latest about CILogon support for SciTokens. The webinar recording is available at https://youtu.be/7F-q2HRRGUE.
Trusted CI Webinar
SciAuth co-PI Brian Bockelman presented the talk “A capability-based authorization infrastructure for distributed High Throughput Computing” on Monday July 26th at 11am (Eastern). See the Trusted CI blog for details. The recording is available at https://youtu.be/VTnGuBL6PYI.
Preparing for Project Start
The SciAuth project will start on July 1, 2021. We’ve posted our SciAuth Project Proposal to the site.
subscribe via RSS