The goal of the SciAuth project is to improve the usability and interoperability of the security credentials that scientists use to access NSF cyberinfrastructure, thereby improving the productivity of the many scientific collaborations supported by NSF cyberinfrastructure. SciAuth does not propose a new credential mechanism for NSF cyberinfrastructure, but rather it provides community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development to enable improved interoperability and usability for security credentials across NSF cyberinfrastructure. SciAuth aims to help the community realize the benefits of an interoperable, capability-based ecosystem when transitioning between credential technologies.
Usable mechanisms for privilege management are critical for enabling productive scientific collaborations across a diverse and distributed scientific cyberinfrastructure ecosystem. The SciTokens project demonstrated that the use of JWTs with the IETF OAuth standard for privilege delegation provides a breakthrough for interoperable, least-privilege resource sharing in scientific collaborations. Now our challenge is to make that breakthrough technology usable by scientists across disciplines, project sizes, and software ecosystems by enabling coordinated deployments across cyberinfrastructures in active use today.
Try our Jupyter Notebook that demonstrates basic usage of SciTokens: https://sciauth.org/notebook-demo
Please subscribe to our YouTube channel for tutorials and other project videos.
Slides from the December 6 panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange are now available: 20221206-1-dsimmel-tokens.pptx / 2022-TechEx-TomDack.pptx / TechEx22-Tokens-Basney.pptx / TechEx2022-Tokens-JTeheran.pptx
The SciAuth project is participating in a FIM4R/TAGPMA working group meeting and a panel session on Token-Based Authentication and Authorization at the 2022 Internet2 Technology Exchange December 5-9 in Denver.
The 2022 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2022) will be held Tuesday, October 18, co-located with the 2022 NSF Cybersecurity Summit. Visit https://sciauth.org/workshop/2022/ for details.
On September 15-16, 2022, Nikhef, Nordugrid, and the Center for High Throughput Computing will host a hackathon to work on interoperability between ARC-CE and HTCondor using token authentication in Amsterdam, NL. The goal of the hackathon is to have working end-to-end pilot jobs submitted to ARC-CEs using only tokens for the authentication, authorization, mapping, etc. Visit https://indico.nikhef.nl/event/3612/ for details.
After a very successful SciAuth Student Fellows cohort at the beginning of the year, the SciAuth project is now inviting applications for the Fall 2022 student fellows cohort. Please visit https://sciauth.org/fellows/ for details.
The SciAuth project is presenting our paper on “SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing” at PEARC22. The paper preprint is available at https://hdl.handle.net/2142/114191.
The SciAuth project is participating in HTCondor Week 2022 on May 23-26. SciAuth personnel are offering a SciTokens tutorial on Monday, May 23. See https://youtu.be/kfTNVdgSGKo for a preview of the tutorial.
The SciAuth project is participating in the 2022 OSG All-Hands Meeting on March 14-18. The OSG Technology session on Wednesday includes an “OSG 3.6 and Token Transition Update”, and the OSG and U.S. LHC session on Friday includes a “Discussion about token transition and GSI retirement”. Slides and recordings will be posted.
The newly published “JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens” (RFC 9068) is a valuable standards reference for our use of JWTs with OAuth for interoperable, least-privilege resource access in scientific collaborations. RFC 9068 includes guidance about issuing the “aud”, “scope”, “groups”, “roles”, and “entitlements” claims, about using the “resource” parameter in requests, and about validating tokens. It also addresses important security and privacy considerations. Work is already underway to align existing SciTokens and WLCG profiles with this new standard.
SciAuth is co-organizing the Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) with TAGPMA on October 18, 2021. Visit https://sciauth.org/workshop/2021/ for workshop schedule, materials, and additional information.
The SciAuth project will be participating in the Open Science Grid Token Transition Workshop to be held October 14-15, 2021. See https://opensciencegrid.org/technology/policy/gridftp-gsi-migration/ for additional details on OSG token transition plans.
The SciAuth project is participating in multiple sessions at the 2021 NSF Cybersecurity Summit, including a plenary presentation about the SciAuth project and a workshop on Token-Based Authentication and Authorization. The Summit is online the weeks of October 11 & 18. See our talks page for links to presentation materials and recordings.
The SciAuth project is now accepting applications for our student fellows program. For more information about the program and the application process, please visit https://sciauth.org/fellows/ and/or contact email@example.com.
The 2021 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) call for proposals is open until
September 14September 30. To present at the workshop, please send the names, affiliations, and emails for the presenters along with the title and a short description of the topic to be presented to firstname.lastname@example.org. See https://sciauth.org/workshop/ for more details.
The August 2021 Token Pilot Infrastructure Integration Hackathon will be held on Tuesday, August 31 from 1-5pm CDT. See our mailing list post for details.
SciAuth PI Jim Basney presented about CILogon project updates for IAM Online on July 27 at 2pm (Eastern), including the latest about CILogon support for SciTokens. The webinar recording is available at https://youtu.be/7F-q2HRRGUE.
SciAuth co-PI Brian Bockelman presented the talk “A capability-based authorization infrastructure for distributed High Throughput Computing” on Monday July 26th at 11am (Eastern). See the Trusted CI blog for details. The recording is available at https://youtu.be/VTnGuBL6PYI.
The SciAuth project will start on July 1, 2021. We’ve posted our SciAuth Project Proposal to the site.
subscribe via RSS