The goal of the SciAuth project is to improve the usability and interoperability of the security credentials that scientists use to access NSF cyberinfrastructure, thereby improving the productivity of the many scientific collaborations supported by NSF cyberinfrastructure. SciAuth does not propose a new credential mechanism for NSF cyberinfrastructure, but rather it provides community engagement, support for coordinated adoption of community standards, assistance with software integration, security analysis and threat modeling, training, and workforce development to enable improved interoperability and usability for security credentials across NSF cyberinfrastructure. SciAuth aims to help the community realize the benefits of an interoperable, capability-based ecosystem when transitioning between credential technologies.
Usable mechanisms for privilege management are critical for enabling productive scientific collaborations across a diverse and distributed scientific cyberinfrastructure ecosystem. The SciTokens project demonstrated that the use of JWTs with the IETF OAuth standard for privilege delegation provides a breakthrough for interoperable, least-privilege resource sharing in scientific collaborations. Now our challenge is to make that breakthrough technology usable by scientists across disciplines, project sizes, and software ecosystems by enabling coordinated deployments across cyberinfrastructures in active use today.
Try our Jupyter Notebook that demonstrates basic usage of SciTokens: https://sciauth.org/notebook-demo
The SciAuth project is participating in the 2022 OSG All-Hands Meeting on March 14-18. The OSG Technology session on Wednesday includes an “OSG 3.6 and Token Transition Update”, and the OSG and U.S. LHC session on Friday includes a “Discussion about token transition and GSI retirement”. Slides and recordings will be posted.
The newly published “JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens” (RFC 9068) is a valuable standards reference for our use of JWTs with OAuth for interoperable, least-privilege resource access in scientific collaborations. RFC 9068 includes guidance about issuing the “aud”, “scope”, “groups”, “roles”, and “entitlements” claims, about using the “resource” parameter in requests, and about validating tokens. It also addresses important security and privacy considerations. Work is already underway to align existing SciTokens and WLCG profiles with this new standard.
SciAuth is co-organizing the Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) with TAGPMA on October 18, 2021. Visit https://sciauth.org/workshop/2021/ for workshop schedule, materials, and additional information.
The SciAuth project will be participating in the Open Science Grid Token Transition Workshop to be held October 14-15, 2021. See https://opensciencegrid.org/technology/policy/gridftp-gsi-migration/ for additional details on OSG token transition plans.
The SciAuth project is participating in multiple sessions at the 2021 NSF Cybersecurity Summit, including a plenary presentation about the SciAuth project and a workshop on Token-Based Authentication and Authorization. The Summit is online the weeks of October 11 & 18. See our talks page for links to presentation materials and recordings.
The SciAuth project is now accepting applications for our student fellows program. For more information about the program and the application process, please visit https://sciauth.org/fellows/ and/or contact firstname.lastname@example.org.
The 2021 NSF Cybersecurity Summit Workshop on Token-Based Authentication and Authorization (WoTBAn&Az 2021) call for proposals is open until
September 14September 30. To present at the workshop, please send the names, affiliations, and emails for the presenters along with the title and a short description of the topic to be presented to email@example.com. See https://sciauth.org/workshop/ for more details.
The August 2021 Token Pilot Infrastructure Integration Hackathon will be held on Tuesday, August 31 from 1-5pm CDT. See our mailing list post for details.
SciAuth PI Jim Basney presented about CILogon project updates for IAM Online on July 27 at 2pm (Eastern), including the latest about CILogon support for SciTokens. The webinar recording is available at https://youtu.be/7F-q2HRRGUE.
SciAuth co-PI Brian Bockelman presented the talk “A capability-based authorization infrastructure for distributed High Throughput Computing” on Monday July 26th at 11am (Eastern). See the Trusted CI blog for details. The recording is available at https://youtu.be/VTnGuBL6PYI.
The SciAuth project will start on July 1, 2021. We’ve posted our SciAuth Project Proposal to the site.
subscribe via RSS