References

SciAuth

• Brian Aydemir, Jim Basney, Brian Bockelman, Jeff Gaynor and Derek Weitzel. 2022. SciAuth: A Lightweight End-to-End Capability-Based Authorization Environment for Scientific Computing. In Practice and Experience in Advanced Research Computing (PEARC ‘22), July 10–14, 2022, Boston, MA, USA. ACM, New York, NY, USA. https://doi.org/10.1145/3491418.3535160 (preprint: https://hdl.handle.net/2142/114191)

SciTokens

• You Alex Gao, Jim Basney, and Alex Withers. 2020. SciTokens SSH: Token-based Authentication for Remote Login to Scientific Computing Environments. In Practice and Experience in Advanced Research Computing (PEARC ‘20), July 26-30, 2020, Portland, OR, USA. ACM, New York, NY, USA, 4 pages. https://doi.org/10.1145/3311790.3399613
• Alex Withers, Brian Bockelman, Derek Weitzel, Duncan Brown, Jason Patton, Jeff Gaynor, Jim Basney, Todd Tannenbaum, You Alex Gao, and Zach Miller. 2019. SciTokens: Demonstrating Capability-Based Access to Remote Scientific Data using HTCondor. In Practice and Experience in Advanced Research Computing (PEARC ‘19), July 28-August 1, 2019, Chicago, IL, USA. ACM, New York, NY, USA, 4 pages. https://doi.org/10.1145/3332186.3333258 (preprint: https://arxiv.org/abs/1905.09816)
• Derek Weitzel, Brian Bockelman, Jim Basney, Todd Tannenbaum, Zach Miller, and Jeff Gaynor. Capability-Based Authorization for HEP. In 23rd International Conference on Computing in High Energy and Nuclear Physics (CHEP 2018), July 9-13, 2018, Sofia, Bulgaria. https://doi.org/10.1051/epjconf/201921404014
• Alex Withers, Brian Bockelman, Derek Weitzel, Duncan A. Brown, Jeff Gaynor, Jim Basney, Todd Tannenbaum, Zach Miller, “SciTokens: Capability-Based Secure Access to Remote Scientific Data”, PEARC ‘18: Practice and Experience in Advanced Research Computing, July 2018, Pittsburgh, PA, USA. https://doi.org/10.1145/3219104.3219135 (preprint: https://arxiv.org/abs/1807.04728)

WLCG Tokens

• Altunay, Mine; Bockelman, Brian; Ceccanti, Andrea; Cornwall, Linda; Crawford, Matt; Crooks, David; Dack, Thomas; Dykstra, David; Groep, David; Igoumenos, Ioannis; Jouvin, Michel; Keeble, Oliver; Kelsy, David; Lassnig, Mario; Liampotis, Nicolas; Litmaath, Maarten; McNab, Andrew; Millar, Paul; Sallé, Mischa; Short, Hannah; Teheran, Jeny; Wartel, Romain. WLCG Common JWT Profiles (Version 1.0). Zenodo. September 25, 2019. https://doi.org/10.5281/zenodo.3460258 (preprint: https://github.com/WLCG-AuthZ-WG/common-jwt-profile)

OAuth 2.0

• D. Hardt. 2012. The OAuth 2.0 Authorization Framework. RFC 6749. https://doi.org/10.17487/RFC6749
• M. Jones and D. Hardt. 2012. The OAuth 2.0 Authorization Framework: Bearer Token Usage. RFC 6750. https://doi.org/10.17487/RFC6750
• T. Lodderstedt (Ed.), M. McGloin, and P. Hunt. 2013. OAuth 2.0 Threat Model and Security Considerations. RFC 6819. https://doi.org/10.17487/RFC6819
• M. Jones, N. Sakimura, and J. Bradley. 2018. OAuth 2.0 Authorization Server Metadata. RFC 8414. https://doi.org/10.17487/RFC8414
• M. Jones, A. Nadalin, B. Campbell, J. Bradley, and C. Mortimore. 2020. OAuth 2.0 Token Exchange. RFC 8693. https://doi.org/10.17487/RFC8693
• V. Bertocci. 2021. JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens. RFC 9068. https://doi.org/10.17487/RFC9068
• T. Lodderstedt, J. Bradley, A. Labunets, and D. Fett. OAuth 2.0 Security Best Current Practice. Internet-Draft (work in progress). https://datatracker.ietf.org/doc/draft-ietf-oauth-security-topics/
• T. Lodderstedt, B. Campbell, N. Sakimura, D. Tonge, and F. Skokan. OAuth 2.0 Pushed Authorization Requests. RFC 9126. https://doi.org/10.17487/RFC9126
• T. Lodderstedt, J. Richer, and B. Campbell. OAuth 2.0 Rich Authorization Requests. RFC 9396. https://doi.org/10.17487/RFC9396

OAuth 2.1

• D. Hardt, A. Parecki, and T. Lodderstedt. The OAuth 2.1 Authorization Framework. Internet-Draft (work in progress). https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/

JWT

• M. Jones, J. Bradley, and N. Sakimura. 2015. JSON Web Token (JWT). RFC 7519. https://doi.org/10.17487/RFC7519
• Y. Sheffer, D. Hardt, and M. Jones. 2020. JSON Web Token Best Current Practices. RFC 8725. https://doi.org/10.17487/RFC8725

GNAP

• J. Richer (Ed.), A. Parecki, and F. Imbault. Grant Negotiation and Authorization Protocol. Internet-Draft (work in progress). https://datatracker.ietf.org/doc/html/draft-ietf-gnap-core-protocol
• J. Richer (Ed.), A. Parecki, and F. Imbault. Grant Negotiation and Authorization Protocol Resource Server Connections. Internet-Draft (work in progress). https://datatracker.ietf.org/doc/html/draft-ietf-gnap-resource-servers

GA4GH Passports

• Craig Voisin, Mikael Linden, Stephanie O.M. Dyke, Sarion R. Bowers, Pinar Alper, Maxmillian P. Barkley, David Bernick, Jianpeng Chao, Mélanie Courtot, Francis Jeanson, Melissa A. Konopko, Martin Kuba, Jonathan Lawson, Jaakko Leinonen, Stephanie Li, Vivian Ota Wang, Anthony A. Philippakis, Kathy Reinold, Gregory A. Rushton, J. Dylan Spalding, Juha Törnroos, Ilya Tulchinsky, Jaime M. Guidry Auvil, Tommi H. Nyrönen. GA4GH Passport standard for digital identity and access permissions. Cell Genomics, Volume 1, Issue 2, 2021, 100030, ISSN 2666-979X. https://doi.org/10.1016/j.xgen.2021.100030

OSCRP

• Peisert, Sean, Von Welch, Andrew Adams, RuthAnne Bevier, Michael Dopheide, Rich LeDuc, Pascal Meunier, Steve Schwab, and Karen Stocks. Open Science Cyber Risk Profile (OSCRP), Version 1.3. August 2020. https://hdl.handle.net/2022/21259
• S. Peisert and V. Welch, “The Open Science Cyber Risk Profile: The Rosetta Stone for Open Science and Cybersecurity,” in IEEE Security & Privacy, vol. 15, no. 5, pp. 94-95, 2017. https://doi.org/10.1109/MSP.2017.3681058