The Geodetic Facility for the Advancement of Geoscience (GAGE), is operated by UNAVCO
and funded by the NSF and NASA. The GAGE project’s mission is to
provide support to the larger NSF investigator community for geodesy,
earth sciences research, education, and workforce development. During
the second half of 2020, GAGE and the Trusted CI/CI CoE Identity
Management working group collaborated on an engagement to design a
working proof of concept for integrating federated identity into GAGE’s
researcher data portal.
The Cyberinfrastructure Center of Excellence Pilot
(CI CoE) is a Trusted CI partner, specializing in providing expertise
and active support to CI practitioners at the NSF major facilities in
order to accelerate the data lifecycle and ensure the integrity and
effectiveness of the CI upon which research and discovery depends. The
Identity Management working group is a joint effort between the CI CoE
and Trusted CI to provide subject matter expertise and advice to major
facilities on trust and identity issues, best practices and
implementation. The working group's target audience is NSF funded major
facilities, but participation in the working group is open to anyone in
higher education and IAM.
The engagement began in July 2020 with a
month long series of interviews between working group members and GAGE
department leadership. GAGE came into the engagement with a series of
needs that had arisen from practice and with a request from NSF to
collect information on how their research data was being used. The
working group used the interviews to identify key systems and areas of
impact in order to present GAGE with a design for integrating federated
identity into their data portal using elements of InCommon’s Trusted Access Platform.
Over
the next three months, the engagement team met with members of GAGE’s
software development team, CILogon, and COmanage to finalize and
implement the proof of concept design. This design used CILogon to
consume federated identities from other InCommon member institutions and
then used COmanage registry to store GAGE specific attributes for those
identities to grant permission for accessing various data groups,
membership in research projects, and home institutions. Identities and
attributes stored in COmanage could then be passed to the GAGE data
portal using OIDC claim tokens; granting permissions appropriately at
the time of access and allowing GAGE to track which identities were
requesting what permissions for their data.
The engagement culminated with a 15-page report
delivered to GAGE in February 2021 containing detailed observations
from interviews, alternate design configurations and tools for the proof
of concept, lessons learned through the implementation process, and
identification of future opportunities for investment and collaboration
in IAM. Additionally, findings from this engagement will be included in
an IAM cookbook that the working group plans to release in 2022. The
Identity Management working group meets monthly on the second Monday at
2pm Eastern time. For more information about the Identity Management
working group, please see the Trusted CI IAM page, the CI CoE working group directory, or join our mailing list to receive updates on working group meetings and products.
GAGE is funded by an NSF award managed by the Division of Earth Sciences (Award #1724794) and is operated by UNAVCO.
The CI CoE Pilot is supported by a grant managed by the NSF Office of
Advanced Cyberinfrastructure (Award #1842042) and is a collaboration
between the University of Southern California, University of North
Carolina at Chapel Hill, University of Notre Dame, University of Utah,
and Indiana University. The working group would like to thank the
following institutions and organizations for the collaboration and
contributions to the engagement: Internet2 and InCommon, the CILogon
team, the COmanage team, and the Globus team.
