Trusted CI Webinar Mar 23rd at 11am ET: OnTimeURB with Prasad Calyam

University of Missouri-Columbia's Prasad Calyam is presenting the talk, "OnTimeURB: Multi-cloud Broker Framework for Creation of Secure and High-performance Science Gateways," on March 23rd at 11am (Eastern).

Please register here. Be sure to check spam/junk folder for registration confirmation email.

Data-intensive science applications in research fields such as bioinformatics, chemistry, and material science are increasingly becoming multi-domain in nature. To augment local campus CyberInfrastructure (CI) resources, these applications rely on multi-institutional resources that are remotely accessible (e.g., scientific instruments, supercomputers, public clouds). Provisioning of such federated CI resources has been traditionally based on applications’ performance and quality of service (QoS) requirements. This talk will detail our project that aims to augment traditional resource provisioning schemes through novel schemes for formalizing end-to-end security requirements to align security posture across multi-domain resources with heterogeneous policies. We will present our OnTimeURB broker design to foster end-to-end multi-domain security for science gateway applications in bioinformatics and health information sharing that involves defining, formalizing and implementing security specifications along an application's workflow lifecycle stages.

More information about OnTimeURB is available at https://sites.google.com/view/ontimebroker/.

Speaker Bio: Prasad Calyam is an Associate Professor in the Department of Electrical Engineering and Computer Science at University of Missouri-Columbia. His research and development areas of interest include: Distributed and Cloud Computing, Cyber Security, Computer Networking, Networked-Multimedia Applications, and Advanced Cyberinfrastructure. He has published over 125 papers in various conference and journal venues. He is a Senior Member of IEEE.

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

IAM for Research Organizations at AGU17

CILogon and CTSC are co-organizing a workshop on Identity and Access Management for Research Organizations co-located with the 2017 AGU Fall Meeting. The workshop will provide an overview of identity and access management (IAM) issues including single sign-on (SSO) facing research collaborations and demonstrate IAM solutions available to both large and small collaborations using interactive tutorials. CTSC's Jim Basney and Scott Koranda will present.

The workshop will be held Sunday, December 10 from 9am to 5pm CT at the HIlton New Orleans Riverside. Visit the workshop's Eventbright page to register. There is no registration fee. Space is available for up to 20 attendees.

Workshop topics will include:

• Research Identity Management Process Needs
• Federated Identity for Authentication (SAML and OIDC)
• The Complexities of SAML Federation
• Non-Browser Clients and Federated Identity
• Participant Lifecycle Management
• Application Integration and Provisioning

Please contact jbasney@illinois.edu with any questions about the workshop.

October 2015 WISE Workshop

Operators of scientific cyberinfrastructure (CI) and National Research and Education Networks (NRENs) will be meeting October 20-22 in Barcelona to discuss security collaboration at the WISE Workshop ("Wise Information Security for collaborating E-infrastructures"). Participants will discuss evaluating the maturity of security operations using frameworks such as ISO 27000, the Trust Framework for Security Collaboration among Infrastructures (SCI), and the CTSC Guide. Also, participants will discuss security incident handling, including the Security Incident Response Trust Framework for Federated Identity (Sirtfi). Please consider joining us at the workshop. It will be a particularly valuable opportunity for security staff supporting international scientific collaborations to interact with their European counterparts. Registration is now open. If you have any comments, including topics you would like CTSC staff to raise at the workshop, please join the CTSC discussion list or contact CTSC directly.

AARC and CTSC Collaborate on Interfederation

CTSC is starting a collaboration with the European Authentication and Authorisation for Research and Collaboration (AARC) project on use of federated identities for international science. AARC is a two year project that started May 2015. Jim Basney from CTSC joined the June 3-4 AARC kick-off meeting to begin the collaboration.

As the infrastructures for international scientific collaborations migrate from X.509 to SAML for identity management, there is a strong need for interoperability across national SAML federation boundaries. In 2014, the US InCommon federation joined eduGAIN, which connects SAML federations around the world, and now InCommon is engaging with science projects on international interfederation pilots. At the same time, the AARC project in Europe is addressing international adoption of SAML federations by research projects. This represents an opportunity to achieve critical mass around EU-US interfederation activities for science, with CTSC providing needed coordination on the US side.

Specific goals for the CTSC-AARC collaboration include:

1. Training: Develop and disseminate training materials to enable science projects to implement federated access.
2. Pilots: Facilitate US participation in interfederation pilot projects.
3. Incident Response: Establish an operational framework for security and incident response in R&E federations via the SIRTFI working group.
4. Levels of Assurance: Map requirements of cyberinfrastructure providers to an assurance framework that can be implemented in a cost-effective manner by identity federations. 

CTSC will gather input from US cyberinfrastructure (CI) projects for AARC activities, disseminate training and other AARC project outputs to US CI projects, and facilitate EU-US pilot projects.

To participate in the discussion, please join the CTSC Federated Identity Discussion List.

Soliciting input on federated identity/InCommon needs

Hello, Von Welch, CTSC Director and PI here.

 I've recently accepted a one-year advisory term on the InCommon Steering committee. In that role, I will work to see the needs of NSF CI projects and similar research service providers (SPs) are addressed.

 The first thing I'd like to work on is getting all universities of interest to NSF projects to streamline scientific collaboration by sending those projects a user's name and email address when the user authenticates to the project using InCommon federated authentication. The InCommon Research and Scholarship (R&S) program includes only 100 universities that agree to send name and email address, and some of the largest research universities do not participate in the R&S program.

 We would like to change that. The InCommon Steering Committee plans to contact the CIOs at these universities to request their support. Knowing more about NSF funded projects that could benefit from outsourcing authentication to InCommon allows me to prioritize and strengthen those requests. As a starting point, if there is benefit to your project from specific universities supporting federated authentication and releasing a user's name and email address, please let me know who they are. 

 Going forward, I've created the CTSC Federated Identity Discussion List for further discussions around NSF CI projects and InCommon and federated identity. I won't be sending you any more emails directly, please join the list to be included in further discussions. You can find details at http://trustedci.org/ctsc-email-lists/

I welcome hearing any other concerns or suggestions you have about InCommon, now or in the future.

Regards,

Von 
--
Von Welch Director, Director and PI, Center for Trustworthy Scientific Cyberinfrastructure

May 28 IAM Online: Good Federation Citizenship

CTSC's Jim Basney will be one of the presenters at the Wednesday, May 28 IAM Online webinar on Good Federation Citizenship. The webinar will cover many recommended practices for participants in the InCommon federation.

Why is "good federation citizenship" especially important for scientific cyberinfrastructure (CI)? Often CI represents the "long tail" of federated services, with collaborating scientists from many institutions using federated identities to access CI. This widely distributed user community makes it particularly challenging to support consistent user experience, effective error handling, and appropriate security incident response.

Visit www.incommon.org/iamonline for more details on joining the webinar.

LIGO and CTSC Collaborate with InCommon to Advance International Identity Federations

(5/28/2014 Update: ISGTW has run an article on this collaboration.)

A significant collaboration effort between LIGO and CTSC bore fruit this week when InCommon signed the eduGain declaration, a significant step in connecting the main identity federation in the U.S. with peer identity federations worldwide. Such peering is key to enabling international research collaborations such as the LIGO Scientific Collaboration, which has members institutions in 22 nations on five continents.

The LIGO and CTSC collaboration helped launch InCommon’s current interfederation effort by bringing this key international research collaboration use case to InCommon. CTSC and LIGO personnel (Jim Basney and Warren Anderson) chaired InCommon’s Interfederation subcommittee from its inception until now. In this role they worked with InCommon staff, notably John Krienke, to determine the best policy and technical path forward for interfederation.

Federated identity allows science facilities to leverage existing user logins at campuses and research institutions, removing the password management burden from those facilities and eliminating the need for scientists to use separate passwords when accessing those facilities. Enabling federations to interoperate across national boundaries expands the utility of federated identity for international collaborations.

The products from the LIGO and CTSC engagement are:

• Final Report for LIGO Engagement
• A Study of Three Approaches to International Identity Federation for the LIGO Project 
• InCommon Membership in eduGAIN: the LIGO Perspective
• Presentation: INFED

LIGO Wiki Approved for InCommon Research & Scholarship Category

One challenge with federated identity is arranging for attribute release from identity providers, a process that used to involve working with each identity provider (for details see the paper on TeraGrid's federated identity experiences). To address this, InCommon has created the Research and Scholarship Category for service providers. By applying and being approved to be a member of this category, as the LIGO Wiki has done, a service provider gains immediate attribute release from over 40 identity providers in one step. Hence, the Research and Scholarship Category is a key step by InCommon to improve the ease by which cyberinfrastructure can leverage identity federation.