Join Trusted CI at PEARC21, July 19th - 22nd

PEARC21 will be held virtually on July 19th - 22nd, 2021 (PEARC website).

Trusted CI will be hosting two events, our annual workshop and our Security Log Analysis tutorial.

Both events are scheduled at the same time, please note that when planning your agenda.

The details for each event are listed below. 

Workshop: The Fifth Trusted CI Workshop on Trustworthy Scientific Cyberinfrastructure provides an opportunity for sharing experiences, recommendations, and solutions for addressing cybersecurity challenges in research computing.  

Monday July 19th @ 8am - 11am Pacific.

• 8:00 am - Welcome and opening remarks
• 8:10 am - The Trusted CI Framework: A Minimum Standard for Cybersecurity Programs
• Presenters: Scott Russell, Ranson Ricks, Craig Jackson, and Emily Adams; Trusted CI / Indiana University’s Center for Applied Cybersecurity Research
• 8:40 am - Google Drive: The Unknown Unknowns
• Presenter: Mark Krenz; Trusted CI / Indiana University’s Center for Applied Cybersecurity Research
• 9:10 am - Experiences Integrating and Operating Custos Security Services
• Presenters: Isuru Ranawaka, Dimuthu Wannipurage, Samitha Liyanage, Yu Ma, Suresh Marru, and Marlon Pierce; Indiana University
• Dannon Baker, Alexandru Mahmoud, Juleen Graham, and Enis Afgan; Johns Hopkins University
• Terry Fleury, and Jim Basney; University of Illinois Urbana Champaign
• 9:40 am - 10 minute Break
• 9:50 am - Drawing parallels and synergies between NSF and NIH cybersecurity projects
• Presenters: Enis Afgan, Alexandru Mahmoud, Dannon Baker, and Michael Schatz; Johns Hopkins University
• Jeremy Goecks; Oregon Health and Sciences University
• 10:20 am - How InCommon is helping its members to meet NIH requirements for federated credentials
• Presenters: Tom Barton; Internet2
• 10:50 am - Wrap up and final thoughts (10 minutes)

        More detailed information about the presentations is available on our website.


Tutorial: Security Log Analysis: Real world hands-on methods and techniques to detect attacks.  

Monday July 19th @ 8am - 11am Pacific.

A half-day training to tie together various log and data sources and provide a more rounded, coherent picture of a potential security event. It will also present log analysis as a life cycle (collection, event management, analysis, response), that becomes more efficient over time. Interactive demonstrations will cover both automated and manual analysis using multiple log sources, with examples from real security incidents.

Monday July 19th @ 8am - 11am Pacific time

AARC and CTSC Collaborate on Interfederation

CTSC is starting a collaboration with the European Authentication and Authorisation for Research and Collaboration (AARC) project on use of federated identities for international science. AARC is a two year project that started May 2015. Jim Basney from CTSC joined the June 3-4 AARC kick-off meeting to begin the collaboration.

As the infrastructures for international scientific collaborations migrate from X.509 to SAML for identity management, there is a strong need for interoperability across national SAML federation boundaries. In 2014, the US InCommon federation joined eduGAIN, which connects SAML federations around the world, and now InCommon is engaging with science projects on international interfederation pilots. At the same time, the AARC project in Europe is addressing international adoption of SAML federations by research projects. This represents an opportunity to achieve critical mass around EU-US interfederation activities for science, with CTSC providing needed coordination on the US side.

Specific goals for the CTSC-AARC collaboration include:

1. Training: Develop and disseminate training materials to enable science projects to implement federated access.
2. Pilots: Facilitate US participation in interfederation pilot projects.
3. Incident Response: Establish an operational framework for security and incident response in R&E federations via the SIRTFI working group.
4. Levels of Assurance: Map requirements of cyberinfrastructure providers to an assurance framework that can be implemented in a cost-effective manner by identity federations. 

CTSC will gather input from US cyberinfrastructure (CI) projects for AARC activities, disseminate training and other AARC project outputs to US CI projects, and facilitate EU-US pilot projects.

To participate in the discussion, please join the CTSC Federated Identity Discussion List.

Soliciting input on federated identity/InCommon needs

Hello, Von Welch, CTSC Director and PI here.

 I've recently accepted a one-year advisory term on the InCommon Steering committee. In that role, I will work to see the needs of NSF CI projects and similar research service providers (SPs) are addressed.

 The first thing I'd like to work on is getting all universities of interest to NSF projects to streamline scientific collaboration by sending those projects a user's name and email address when the user authenticates to the project using InCommon federated authentication. The InCommon Research and Scholarship (R&S) program includes only 100 universities that agree to send name and email address, and some of the largest research universities do not participate in the R&S program.

 We would like to change that. The InCommon Steering Committee plans to contact the CIOs at these universities to request their support. Knowing more about NSF funded projects that could benefit from outsourcing authentication to InCommon allows me to prioritize and strengthen those requests. As a starting point, if there is benefit to your project from specific universities supporting federated authentication and releasing a user's name and email address, please let me know who they are. 

 Going forward, I've created the CTSC Federated Identity Discussion List for further discussions around NSF CI projects and InCommon and federated identity. I won't be sending you any more emails directly, please join the list to be included in further discussions. You can find details at http://trustedci.org/ctsc-email-lists/

I welcome hearing any other concerns or suggestions you have about InCommon, now or in the future.

Regards,

Von 
--
Von Welch Director, Director and PI, Center for Trustworthy Scientific Cyberinfrastructure

Seeking InCommon SPs that would benefit from more R&S particiation

The InCommon Research and Scholarship (R&S) category helps solve a key challenge with federated identity, in that all identity providers which participate automatically release attributes to service providers in the category. This greatly eases the normal process a service provider has to go through of working with individual identity providers to obtain such attribute release.

In order to try and increase participation in R&S,  I am building a list of InCommon service providers that would benefit from more IdPs participating in R&S.

If you are such an SP, please contact me.

Thank you,

Von Welch

Director, CTSC

LIGO and CTSC Collaborate with InCommon to Advance International Identity Federations

(5/28/2014 Update: ISGTW has run an article on this collaboration.)

A significant collaboration effort between LIGO and CTSC bore fruit this week when InCommon signed the eduGain declaration, a significant step in connecting the main identity federation in the U.S. with peer identity federations worldwide. Such peering is key to enabling international research collaborations such as the LIGO Scientific Collaboration, which has members institutions in 22 nations on five continents.

The LIGO and CTSC collaboration helped launch InCommon’s current interfederation effort by bringing this key international research collaboration use case to InCommon. CTSC and LIGO personnel (Jim Basney and Warren Anderson) chaired InCommon’s Interfederation subcommittee from its inception until now. In this role they worked with InCommon staff, notably John Krienke, to determine the best policy and technical path forward for interfederation.

Federated identity allows science facilities to leverage existing user logins at campuses and research institutions, removing the password management burden from those facilities and eliminating the need for scientists to use separate passwords when accessing those facilities. Enabling federations to interoperate across national boundaries expands the utility of federated identity for international collaborations.

The products from the LIGO and CTSC engagement are:

• Final Report for LIGO Engagement
• A Study of Three Approaches to International Identity Federation for the LIGO Project 
• InCommon Membership in eduGAIN: the LIGO Perspective
• Presentation: INFED