Extreme-Scale Identity Management (XSIM)

Extreme-Scale Identity Management (XSIM)

Identity Management is fundamental for establishing trust in modern scientific collaborations. It involves managing entities and privileges–who they are, how they are identified, how they are authenticated, what privileges they have, what roles and responsibilities they have–and enabling the communication of that identity information to entities to interacting entities, allowing them to authenticate and authorize each other.

As science collaborations have grown the collaboration itself as become a key component of the identity management system, defining the interaction between scientists and the resources, both by providing identity information and intermediary services. These large-scale collaborations, being a relatively new development, have generated a great deal of both innovation and controversy in the community with regards to their role and means of interaction. A number of implementations exist, but a common model and nomenclature to describe these implementations has yet to be arrived at.

This project has a three-year plan to engage with communities and examine existing implementations, determining how they interact with their users and the resource providers, and capturing that in a coherent model. Subsequently it will develop software to support that model, both to validate the model it develops and advance the state of practice. The focus on collaborations within IdM was chosen due to its importance to the scientific community, the limited number of collaboration-resource provider relationships, making it a reasonable area for progress, and the fact that much applied research has been done in this specific area, making it ready for a formal model. All project results will be open and freely available.

This proposal is funded under the DOE Scientific Collaboration at Extreme-Scale program.

PUBLICATIONS

Robert Cowles, Craig Jackson, and Von Welch. Identity Management Factors for HEP Virtual Organizations. 20th International Conference on Computing in High Energy and Nuclear Physics (CHEP2013), 2013. 

Robert Cowles, Craig Jackson, and Von Welch. Identity Management for Virtual Organizations: An Experience-Based Model. eScience 2013, 2013. 

Robert Cowles, Craig Jackson, Von Welch, and Shreyas Cholia. A Model for Identity Management in Future Scientific Collaboratories International Symposium on Grids and Clouds (ISGC) 2014, 2014.

Von Welch, Robert Cowles, and Craig Jackson. XSIM OSG IdM Guidance OSG-doc-1199, July 2014

Robert Cowles, Craig Jackson, and Von Welch. Facilitating Scientific Collaborations by Delegating Identity Management: Reducing Barriers & Roadmap for Incremental Implementation, CLHS '15 Proceedings of the 2015 Workshop on Changing Landscapes in HPC Security, 2015.

Robert Cowles, Craig Jackson, and Von Welch. XSIM Final Report: Modelling the Past and Future of Identity Management for Scientific Collaborations, 2015

Identity Management is fundamental for establishing trust in modern scientific collaborations. It involves managing entities and privileges–who they are, how they are identified, how they are authenticated, what privileges they have, what roles and responsibilities they have–and enabling the communication of that identity information to entities to interacting entities, allowing them to authenticate and authorize each other.