Science gateways are user-facing cyberinfrastruc-ture that provide researchers and educators with Web-basedaccess to scientific software, computing, and data resources.Managing user identities, accounts, and permissions are essentialtasks for science gateways, and gateways likewise must man-age secure connections between their middleware and remoteresources. The Custos project is an effort to build open sourcesoftware that can be operated as a multi-tenanted service thatprovides reliable implementations of common science gatewaycybersecurity needs, including federated authentication, iden-tity management, group and authorization management, andresource credential management. Custos aims further to provideintegrated solutions through these capabilities, delivering end-to-end support for several science gateway usage scenarios. Thispaper examines four deployment scenarios using Custos andassociated extensions beyond previously described work. Thefirst capability illustrated by these scenarios is the need forCustos to provide hierarchical tenant management that allowsmultiple gateway deployments to be federated together andalso to support consolidated, hosted science gateway platformservices. The second capability illustrated by these scenarios is theneed to support service accounts that can support non-browserapplications and agent applications that can act on behalf ofusers on edge resources. We illustrate how the latter can be builtusing Web security standards combined with Custos permissionmanagement mechanisms.
翻译:科学网关是面向用户的网络基础设施,为研究人员和教育工作者提供基于网络的科学软件、计算和数据资源。 管理用户身份、账户和许可是科学网关的基本任务,而网关同样也必须保证中器和远程资源之间的联系。 Custos项目是努力建立开放源软件软件,可以作为一种多源服务运作,提供可靠的科学网关安全需要实施,包括联合认证、基础设施管理、集体和授权管理以及资源认证管理。 库斯托旨在通过这些能力进一步提供综合解决方案,为若干科学网关使用情景提供端到端支持。本文用Custos和先前描述的工作以外的相关扩展来审查四种部署情景。这些情景所展示的第一种能力是,Custos公司需要提供分级的租户管理,使多端网关部署能够一起进行,并能够支持合并、托管的科学网关平台服务。第二个能力通过这些能力进一步通过这些能力提供综合解决方案,为科学网关使用情景提供端到端支持。本文所展示的第二个能力是,我们代表网络用户的应用程序需要支持不使用网络管理机制。
相关内容
微信扫码咨询专知VIP会员