CILogonAn Integrated Identity and Access Management

Platform for Science

This material is based upon work supported by the National Science Foundation under grant numbers 0850557, 0943633, 1053575, 1440609, and 1547268 and by the Department of Energy under award number DE-SC0008597. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.

Jim Basneyjbasney@ncsa.illinois.edu

December 2016

CILogon www.cilogon.org

CILogon - Launched Sep 2010❏ Enables use of federated identities

for access to cyberinfrastructure❏ Translates across

federations and protocols❏ Supported by XSEDE

CILogon www.cilogon.org

CILogon www.cilogon.org

162 Active IdPs (Nov 2016)Fermi National Accelerator Laboratory LIGO Scientific Collaboration Ohio State University National Institutes of Health University of Michigan Purdue University Main Campus Google University of Chicago University of Illinois at Urbana-Champaign University of California-Los Angeles Johns Hopkins Indiana University University of Colorado at Boulder University of Minnesota Argonne National Laboratory University of California, Berkeley New York University University of Cincinnati Main Campus University of Nebraska-Lincoln The George Washington University Lawrence Berkeley National Laboratory University of Southern California University of Florida The University of Arizona Stanford University Yale University University of Wisconsin-Madison Michigan State University Cornell University Northwestern University University of Hawaii University of Utah

University of North Carolina at Chapel HillUniversity of California-San Diego University of California, Davis Princeton University University of Wyoming University of Texas at Austin Oak Ridge National Laboratory Duke University Case Western Reserve University University of Washington University of Rochester Montana State University - Bozeman Clemson University Texas A & M University University of Notre Dame Massachusetts Institute of Technology West Virginia University University of Pittsburgh Rice University University of New Mexico Penn State Carnegie Mellon University University of South Dakota North Carolina State University University of California-Santa Barbara Columbia University California Institute of Technology Arizona State University University of Maryland College Park RutgersIowa State University Georgia Institute of Technology University of Iowa University of Pennsylvania

University of California-Irvine Ohio University Main Campus Boston University Vanderbilt University Texas Tech University Oklahoma State University System Ohio Technology ConsortiumColorado School of Mines Boise State University Virginia Polytechnic Institute and State UniversityTufts University Stony Brook University Marshall University Georgetown University Florida International University Brown University Weill Cornell Medical College University of Texas at Dallas University of North Carolina At CharlotteUniversity of Dayton University of California, San Francisco Rockefeller University Old Dominion University Harvey Mudd College ESnet Colorado State University Baylor College of Medicine Woods Hole Oceanographic Institution Uppsala University University of Vermont University of Massachusetts Amherst University of Illinois at Chicago University of Delaware University of Alabama, The

University of Alabama at Birmingham National Center for Supercomputing Applications Lund University Kansas State University George Mason University CERN University of Wisconsin-Milwaukee University of Tennessee University of Nebraska Medical Center University of Kansas University of Houston University of California, Santa Cruz United ID Texas State University - San MarcosSyracuse University Stevens Institute of Technology Southern Illinois University Nikhef Louisiana State University Lehigh University Lamar University Florida Atlantic University Wayne State University Vassar College University of Virginia University of South Florida University of South Carolina University of Oklahoma University of Nevada, Reno University of Nebraska University of Missouri System University of Miami University of Massachusetts - Dartmouth

University of Maryland Baltimore University of California, Riverside University of Basel University of Arkansas University of Alaska Statewide System The University of Memphis The Broad Institute of MIT andTexas A&M University-Corpus Christi Rensselaer Polytechnic Institute PSI - Paul Scherrer Institut Oregon State University NOAA CAC Moss Landing Marine Laboratories Miami University Loyola University of Chicago Lafayette College Goucher College EPFL - EPF Lausanne College of William and Mary Cedarville University Carleton College California State University, Fullerton Brookhaven National Laboratory Brandeis University Baylor University

International IdPs are highlighted

CILogon www.cilogon.org

CILogon-enabled Sites❏ ATLAS Connect❏ CMS Connect❏ DataONE❏ DOE KBase❏ Duke CI Connect❏ Fermilab❏ Globus

❏ IU CI Gateway❏ LIGO❏ OOI❏ OSC OnDemand❏ OSG Connect❏ SeedMe❏ XSEDE

ECP

ECP

CILogon www.cilogon.org

SAML SP

OIDC Provider

X.509 CAHSM

OIDC SP

MFA

LDAP

COmanage

Identities

MFA Tokens

SSH Keys

Groups

Attributes

SAML AA

User Registry

eduGAIN IdP

Google IdP

Science App

OAuth SPORCID IdP

Science App

Science App

Science App

InCommon IdP

CILogon 2.0CILogon: federated identity managementCOmanage: collaborative organization management

CILogon www.cilogon.org

Managing Project Groups/RolesCOmanage provides:

❏ enrollment flows❏ expiration policies❏ self service

permissions❏ pipelines

https://spaces.internet2.edu/display/COmanage/COmanage+Technical+Manual

CILogon www.cilogon.org

Policy Issues❏ Assurance

https://wiki.refeds.org/display/GROUPS/Assurance+Working+Group

❏ Federated attribute releasehttps://refeds.org/category/research-and-scholarship

❏ Federated security incident responsehttps://refeds.org/sirtfi

CILogon www.cilogon.org

#1 Request: Add My Home Org❏ Does Org operate a federated IdP?❏ Is Org's IdP in eduGAIN ?❏ Is Org's IdP interoperable?❏ Does Org's IdP meet assurance/security

requirements?❏ We automate the federation process

CILogon www.cilogon.org

Thanks!

Contact us:jbasney@ncsa.illinois.edu

help@cilogon.org