Advanced Identity Management for Extreme-Scale Scientific Computing
Identity Management is fundamental for establishing trust in modern scientific collaborations. It involves managing entities and privileges - who they are, how they are identified, how they are authenticated, what privileges they have, what roles and responsibilities they have - and enabling the communication of that identity information to entities to interacting entities, allowing them to authenticate and authorize each other.
As science collaborations have grown the collaboration itself as become a key component of the identity management system, defining the interaction between scientists and the resources, both by providing identity information and intermediary services. These large-scale collaborations, being a relatively new development, have generated a great deal of both innovation and controversy in the community with regards to their role and means of interaction. A number of implementations exist, but a common model and nomenclature to describe these implementations has yet to be arrived at.
This project has a three-year plan to engage with communities and examine existing implementations, determining how they interact with their users and the resource providers, and capturing that in a coherent model. Subsequently it will develop software to support that model, both to validate the model it develops and advance the state of practice. The focus on collaborations within IdM was chosen due to its importance to the scientific community, the limited number of collaboration-resource provider relationships, making it a reasonable area for progress, and the fact that much applied research has been done in this specific area, making it ready for a formal model. All project results will be open and freely available.
This proposal is funded under the DOE Scientific Collaboration at Extreme-Scale program.