Distributed Web Security for Science Gateways

ABSTRACT

Science gateways broaden and simplify access to cyberinfrastructure (CI) by providing advanced interfaces to collaboration, analysis, data management, and other tools for students and researchers. As these science gateway interfaces to cyberinfrastructure grow in popularity, web portal developers adopt ad hoc approaches to the security challenges of authentication, authorization, and delegation. Science gateways integrate cyberinfrastructure resources on the researcher’s behalf, i.e., accessing data, compute cycles, instruments, and other valuable resources. Resource access often requires use of the researcher’s security credentials, in some cases exposing the researcher’s long-lived password to potential compromise at the science gateway. There is no standard approach for a researcher to control and limit a science gateway’s access to his or her resources. Thus, researchers are required to accept unnecessary risks when using science gateways.

The “Distributed Web Security for Science Gateways” project is addressing these risks by providing authorization and delegation software for science gateways that complies with the Internet Engineering Task Force’s standard OAuth protocol. The project provides an OAuth server implementation and a set of client libraries and authentication modules to enable out of the box integration with common Web platforms, in coordination with gateways and cyberinfrastructure providers.

Please visit www.sciencegatewaysecurity.org for the latest information about our project.

ACKNOWLEDGMENTS

This material is based upon work supported by the National Science Foundation under grant number 1127210.

REFERENCES

Jim Basney, Rion Dooley, Jeff Gaynor, Suresh Marru, and Marlon Pierce, “Distributed Web Security for Science Gateways,” Gateway Computing Environments Workshop (GCE11), November 17, 2011, Seattle, WA. http://dx.doi.org/10.1145/2110486.2110489

Award ID: 1127210