Back to Search Start Over

Experiences with Integrating Custos SecurityServices

Authors :
Ranawaka, Isuru
Liyanage, Samitha
Baker, Dannon
Mahmoud, Alexandru
Graham, Juleen
Fleury, Terry
Wannipurage, Dimuthu
Ma, Yu
Afgan, Enis
Basney, Jim
Marru, Suresh
Pierce, Marlon
Publication Year :
2021

Abstract

Science gateways are user-facing cyberinfrastruc-ture that provide researchers and educators with Web-basedaccess to scientific software, computing, and data resources.Managing user identities, accounts, and permissions are essentialtasks for science gateways, and gateways likewise must man-age secure connections between their middleware and remoteresources. The Custos project is an effort to build open sourcesoftware that can be operated as a multi-tenanted service thatprovides reliable implementations of common science gatewaycybersecurity needs, including federated authentication, iden-tity management, group and authorization management, andresource credential management. Custos aims further to provideintegrated solutions through these capabilities, delivering end-to-end support for several science gateway usage scenarios. Thispaper examines four deployment scenarios using Custos andassociated extensions beyond previously described work. Thefirst capability illustrated by these scenarios is the need forCustos to provide hierarchical tenant management that allowsmultiple gateway deployments to be federated together andalso to support consolidated, hosted science gateway platformservices. The second capability illustrated by these scenarios is theneed to support service accounts that can support non-browserapplications and agent applications that can act on behalf ofusers on edge resources. We illustrate how the latter can be builtusing Web security standards combined with Custos permissionmanagement mechanisms.<br />Comment: 9 pages, 12 figures

Details

Database :
arXiv
Publication Type :
Report
Accession number :
edsarx.2107.04172
Document Type :
Working Paper