From TeraGrid Wiki
TeraGrid Shibboleth Pilot
The vision of identity federation as a foundation for the integration of cyberinfrastructure from the campus through the nation level is one that has been put forward by EDUCAUSE/CASC and others. Federal funding agencies (NIH, NSF), and the cyberinfrastructure they are funding, are increasingly looking to leverage identity federation, both to leverage existing identity management at campuses and allow for vertical integration of cyberinfrastructure. The goal of this project would be to better define the ways that campuses interact with NSF's and other agencies cyberinfrastructure.
TeraGrid is now a member of the InCommon Federation and work is underway to make TeraGrid available to campus members via Shibboleth. Initially, TeraGrid is allowing access to TeraGrid resources via https://go.teragrid.org. This functionality will eventually be integrated into the TeraGrid User Portal.
To access TeraGrid via Shibboleth visit https://go.teragrid.org
Benefits to the Institution
While the number of TeraGrid users at an institution is relatively small compared to the the overall user base represented by the institution (typically 10's of users), these users constitute an important aspect of the campus' participation in the larger national computational science space, for which TeraGrid is a representative project. In this context, there are a number of benefits to the campus for participating with TeraGrid:
- It engages the campus in their users' national computation science activities by making the campus part of the process. This in turn gives the campus greater awareness of their users' activities and needs in that space.
- Authentication to national cyberinfrastucture paves the way for broader use of national compute resources instead of having to locally acquire them on the campus.
- The business of computational science and research in general is moving to utilize identity federation, with pilot projects being undertaken by NIH and under consideration by NSF. This pilot, with its focus on the computational science, aligns that aspect with the business side, maintaining coherency in the user experience.
Participating in the Pilot
Our goal is to make participation in the pilot as easy as possible. To that end we are not requesting any formal commitment at this point, instead just a best effort commitment to meet the following:
- Release, via Shibboleth, an appropriate user identifier to us. We are fairly flexible in this regard, our one major concern being we understand any policy the campus may have regarding re-assignment of that identifier to other individuals. In practice, this means releasing either eduPersonTargettedId or eduPersonPrincipalName along with a description of under what circumstances you might re-assign an eduPersonPrincipalName identifier.
- Be willing to identify other user information for user disambiguation, personalization and user support - e.g. legal name, postal address, email, phone number.
- The TeraGrid is a different environment than traditional web-based Shibboleth applications, with users having direct command-line access to major computational resources. This brings challenges in identity federation with regards to troubleshooting and incident response. We request that when these issues arise, campus staff work with us to resolve them.
- Consider joing the TeraGrid Campus Champions program. This will give the institution access to the TeraGrid, which could help with debugging of Shibboleth-related issues and also give them additional ability to view information about their institution's TeraGrid usage.
More details on the technical process can be found at https://go.teragrid.org/idp.php.
For More Information
- Jim Basny, Terry Fleury, Von Welch, Federated Login to TeraGrid. IDtrust 2010. (pdf)
- Jim Basney, Leveraging the InCommon Federation to access the NSF TeraGrid. Internet2 Member Meeting, October 15, 2008. (ppt)(pdf)
- Von Welch, Ian Foster, Tom Scavo, Frank Siebenlist, Charlie Catlett, Jill Gemmill, and Dane Skow. Scaling teragrid access: A testbed for identity management and attribute-based authorization. In TeraGrid 2007, June 2007.
- TeraGrid's Participant Operational Practices for InCommon (pdf)
- Leveraging the InCommon Federation to access the NSF TeraGrid (ppt) Presentation at TeraGrid Round Table. May 21, 2009
Please contact one or both of the TeraGrid-Shibboleth pilot project leads: