| Popis: |
Science gateways are user-facing cyberinfrastructure that provide researchers and educators with Web-basedaccess to scientificsoftware, computing, and data resources.Streamlining and expanding use of High Performance Computing resources is the primary goal for many science gateways.Managing user identities, accounts, and permissions are essentialtasks for science gateways, and gateways likewise must manage secure connections between their middleware and remote,distributed resources. These securityservices can be separatedfrom specific science gateway deployments and provided asindependent services for multiple gateway tenants. The Custosproject is an effort to build open source software that canbe operated as a multi-tenanted service that provides reliableimplementations of gateway that meets cybersecurity requirements, including federated authentication, identity management, authorization management, group management, and resourcecredential management. Providing these capabilities through asingle, consolidated platform furthermore enables end-to-end,integrated usage scenarios to be built up from basic securitycomponents. This paper examines four deployment scenarios using Custos and identifies extended capabilities that emerge fromthese scenarios. The first capability is to provide hierarchicaltenant management that allows multiple gateway deployments tobefederated together. The second capability illustrated by thesescenarios is the need to support service accounts for non-browserapplications and agent applications that can act on behalf of userson edge resources. The latter can be built using Web securitystandards combined with permission management mechanisms. |
