Federated Single Sign-On and Zero Trust Co-design for AI and HPC Digital Research Infrastructures
| Autor: | Alam, Sadaf R., Woods, Christopher, Williams, Matt, Moore, Dave, Prior, Isaac, Williams, Ethan, Yang-Turner, Fan, Pryor, Matt, Livenson, Ilja |
|---|---|
| Rok vydání: | 2024 |
| Předmět: | |
| Druh dokumentu: | Working Paper |
| Popis: | Scientific workflows have become highly heterogenous, leveraging distributed facilities such as High Performance Computing (HPC), Artificial Intelligence (AI), Machine Learning (ML), scientific instruments (data-driven pipelines) and edge computing. As a result, Identity and Access Management (IAM) and Cybersecurity challenges across the diverse hardware and software stacks are growing. Nevertheless, scientific productivity relies on lowering access barriers via seamless, single sign-on (SSO) and federated login while ensuring access controls and compliance. We present an implementation of a federated IAM solution, which is coupled with multiple layers of security controls, multi-factor authentication, cloud-native protocols, and time-limited role-based access controls (RBAC) that has been co-designed and deployed for the Isambard-AI and HPC supercomputing Digital Research Infrastructures (DRIs) in the UK. Isambard DRIs as a national research resource are expected to comply with regulatory frameworks. Implementation details for monitoring, alerting and controls are outlined in the paper alongside selected user stories for demonstrating IAM workflows for different roles. Comment: 9 pages, 2 figures |
| Databáze: | arXiv |
| Externí odkaz: |
|