SlideShare une entreprise Scribd logo

Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)

J
jbasney

Federated Identity Needs for the Large Synoptic Survey Telescope (LSST) at the February 2018 FIM4R meeting https://indico.cern.ch/event/681873/

Technologie
1  sur  21
Télécharger pour lire hors ligne
Federated Identity Needs for the Large Synoptic Survey Telescope (LSST) Jim Basney jbasney@ncsa.illinois.edu 12th FIM4R Workshop (Feb 5 2018) This material is based upon work supported by the National Science Foundation under grant numbers 1258333 and 1547268. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
Large Synoptic Survey Telescope • Wide-field reflecting telescope on a peak of Cerro Pachón, a mountain outside La Serena, Chile • Beginning in 2022: Imaging the visible sky once every 3 days, for 10 years • Over 15TB of data per night collected • Initial requirements: 100 tflops of computing, 15PB of storage • Ultimate deliverable of LSST is the fully reduced data • All science will come from survey catalogs and images
Large Synoptic Survey Telescope • Scientific goals: • Probe the nature of dark matter and dark energy • Cataloging the Solar System, particularly near-Earth asteroids and Kuiper belt objects • Observing transient optical events • Mapping the Milky Way: exploring structure and formation • More information: www.lsst.org
HQ Site Science Operations Observatory Management Education and Public Outreach Summit and Base Sites Telescope and Camera Data Acquisition Long-term Storage (copy 1) Chilean Data Access Center Data Production Site Data Production Archive Center Long-term Storage (copy 2) Data Access and User Services Dedicated Long Haul Networks Two redundant 100 Gb links from La Serena to NCSA
LSST Data • Recall that LSST data is the deliverable… • Data classification and access: • Lowest classification is data released to the public, this is where most data ends up • Higher levels are made available authorized users • LSST’s Information Classification Policy outlines the information categories and gives examples. • Sites that provide access to LSST data (i.e. NCSA) need to follow LSST’s security policy w.r.t. to that data. • Identity management plays a very important role here.
LSST From the User’s Perspective Level3Level1Level2 Products are generated as part of a Data Release, generally performed yearly, with an additional data release for the first 6 months of survey data. These data releases are available for data rights holders only and made public after 2 years. Raw data. Support timely detection and follow-up of time-domain events (variable and transient sources). Not produced for release. Derived data. Maybe restricted to subgroups within LSST.
Identity and Access Management − AuthN and AuthZ to LSST data and services − Scalable, secure management to data access rights FEDERATED IDENTITIES TO THE RESCUE!
Identity Linking − External identities (University, GitHub, etc.) linked to individual’s LSST identity – Established during initial enrollment and managed by user − Group memberships based on LSST identity – LDAP queries using LSST IDs and external IDs
Authorization − L2 data rights − L3 collaboration groups − Access to applications/services − Admin/staff roles
Access Control Components − User/Group Manager – Implements the logic and workflows to determine who has L2 Data Access Rights and who is involved in L3 collaborations. These workflows set/unset User Attributes (i.e., group memberships).
Access Control Components − User Attribute Store – Receives information from User/Group Manager and publishes the resulting User Attributes via a standard LDAP interface.
Access Control Components − Service Level Authorization – Services implement authorization (access control) based on access control lists (ACLs) or database GRANT statements or other service-specific methods, based on the User Attributes.
L2 Data Rights (Proposed) − National professional astronomical community – Use eduPersonAffiliation when available • No "astronomy department" affiliation • "Member" is close enough? inacademia.org? – Use American Astronomical Society membership directory? • https://aas.org/individual-membership/classes-membership • https://aas.org/posts/news/2016/08/do-you-have-orcid-id – Otherwise will require manual review/approval
L2 Data Rights (Proposed) − Named individuals from international partners – Lookup existing LSST accounts – Email-based invitations − A limited number of designated additional individuals (post-docs, grad students) per named individual – Named individuals can invite/grant others (from same institution) − Periodic re-validation / review
Managing an L3 Group (Proposed) − Via ORACLE – ORACLE (Observatory Resource Allocation Committee for Level Elevation) process defines a group indicating the users (group members) who can use the resource allocation. Also create an associated L3 data workspace private to that group. − Via User/Group Manager – […]
Managing an L3 Group (Proposed) − Via User/Group Manager – Any user with Data Access Rights can click "Create L3 Data Product Group" in the User/Group Manager web interface to create an L3 group and define its initial members. That user will be the initial owner of the group. – Users who own L3 groups will also see a "Manage My L3 Data Product Group(s)" button/link that allows them to add/remove members and add owners / transfer ownership. – Users with Data Access Rights will see a "Manage My L3 Data Product Group Memberships" button/link that allows them to request to join L3 groups or leave L3 groups they are currently a member of.
LSST FIM: Assurance and Incident Response − Questions about eduGAIN identity assurance and federated incident response during design review − https://refeds.org/assurance/profile/cappuccino & https://refeds.org/sirtfi likely satisfy LSST's FIM requirements (if they are supported/adopted)
LSST FIM Needs Summarized − More IdPs in eduGAIN (especially in US and Chile) − Persistent NameID for authentication − Affiliation attribute for authorization − Assurance and Incident Response
Thanks! − Contacts: – jbasney@ncsa.illinois.edu – https://confluence.lsstcorp.org/display/LAAIM − Acknowledgements – Alex Withers (LSST Information Security Officer) – LSST Authentication, Authorization, and Identity Management (LAAIM) Group

Recommandé

bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...
bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...
bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...dkNET
 
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017dkNET
 
Advantages of metadata
Advantages of metadataAdvantages of metadata
Advantages of metadataAzeem Sultan
 
Metadata lecture 1, intro
Metadata lecture 1, introMetadata lecture 1, intro
Metadata lecture 1, introRichard.Sapon-White
 
mx & dbs
mx & dbsmx & dbs
mx & dbsKatja C. Seltmann
 
Dataverse, Cloud Dataverse, and DataTags
Dataverse, Cloud Dataverse, and DataTagsDataverse, Cloud Dataverse, and DataTags
Dataverse, Cloud Dataverse, and DataTagsMerce Crosas
 
DataTags, The Tags Toolset, and Dataverse Integration
DataTags, The Tags Toolset, and Dataverse IntegrationDataTags, The Tags Toolset, and Dataverse Integration
DataTags, The Tags Toolset, and Dataverse IntegrationMichael Bar-Sinai
 
Metadata lecture 3, metadata schemes
Metadata lecture 3, metadata schemesMetadata lecture 3, metadata schemes
Metadata lecture 3, metadata schemesRichard.Sapon-White
 

Recommandé

bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...
bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...
bioCADDIE Webinar: The NIDDK Information Network (dkNET) - A Community Resear...dkNET
 
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017
dkNET-NURSA Challenge Kick-Off Webinar 04/27/2017dkNET
 
Advantages of metadata
Advantages of metadataAdvantages of metadata
Advantages of metadataAzeem Sultan
 
Metadata lecture 1, intro
Metadata lecture 1, introMetadata lecture 1, intro
Metadata lecture 1, introRichard.Sapon-White
 
mx & dbs
mx & dbsmx & dbs
mx & dbsKatja C. Seltmann
 
Dataverse, Cloud Dataverse, and DataTags
Dataverse, Cloud Dataverse, and DataTagsDataverse, Cloud Dataverse, and DataTags
Dataverse, Cloud Dataverse, and DataTagsMerce Crosas
 
DataTags, The Tags Toolset, and Dataverse Integration
DataTags, The Tags Toolset, and Dataverse IntegrationDataTags, The Tags Toolset, and Dataverse Integration
DataTags, The Tags Toolset, and Dataverse IntegrationMichael Bar-Sinai
 
Metadata lecture 3, metadata schemes
Metadata lecture 3, metadata schemesMetadata lecture 3, metadata schemes
Metadata lecture 3, metadata schemesRichard.Sapon-White
 
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogueseROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset cataloguese-ROSA
 
MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)Nikos Palavitsinis, PhD
 
McGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and ScalingMcGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and ScalingNational Information Standards Organization (NISO)
 
FSCI Data Discovery
FSCI Data DiscoveryFSCI Data Discovery
FSCI Data DiscoveryARDC
 
Full Erdmann Ruttenberg Community Approaches to Open Data at Scale
Full Erdmann Ruttenberg Community Approaches to Open Data at ScaleFull Erdmann Ruttenberg Community Approaches to Open Data at Scale
Full Erdmann Ruttenberg Community Approaches to Open Data at ScaleNational Information Standards Organization (NISO)
 
Dk net webinar tutorial pen
Dk net webinar tutorial penDk net webinar tutorial pen
Dk net webinar tutorial penMaryann Martone
 
Preparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesPreparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesLondon School of Hygiene and Tropical Medicine
 
Dats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxfDats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxfPhilippe Rocca-Serra
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligencedannyijwest
 
Data Repositories Impact
Data Repositories ImpactData Repositories Impact
Data Repositories ImpactMerce Crosas
 
Arcomem training enrichment_advanced
Arcomem training enrichment_advancedArcomem training enrichment_advanced
Arcomem training enrichment_advancedarcomem
 
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All HandsBioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All HandsSusanna-Assunta Sansone
 
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...Bradley Allen
 
Domain Identification for Linked Open Data
Domain Identification for Linked Open DataDomain Identification for Linked Open Data
Domain Identification for Linked Open DataArtificial Intelligence Institute at UofSC
 
From Data Sharing to Data Stewardship
From Data Sharing to Data StewardshipFrom Data Sharing to Data Stewardship
From Data Sharing to Data StewardshipICPSR
 
Meeting Federal Research Requirements
Meeting Federal Research RequirementsMeeting Federal Research Requirements
Meeting Federal Research RequirementsICPSR
 
What to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformWhat to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformMario Juric
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceIan Foster
 
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...Tom Moritz
 
Domain Identification for Linked Open Data
Domain Identification for Linked Open DataDomain Identification for Linked Open Data
Domain Identification for Linked Open DataSarasi Sarangi
 
Where's the Data?
Where's the Data?Where's the Data?
Where's the Data?Andrea Payant
 
The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...Ben Blaiszik
 

Contenu connexe

Tendances

eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogueseROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset cataloguese-ROSA
 
MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)Nikos Palavitsinis, PhD
 
FSCI Data Discovery
FSCI Data DiscoveryFSCI Data Discovery
FSCI Data DiscoveryARDC
 
Dk net webinar tutorial pen
Dk net webinar tutorial penDk net webinar tutorial pen
Dk net webinar tutorial penMaryann Martone
 
Dats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxfDats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxfPhilippe Rocca-Serra
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligencedannyijwest
 
Data Repositories Impact
Data Repositories ImpactData Repositories Impact
Data Repositories ImpactMerce Crosas
 
Arcomem training enrichment_advanced
Arcomem training enrichment_advancedArcomem training enrichment_advanced
Arcomem training enrichment_advancedarcomem
 
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All HandsBioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All HandsSusanna-Assunta Sansone
 
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...Bradley Allen
 

Tendances (13)

eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogueseROSA Stakeholder WS1: Data discovery through federated dataset catalogues
eROSA Stakeholder WS1: Data discovery through federated dataset catalogues
 
MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)MetadataTheory: Introduction to Metadata (5th of 10)
MetadataTheory: Introduction to Metadata (5th of 10)
 
McGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and ScalingMcGeary Data Curation Network: Developing and Scaling
McGeary Data Curation Network: Developing and Scaling
 
FSCI Data Discovery
FSCI Data DiscoveryFSCI Data Discovery
FSCI Data Discovery
 
Full Erdmann Ruttenberg Community Approaches to Open Data at Scale
Full Erdmann Ruttenberg Community Approaches to Open Data at ScaleFull Erdmann Ruttenberg Community Approaches to Open Data at Scale
Full Erdmann Ruttenberg Community Approaches to Open Data at Scale
 
Dk net webinar tutorial pen
Dk net webinar tutorial penDk net webinar tutorial pen
Dk net webinar tutorial pen
 
Preparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesPreparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR Principles
 
Dats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxfDats nih-dccpc-kc7-april2018-prs-uoxf
Dats nih-dccpc-kc7-april2018-prs-uoxf
 
Metadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled IntelligenceMetadata: Towards Machine-Enabled Intelligence
Metadata: Towards Machine-Enabled Intelligence
 
Data Repositories Impact
Data Repositories ImpactData Repositories Impact
Data Repositories Impact
 
Arcomem training enrichment_advanced
Arcomem training enrichment_advancedArcomem training enrichment_advanced
Arcomem training enrichment_advanced
 
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All HandsBioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
BioCADDIE: Descriptive Metadata for Datasets WG3 - ELIXIR All Hands
 
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
Relational Navigation: A Taxonomy-Based Approach to Information Access and Di...
 

Similaire à Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)

From Data Sharing to Data Stewardship
From Data Sharing to Data StewardshipFrom Data Sharing to Data Stewardship
From Data Sharing to Data StewardshipICPSR
 
Meeting Federal Research Requirements
Meeting Federal Research RequirementsMeeting Federal Research Requirements
Meeting Federal Research RequirementsICPSR
 
What to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformWhat to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformMario Juric
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceIan Foster
 
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...Tom Moritz
 
Domain Identification for Linked Open Data
Domain Identification for Linked Open DataDomain Identification for Linked Open Data
Domain Identification for Linked Open DataSarasi Sarangi
 
The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...Ben Blaiszik
 
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...SEAD
 
Data management plans
Data management plansData management plans
Data management plansBrad Houston
 
DSpace-CRIS Workshop OR2015: Slides
DSpace-CRIS Workshop OR2015: SlidesDSpace-CRIS Workshop OR2015: Slides
DSpace-CRIS Workshop OR2015: SlidesAndrea Bollini
 
Data-knowledge transition zones within the biomedical research ecosystem
Data-knowledge transition zones within the biomedical research ecosystemData-knowledge transition zones within the biomedical research ecosystem
Data-knowledge transition zones within the biomedical research ecosystemMaryann Martone
 
992 sms10 social_media_services
992 sms10 social_media_services992 sms10 social_media_services
992 sms10 social_media_servicessiyaza
 
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...DuraSpace
 
Data Mining System and Applications: A Review
Data Mining System and Applications: A ReviewData Mining System and Applications: A Review
Data Mining System and Applications: A Reviewijdpsjournal
 
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives John Towns
 

Similaire à Federated Identity Needs for the Large Synoptic Survey Telescope (LSST) (20)

Domain Identification for Linked Open Data
Domain Identification for Linked Open DataDomain Identification for Linked Open Data
Domain Identification for Linked Open Data
 
From Data Sharing to Data Stewardship
From Data Sharing to Data StewardshipFrom Data Sharing to Data Stewardship
From Data Sharing to Data Stewardship
 
Meeting Federal Research Requirements
Meeting Federal Research RequirementsMeeting Federal Research Requirements
Meeting Federal Research Requirements
 
What to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science PlatformWhat to Expect of the LSST Archive: The LSST Science Platform
What to Expect of the LSST Archive: The LSST Science Platform
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy Science
 
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
California Ocean Science Trust " Building a Sustainable Knowledge Base for ...
 
Domain Identification for Linked Open Data
Domain Identification for Linked Open DataDomain Identification for Linked Open Data
Domain Identification for Linked Open Data
 
Where's the Data?
Where's the Data?Where's the Data?
Where's the Data?
 
The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...The Materials Data Facility: A Distributed Model for the Materials Data Commu...
The Materials Data Facility: A Distributed Model for the Materials Data Commu...
 
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...
Changing the Curation Equation: A Data Lifecycle Approach to Lowering Costs a...
 
Data management plans
Data management plansData management plans
Data management plans
 
DSpace-CRIS Workshop OR2015: Slides
DSpace-CRIS Workshop OR2015: SlidesDSpace-CRIS Workshop OR2015: Slides
DSpace-CRIS Workshop OR2015: Slides
 
Data-knowledge transition zones within the biomedical research ecosystem
Data-knowledge transition zones within the biomedical research ecosystemData-knowledge transition zones within the biomedical research ecosystem
Data-knowledge transition zones within the biomedical research ecosystem
 
992 sms10 social_media_services
992 sms10 social_media_services992 sms10 social_media_services
992 sms10 social_media_services
 
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...
10-15-13 “Metadata and Repository Services for Research Data Curation” Presen...
 
Open Science and Open Data for Librarians
Open Science and Open Data for LibrariansOpen Science and Open Data for Librarians
Open Science and Open Data for Librarians
 
Research data life cycle
Research data life cycleResearch data life cycle
Research data life cycle
 
Data 101: A Gentle Introduction
Data 101: A Gentle IntroductionData 101: A Gentle Introduction
Data 101: A Gentle Introduction
 
Data Mining System and Applications: A Review
Data Mining System and Applications: A ReviewData Mining System and Applications: A Review
Data Mining System and Applications: A Review
 
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives
XSEDE National Cyberinfrastructure, NIST, and Supporting NCSI Objectives
 

Plus de jbasney

Guidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working GroupGuidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working Groupjbasney
 
CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
CILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar SeriesCILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar Seriesjbasney
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructurejbasney
 
CILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingjbasney
 
11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Updatejbasney
 
CILogon PEARC17
CILogon PEARC17CILogon PEARC17
CILogon PEARC17jbasney
 
CILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global SummitCILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global Summitjbasney
 
CTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusCTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusjbasney
 
CILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Sciencejbasney
 
CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16jbasney
 
CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016jbasney
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborationsjbasney
 
Cybersecurity for Conservation
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservationjbasney
 
CTSC at TNC16
CTSC at TNC16CTSC at TNC16
CTSC at TNC16jbasney
 
CILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global SummitCILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global Summitjbasney
 
SAML Security Contacts
SAML Security ContactsSAML Security Contacts
SAML Security Contactsjbasney
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15jbasney
 
CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30jbasney
 
CILogon and InCommon: Technical Update
CILogon and InCommon: Technical UpdateCILogon and InCommon: Technical Update
CILogon and InCommon: Technical Updatejbasney
 

Plus de jbasney (20)

Guidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working GroupGuidance and Survey Results from the Trustworthy Data Working Group
Guidance and Survey Results from the Trustworthy Data Working Group
 
CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federation
 
CILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar SeriesCILogon 2.0 - IAM Online Webinar Series
CILogon 2.0 - IAM Online Webinar Series
 
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for CyberinfrastructureLightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
Lightweight Cybersecurity Risk Assessment Tools for Cyberinfrastructure
 
CILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meetingCILogon 2.0 at Oct 2017 CICI PI meeting
CILogon 2.0 at Oct 2017 CICI PI meeting
 
11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update11th FIM4R Workshop: US Projects Update
11th FIM4R Workshop: US Projects Update
 
CILogon PEARC17
CILogon PEARC17CILogon PEARC17
CILogon PEARC17
 
CILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global SummitCILogon 2.0 at 2017 Internet2 Global Summit
CILogon 2.0 at 2017 Internet2 Global Summit
 
CTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campusCTSC+SWAMP: cybersecurity resources for your campus
CTSC+SWAMP: cybersecurity resources for your campus
 
CILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for ScienceCILogon: An Integrated Identity and Access Management Platform for Science
CILogon: An Integrated Identity and Access Management Platform for Science
 
CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16CILogon 2.0 MAGIC SC16
CILogon 2.0 MAGIC SC16
 
CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016CILogon 2.0 Update at TechEx 2016
CILogon 2.0 Update at TechEx 2016
 
Trusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research CollaborationsTrusting External Identity Providers for Global Research Collaborations
Trusting External Identity Providers for Global Research Collaborations
 
Cybersecurity for Conservation
Cybersecurity for ConservationCybersecurity for Conservation
Cybersecurity for Conservation
 
CTSC at TNC16
CTSC at TNC16CTSC at TNC16
CTSC at TNC16
 
CILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global SummitCILogon 2.0 at 2016 Internet2 Global Summit
CILogon 2.0 at 2016 Internet2 Global Summit
 
SAML Security Contacts
SAML Security ContactsSAML Security Contacts
SAML Security Contacts
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15
 
CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30CILogon 2.0 at REFEDS 30
CILogon 2.0 at REFEDS 30
 
CILogon and InCommon: Technical Update
CILogon and InCommon: Technical UpdateCILogon and InCommon: Technical Update
CILogon and InCommon: Technical Update
 

Dernier

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Dernier (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Federated Identity Needs for the Large Synoptic Survey Telescope (LSST)

  • 1. Federated Identity Needs for the Large Synoptic Survey Telescope (LSST) Jim Basney jbasney@ncsa.illinois.edu 12th FIM4R Workshop (Feb 5 2018) This material is based upon work supported by the National Science Foundation under grant numbers 1258333 and 1547268. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the United States Government or any agency thereof.
  • 2. Large Synoptic Survey Telescope • Wide-field reflecting telescope on a peak of Cerro Pachón, a mountain outside La Serena, Chile • Beginning in 2022: Imaging the visible sky once every 3 days, for 10 years • Over 15TB of data per night collected • Initial requirements: 100 tflops of computing, 15PB of storage • Ultimate deliverable of LSST is the fully reduced data • All science will come from survey catalogs and images
  • 3. Large Synoptic Survey Telescope • Scientific goals: • Probe the nature of dark matter and dark energy • Cataloging the Solar System, particularly near-Earth asteroids and Kuiper belt objects • Observing transient optical events • Mapping the Milky Way: exploring structure and formation • More information: www.lsst.org
  • 4.
  • 5. HQ Site Science Operations Observatory Management Education and Public Outreach Summit and Base Sites Telescope and Camera Data Acquisition Long-term Storage (copy 1) Chilean Data Access Center Data Production Site Data Production Archive Center Long-term Storage (copy 2) Data Access and User Services Dedicated Long Haul Networks Two redundant 100 Gb links from La Serena to NCSA
  • 6. LSST Data • Recall that LSST data is the deliverable… • Data classification and access: • Lowest classification is data released to the public, this is where most data ends up • Higher levels are made available authorized users • LSST’s Information Classification Policy outlines the information categories and gives examples. • Sites that provide access to LSST data (i.e. NCSA) need to follow LSST’s security policy w.r.t. to that data. • Identity management plays a very important role here.
  • 7. LSST From the User’s Perspective Level3Level1Level2 Products are generated as part of a Data Release, generally performed yearly, with an additional data release for the first 6 months of survey data. These data releases are available for data rights holders only and made public after 2 years. Raw data. Support timely detection and follow-up of time-domain events (variable and transient sources). Not produced for release. Derived data. Maybe restricted to subgroups within LSST.
  • 8. Identity and Access Management − AuthN and AuthZ to LSST data and services − Scalable, secure management to data access rights FEDERATED IDENTITIES TO THE RESCUE!
  • 9. Identity Linking − External identities (University, GitHub, etc.) linked to individual’s LSST identity – Established during initial enrollment and managed by user − Group memberships based on LSST identity – LDAP queries using LSST IDs and external IDs
  • 10.
  • 11. Authorization − L2 data rights − L3 collaboration groups − Access to applications/services − Admin/staff roles
  • 12. Access Control Components − User/Group Manager – Implements the logic and workflows to determine who has L2 Data Access Rights and who is involved in L3 collaborations. These workflows set/unset User Attributes (i.e., group memberships).
  • 13. Access Control Components − User Attribute Store – Receives information from User/Group Manager and publishes the resulting User Attributes via a standard LDAP interface.
  • 14. Access Control Components − Service Level Authorization – Services implement authorization (access control) based on access control lists (ACLs) or database GRANT statements or other service-specific methods, based on the User Attributes.
  • 15. L2 Data Rights (Proposed) − National professional astronomical community – Use eduPersonAffiliation when available • No "astronomy department" affiliation • "Member" is close enough? inacademia.org? – Use American Astronomical Society membership directory? • https://aas.org/individual-membership/classes-membership • https://aas.org/posts/news/2016/08/do-you-have-orcid-id – Otherwise will require manual review/approval
  • 16. L2 Data Rights (Proposed) − Named individuals from international partners – Lookup existing LSST accounts – Email-based invitations − A limited number of designated additional individuals (post-docs, grad students) per named individual – Named individuals can invite/grant others (from same institution) − Periodic re-validation / review
  • 17. Managing an L3 Group (Proposed) − Via ORACLE – ORACLE (Observatory Resource Allocation Committee for Level Elevation) process defines a group indicating the users (group members) who can use the resource allocation. Also create an associated L3 data workspace private to that group. − Via User/Group Manager – […]
  • 18. Managing an L3 Group (Proposed) − Via User/Group Manager – Any user with Data Access Rights can click "Create L3 Data Product Group" in the User/Group Manager web interface to create an L3 group and define its initial members. That user will be the initial owner of the group. – Users who own L3 groups will also see a "Manage My L3 Data Product Group(s)" button/link that allows them to add/remove members and add owners / transfer ownership. – Users with Data Access Rights will see a "Manage My L3 Data Product Group Memberships" button/link that allows them to request to join L3 groups or leave L3 groups they are currently a member of.
  • 19. LSST FIM: Assurance and Incident Response − Questions about eduGAIN identity assurance and federated incident response during design review − https://refeds.org/assurance/profile/cappuccino & https://refeds.org/sirtfi likely satisfy LSST's FIM requirements (if they are supported/adopted)
  • 20. LSST FIM Needs Summarized − More IdPs in eduGAIN (especially in US and Chile) − Persistent NameID for authentication − Affiliation attribute for authorization − Assurance and Incident Response
  • 21. Thanks! − Contacts: – jbasney@ncsa.illinois.edu – https://confluence.lsstcorp.org/display/LAAIM − Acknowledgements – Alex Withers (LSST Information Security Officer) – LSST Authentication, Authorization, and Identity Management (LAAIM) Group