Identity management systems help manage scientific users across a broad spectrum of computer networks and ensure only trusted users access important systems and data. Under the $437,000 grant, CACR researchers will engage with scientific collaborations such as the Earth Systems Grid, National Fusion Collaboratory and the Open Science Grid, which operate sophisticated identity management infrastructures, examining those systems to form a coherent model of trust relationships, and implementing software to better support trustworthy scientific computing.
"Identity management is fundamental for establishing trust in modern scientific collaborations", stated the grant's principal investigator, CACR Deputy Director Von Welch. "It involves managing entities and privileges - who they are, how they are identified, how they are authenticated, what privileges they have, what roles and responsibilities they have - and enabling the communication of that identity information to interacting entities, allowing them to authenticate and authorize each other."
As science collaborations have grown, the collaboration itself has become a key component of identity management, defining the roles of scientists and their privileges to access resources. Collaborations such as the Earth Systems Grid, National Fusion Collaboratory and the Open Science Grid have developed different solutions to handling this challenge.
"These large-scale collaborations, being a relatively new development, have generated a great deal of both innovation and controversy in the scientific community with regards to their role in identity management", Von Welch stated. "A number of implementations exist, but a common model and nomenclature to describe these implementations has yet to be arrived at."
The three-year grant from the Department of Energy will allow Von Welch to engage with collaborators to research existing implementations, and determine the trust model they represent between users and resource providers. The result, he believes, will be one of the first true comprehensive models of collaborations within an identity management system. Welch also plans to develop software supporting the validation of the model developed and advancing the state of identity management practice.
Results of the project will be open and made freely available upon completion.