The National Center for Supercomputing Applications (NCSA) will lead a project to integrate two key software products developed via the National Science Foundation's National Middleware Initiative. NCSA and collaborators at Argonne National Laboratory and the University of Chicago will receive $1 million to combine the strengths of Shibboleth, developed by the Internet2 cooperative, with the Globus Toolkit, developed by the Globus Alliance. The project is known as GridShib.
Communities of scientists seeking to collaborate across vast distances are turning to technology developers to build, deploy and support advanced cyberenvironments that connect people, data, instruments and high-performance computing resources. Secure authentication and authorization are growing challenges for these distributed, multi-institutional collaborative laboratories.
There is a need for robust infrastructure that will allow for secure verification of a user's attributes, such as the individual's identity, affiliation, and role in a collaboration. The GridShib project believes that the necessary building blocks are present in the Globus Toolkit's Grid Security Infrastructure, which already provides robust, secure authentication, and the Shibboleth attribute service, which allows for controlled access to attribute information.
For example, a group of earthquake researchers at various universities and research centers might be interested in sharing data and instruments and devising joint, distributed experiments. The Globus Toolkit and other Grid services software can make such collaborations possible, but with a significant missing piece: they lack a way to manage large communities of users with different levels of access. That's where Shibboleth's strengths come in.
Shibboleth authenticates users, using local authentication mechanisms that users are already accustomed to, and sends secured messages regarding the user's attributes. Typically these messages are sent to a Web server, and the attributes are used to determine which areas of a website a person can access. The GridShib team aims to enable Grid services software, such as the Globus Toolkit, to understand and act on the Shibboleth messages, determining which information a user can access, which instruments he can use, etc.
“The Globus Toolkit and Shibboleth are two of the most significant projects to emerge from NMI, but until now they've largely been developed in isolation from one another,” explained Von Welch, NCSA senior security engineer. “By leveraging the strengths of each project, we believe we can deliver a framework that can provide the needed capabilities for a robust attribute infrastructure.”