Science gateways broaden and simplify access to cyberinfrastructure (CI) by providing Web-based interfaces to collaboration, analysis, data management, and other tools for students and researchers. In a recent survey of 5,000 NSF PIs, NSF's Campus Bridging Task Force found that "the most common method of accessing CI across the entire dimension of providers is via Web browser/portal." As these science gateway interfaces to cyberinfrastructure grow in popularity, Web portal developers adopt ad hoc approaches to the security challenges of authentication, authorization, and delegation. Science gateways integrate cyberinfrastructure resources on the researcher's behalf, i.e., accessing data, compute cycles, instruments, and other valuable resources. Resource access often requires use of the researcher's security credentials, in some cases exposing the researcher's long-lived password to potential compromise at the science gateway. There is no standard approach for a researcher to control and limit a science gateway's access to his or her resources. Thus, researchers are required to accept an unnecessarily high risk when using science gateways.
The "Distributed Web Security for Science Gateways" project will directly address these risks by providing authorization and delegation software for science gateways that complies with the Internet Engineering Task Force's standard OAuth protocol, which has been widely adopted in the Web 2.0, cloud, and social networking worlds. The project will deliver 1) a robust, well-documented OAuth server implementation supporting science gateway use cases, 2) a set of client libraries and authentication modules to enable current and future gateways to interact with the server implementation out of the box with common Web platforms, and 3) full integration with popular gateways and cyberinfrastructure providers.
The project will enhance cyberinfrastructure for research and education by providing common software building blocks for science gateway security. These building blocks will facilitate secure connections between gateways and other cyberinfrastructure, increasing the trust in Web-based interfaces by scientists and resource providers. The ongoing migration from command-line to Web-based interfaces promises to broaden the use of cyberinfrastructure by researchers and students, enhancing educational impact and researcher productivity. Too often security is a stumbling block for cyberinfrastructure deployment and use. By addressing common security use cases, the project will provide standard methods to facilitate secure cyberinfrastructure access.