Implementing Federated Identity Across Our Science-as-a-Service Platform Joe Stubbs, PhD Texas Advanced Computing Center University Of Texas, Austin
WSO2Con USA 2015: Implementing SSO Across our Science-as-a-Service Web and API Stack at TACC
Jan 20, 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Implementing Federated Identity Across Our Science-as-a-Service
PlatformJoe Stubbs, PhD
Texas Advanced Computing CenterUniversity Of Texas, Austin
What is TACC?
“What starts here changes the world” “Powering discoveries that change the world”
Galaxy evolution modeled
Now we know why stars form
Powering discoveries...
Powering discoveries...
Hurricane Prediction
Storm surge, flooding, evacuation routes, damage assessment, predicted path, impact areas.
Powering discoveries...
Earthquake Prediction
Predicting frequency of damaging earthquakes in California for the latest Uniform California Earthquake Rupture Forecast (UCERT3)
Powering discoveries...
A Link Between Alzheimer’s and Cancer
Computational systems biology approach found a link between Alzheimer’s and GBM, one of the most aggressive forms of brain cancer.
What Does TACC Do?Mission: To enable discoveries that advance science and society through the application of advanced computing technologies.● High performance computing (HPC)● Cloud & high throughput computing ● Data intensive computing● Visualization● Software development & optimization● Apps & APIs● Life sciences ● Training & outreach● Consulting & professional services
From Command Line to the Web
What Can Agave Do?● Run application codes
your own or community provided codes● ...on HPC, HTC, and cloud resources
your own, shared, or commercial systems● ...and manage your data
reliable, multi-protocol, async data movement● …in a collaborative way
fine grain ACL for working securely with others● ...from the web
webhooks, rest, json, cors, oauth2● ...and remember how you did it
deep provenance, history, and reproducibility built in
A Platform For Science Portals
A Proliferation of Portals
drug discovery portalEARTHCUBE
An Identity Crisis
● Each portal maintains a separate database of users.● Users have to be vetted manually each time.● Users have to remember separate credentials.● No single sign-on.● No way for share platform assets (apps, jobs, metadata).
One Identity To Rule Them All
CAMPUS LOGIN:
TACC Identity Service
● Create central identity service for entire center.● Core of the service is WSO2 IS.● Leverage campus identity providers.
Federated Identity Via InCommon
Nearly 600 Universities
200 government agencies and
partnersSAML based trust
fabric
Architecture
TACC Identity Service
(WSO2 IS)
InCommon
University IDP University
IDPUniversity
IDP
University IDP
Discovery Portal
Discovery Portal
Discovery Portal
TenantAPIM
TenantAPIM
TenantAPIM A
A
AA
A
Agave APIsDomain-Specific Applications
Identity Server and APIM
● Internal accounts mapped and managed by IS.○ Self-service reconciliation, password management.
● SSO across web apps now possible.● Implicit trust between IS <-> APIM.● Clients use OAuth2 SAML Bearer Assertion.
○ Exchange SAML assertion for bearer token.● Still working on the IS <-> InCommon trust.
Status And Timeline
● In production with APIM.● Working on InCommon membership and IS deployment.● Goal is to be in prod with first tenant by summer 2016.● New tenants will be built leveraging the TACC IS.● Existing tenants will convert over time, if applicable.
Related Documents
![[WSO2Con EU 2017] Introduction to Ballerina](https://static.cupdf.com/doc/110x72/5a648ff87f8b9a31568b5409/wso2con-eu-2017-introduction-to-ballerina.jpg)
