LIGO Data Grid Using CILogon

Post date: Apr 18, 2013 7:31:16 PM

This week the collaboration between the CILogon and LIGO projects reached an important milestone: CILogon is now issuing certificates to LIGO Data Grid users for production use. LIGO users run the ligo-proxy-init command to authenticate with their @LIGO.ORG (albert.einstein) credentials to obtain a short-lived (3 day) certificate from the CILogon Certification Authority (CA) for secure access to LIGO Data Grid compute clusters. By obtaining short-lived certificates on demand using their existing LIGO identities, LIGO users can avoid the complexities of manually requesting, downloading, managing, and renewing long-lived certificates. In fact, LIGO users need not know anything about CILogon or X.509 certificates to use ligo-proxy-init and do their work on the LIGO Data Grid. Behind the scenes, ligo-proxy-init uses the SAML Enhanced Client (ECP) protocol via the InCommon Federation to authenticate to CILogon, enabling CILogon to issue certificates via the command-line for LIGO identities. LIGO users can visit https://wiki.ligo.org/LDG/LIGOProxyInitTransitionFAQ (@LIGO.ORG authentication required) for more information about this new capability.