The CILogon project provides the open source, standards-based CILogon service at https://cilogon.org/, providing the NSF research community with credentials for secure access to cyberinfrastructure (CI). The service bridges the identity credentials generated by the nation’s universities, through the InCommon Federation, to a certificate for authentication to NSF’s cyberinfrastructure projects.
- September 2009: Project Start
- April 2010: Prototype Service Deployed
- September 2010: Operational Service Deployed
The Challenge. The goal of our service is to allow users’ credentials as managed by universities (and other research institutions) in InCommon to be used to access NSF’s cyberinfrastructure. The primary technical challenge we face is the technology difference between InCommon, which is based on the Security Assertion Markup Language (SAML) as implemented by the Internet2 Shibboleth software, and NSF’s cyberinfrastructure, which is based on public key infrastructures (PKIs) that emerged from computational grids.
Our Approach. Our project leverages existing software to provide the required functionality. Much of our approach has been previously demonstrated in the TeraGrid federated login system. Since Shibboleth is a web-based technology, designed for users using web browsers, our service is a web application residing in Apache. Building on Shibboleth and Apache, we use the work pioneered in the GridShib project, deployed in TeraGrid, to convert Shibboleth into certificates as needed for much of the NSF CI. As with the TeraGrid work, we use MyProxy with specialized hardware security modules to generate these certificates.
Service Operation. Central to our proposed work is the operation of our service for the NSF community. Our plans for operating our service include:
- 24x7 Support
- Strong Operational Security
- Incident Response and Certificate Revocation
- Reliability, Disaster Recovery and Scalability
- Detailed Usage Accounting
Level Of Assurance. Standard membership in InCommon provides limited guarantees regarding the level of assurance of user credentials. However, InCommon has now defined "Bronze" and "Silver" Identity Assurance Profiles to which members may adhere in order to provide higher-levels of assurance. Both the standard level and Silver level will be of use to the NSF community. (We don’t believe the NSF CI community has a current need for the Bronze level.) The default level will initially be much more common while Silver will take some time for universities to adopt, but Silver offers a higher level of assurance desired by some CI projects. To support these two levels, we operate two certification authorities (CAs): one for standard InCommon members and one for those meeting the Silver profile. CI operators are then able to choose to trust one or both of these CAs based on their desire for assurance and the breadth of their user base. We believe that ultimately the Silver profile is more desirable for NSF CI due to its higher security and are working in our outreach activities to encourage its adoption. The International Grid Trust Federation (IGTF) is the de facto standards body for defining levels of assurance for PKIs in production academic grids around the world. We are pursuing IGTF accreditation for the "Silver" CA, making those credentials usable for CI with high need for assurance.
Non-InCommon home institutions. While InCommon is growing and now represents over 200 organizations and over 4 million users, we recognize that there will be users from organizations that have not yet joined InCommon. In this case we encourage users to use the Google identity provider.
Privacy. The CILogon Service follows best practices for auditing, as befits an authentication service. With regards to these logs, we follow standard NCSA and University of Illinois policies. In summary, user information will only be released in aggregate form (so we can report metrics to NSF) or with the explicit, opt-in permission of the user. Note that the purpose of the service is to issue certificates containing user identifying information, but the CILogon Services issues certificates on explicit request of the user.
Host certificates. Currently the CILogon Service focuses on issuing certificates that identify people, rather than hosts or services, since this allows us to directly leverage the authentication services provided through InCommon.
For more information, please see our Frequently Asked Questions page.