Enhancing the Earth System Grid Authentication Infrastructure through Single Sign-On and Autoprovisioning

Climate scientists face an overarching need to efficiently access and manipulate climate model data. Increasingly, researchers must assemble and analyze large datasets that are archived in different formats on disparate platforms and must extract portions of datasets to compute statistical or diagnostic metrics in place. The need for a common virtual environment in which to access both climate model datasets and analysis tools is therefore keenly felt. The software infrastructure to support such an environment must not only provide ready access to climate data but must also facilitate the use of visualization software, diagnostic algorithms, and related resources. To this end, the Earth System Grid Center for Enabling Technologies (ESG-CET) was established in 2006 by the Scientific Discovery through Advanced Computing program of the U.S. Department of Energy through the Office of Advanced Scientific Computing Research and the Office Biological and Environmental Research within the Office of Science. ESG-CET is working to advance climate science by developing computational resources for accessing and managing model data that are physically located in distributed multiplatform archives. In this paper, we discuss recent development and implementation efforts by the Earth System Grid (ESG) concerning its security infrastructure. ESG's requirements are to make user logonmore » as easy as possible and to facilitate the integration of security services and Grid components for both developers and system administrators. To meet that goal, we leverage existing primary authentication mechanisms, deploy a 'lightweight' but secure OpenID WebSSO, deploy a 'lightweight' X.509-PKI, and use autoprovisioning to ease the burden of security configuration management. We are close to completing the associated development and deployment.« less