Securing MDSplus in a multi-organisation environment

Abstract MDSplus [1] has become the de facto standard data access method in the fusion community. Based on this, it was a priority for EFDA Federation [2] to integrate this technology as a new service for federated users, providing secure access mechanisms to MDSplus compatible applications. To achieve this, it has been necessary to upgrade MDSplus and make it compatible with PAPI [3] technology, which is currently used as security infrastructure in the EFDA Federation. Additionally, the included modifications are useful for future integrations in other federation technologies such as Shibboleth [4] . The integration of MDSplus into a federated structure has several benefits. From the service management point of view, there is a simplification of the installation of new MDSplus services in fusion community and its corresponding security management. From the user point of view, the integration of MDSplus into a federated structure has several advantages. The first one is user mobility, which is the possibility of accessing data independently of his client IP address. The second one is a multi-organisation infrastructure, so the user can access data from different organisations that implement MDSplus interface. Finally, single sign on PAPI feature enables users to access to different MDSplus data sources, and other federated services, with just one authentication.