Award Abstract # 1127210
SDCI Sec: Distributed Web Security for Science Gateways

NSF Org: OAC
Office of Advanced Cyberinfrastructure (OAC)
Recipient: UNIVERSITY OF ILLINOIS
Initial Amendment Date: July 18, 2011
Latest Amendment Date: July 18, 2011
Award Number: 1127210
Award Instrument: Standard Grant
Program Manager: Rob Beverly
OAC
 Office of Advanced Cyberinfrastructure (OAC)
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: August 1, 2011
End Date: July 31, 2015 (Estimated)
Total Intended Award Amount: $948,821.00
Total Awarded Amount to Date: $948,821.00
Funds Obligated to Date: FY 2011 = $948,821.00
History of Investigator:
  • James Basney (Principal Investigator)
    jbasney@illinois.edu
  • Marlon Pierce (Co-Principal Investigator)
  • Rion Dooley (Co-Principal Investigator)
Recipient Sponsored Research Office: University of Illinois at Urbana-Champaign
506 S WRIGHT ST
URBANA
IL  US  61801-3620
(217)333-2187
Sponsor Congressional District: 13
Primary Place of Performance: University of Illinois at Urbana-Champaign
1901 SOUTH FIRST ST.
Champaign
IL  US  61820-7406
Primary Place of Performance
Congressional District:
13
Unique Entity Identifier (UEI): Y8CWNJRCNN91
Parent UEI: V2PHZ2CSCH63
NSF Program(s): Cybersecurity Innovation
Primary Program Source: 01001112DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7683
Program Element Code(s): 802700
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Science gateways broaden and simplify access to cyberinfrastructure (CI) by providing Web-based interfaces to collaboration, analysis, data management, and other tools for students and researchers. In a recent survey of 5,000 NSF PIs, NSF's Campus Bridging Task Force found that "the most common method of accessing CI across the entire dimension of providers is via Web browser/portal." As these science gateway interfaces to cyberinfrastructure grow in popularity, Web portal developers adopt ad hoc approaches to the security challenges of authentication, authorization, and delegation. Science gateways integrate cyberinfrastructure resources on the researcher's behalf, i.e., accessing data, compute cycles, instruments, and other valuable resources. Resource access often requires use of the researcher's security credentials, in some cases exposing the researcher's long-lived password to potential compromise at the science gateway. There is no standard approach for a researcher to control and limit a science gateway's access to his or her resources. Thus, researchers are required to accept an unnecessarily high risk when using science gateways.

The "Distributed Web Security for Science Gateways" project will directly address these risks by providing authorization and delegation software for science gateways that complies with the Internet Engineering Task Force's standard OAuth protocol, which has been widely adopted in the Web 2.0, cloud, and social networking worlds. The project will deliver 1) a robust, well-documented OAuth server implementation supporting science gateway use cases, 2) a set of client libraries and authentication modules to enable current and future gateways to interact with the server implementation out of the box with common Web platforms, and 3) full integration with popular gateways and cyberinfrastructure providers.

The project will enhance cyberinfrastructure for research and education by providing common software building blocks for science gateway security. These building blocks will facilitate secure connections between gateways and other cyberinfrastructure, increasing the trust in Web-based interfaces by scientists and resource providers. The ongoing migration from command-line to Web-based interfaces promises to broaden the use of cyberinfrastructure by researchers and students, enhancing educational impact and researcher productivity. Too often security is a stumbling block for cyberinfrastructure deployment and use. By addressing common security use cases, the project will provide standard methods to facilitate secure cyberinfrastructure access.

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The "Distributed Web Security for Science Gateways" project provided software that enables scientists to securely access distributed computing resources from their web browser using the OAuth security protocol, a standard of the Internet Engineering Task Force. Previously, science gateways used ad hoc security approaches to provide web interfaces to tools for scientific collaboration, analysis, and data management. The project documented and implemented standard security solutions for these science gateways, and the project's software is now used by scientists in the US and around the world. The project published all of its software using open source licenses so anyone can re-use and modify it.

Project personnel presented results at the Extreme Science and Engineering Discovery Environment (XSEDE) conference, the International Workshop on Science Gateways (IWSG), the International Symposium on Cluster, Cloud and Grid Computing (CCGrid), the Science Gateway Institute Workshop, and the Gateway Computing Environments Workshop (GCE).

The project supported the professional development of two graduate students at the University of Wisconsin and two graduate students at Indiana University.

The project enhanced computing for research and education by providing common software building blocks for science gateway security. The ongoing migration from command-line to web-based interfaces promises to broaden the use of scientific computing resources by researchers and students, enhancing educational impact and researcher productivity. Too often security is a stumbling block for deployment and use of scientific computing resources. The standard security methods implemented by the project ease secure access to these systems.


Last Modified: 08/25/2015
Modified by: James A Basney

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page