Security made simple with NCSA’s CILogon March 22, 2023 Research ACCESSCybersecurityHPC OperationsIntegrated CyberinfrastructureSoftware and Applications Share this page: Twitter Facebook LinkedIn Email By NCSA News Staff In the digital age it’s likely just about everyone has faced this challenge: You need to access important documents and data stored in the cloud, but you forgot your password and now must create yet another new identity. For researchers who have allocations for high-performance computing and services across many locations, the challenge can mean slower progress on important scientific endeavors and questionable online security. Fortunately, there’s a solution to the challenge called CILogon, a software development effort at NCSA launched more than 10 years ago to enable secure logins to scientific cyberinfrastructure. “Without CILogon you have to set a new username and password for every system used,” said Jim Basney, principal research scientist at NCSA and head of the four-person team who developed CILogon in the CI Security Research Group. “You need to use a password manager and it’s more inconvenient for the users and the system operators who have to deal with more passwords and password resets.” Using CILogon, a user can access any online location where they or their research group have an allocation using their existing credentials from their home organization. It’s as simple and seamless as logging in to a Google or Facebook account and means researchers can use resources located at different sites with no need for IT support to set new identities. CILogon started with a grant from the National Science Foundation (NSF) and the goal was to develop a tool that would enable NSF-supported scientists to use a new technology called federated authentication. Federated authentication links a user’s identity across multiple separate identity management systems. It allows users to quickly move between systems while maintaining security. “At that time, (federated authentication) was new and was being used to connect authentication systems across the U.S.,” said Basney. “We wanted to take advantage of that to make using HPC resources as painless as possible and allow collaboration across universities and across major research facilities.” When NSF launched ACCESS, its latest effort to advance innovative cyberinfrastructure and computational resources to support scientific discovery, it adopted CILogon as one of its services and Basney’s team began migrating thousands of users to the system. Many had been CILogon users with the NSF XSEDE program, the forerunner to ACCESS, but the migration was the largest ever for the CILogon team. Many of the migrations involved custom integration of ACCESS services and software so that researchers can log in and have instant access to the tools they use in their work, said Basney. Basney estimated that each month 20,000 users from 500 organizations worldwide use CILogon, and said that maintaining and improving the system for that worldwide research community is crucial. To ensure sustainability, NCSA shifted from an NSF-funded model for CILogon to a subscription model in 2019. CILogon now has about 20 paid subscriber organizations representing thousands of researchers, he said. Many more use the free tier of CILogon. “We’ve been around for more than 10 years because some of these scientific collaborations last that long, and some have been around for 30 years or more,” said Basney. “They need stable cyberinfrastructure. They don’t want to worry about what’s changed from year to year.” The CILogon team members (from left to right): Jeff Gaynor, Heather Flanagan, Scott Koranda, Jim Basney, Terry Fleury, and Benn Oshrin. The CILogon team is motivated to support science. Working here at NCSA, we are dedicated to providing the infrastructure that enables scientific breakthroughs. We work in service to those researchers. Jim Basney, head of CILogon team, NCSA CI Security Research Group CILogon has also proven to be a valuable tool for sharing scientific research and data for education. For example, Jupyter Notebook, the popular open-source, web-based tool for creating and sharing computational documents, now offers JupyterHub, a multiuser version of the notebook that can be used for classroom education and research data sharing. This February, 2i2c, a nonprofit that designs, develops, and operates JuptyterHubs for communities of practice in research and education, announced a partnership with NCSA to expand the use of CILogon for the hubs it manages. The group began working with NCSA about a year ago and so far, about 15 hubs successfully use CILogon. Most of these hubs are for education communities that want to manage their hub access through their own institutional providers. According to a 2i2c blog post, the software means hub access can be managed through a community’s institutional provider and also through popular platforms such as GitHub and Google. Because both authentication mechanisms can coexist, 2i2c staff can access the hubs without institution-specific credentials, meaning a less complex hub deployment and less burden on institutional IT departments. As the ACCESS program continues and partners such as 2i2c work to integrate CILogon into their services, Basney said his development team will focus on staying on the cutting edge on advances in authentication protocols and the underlying technical specifications that enable interoperability and security. As more services move to the cloud, the team will continue to integrate CILogon with cloud services and open-source software platforms. “We want to be able to help science projects keep up to date,” said Basney. “If we update our platform, they don’t have to worry about it.