CILogon: A federated X.509 certification authority for cyberinfrastructure logon

Jim Basney, Terry Fleury, Jeff Gaynor

Research output: Contribution to journalArticlepeer-review

Abstract

CILogon provides a federated X.509 certification authority for secure access to cyberinfrastructure such as the Extreme Science and Engineering Discovery Environment. CILogon relies on federated authentication (Security Assertion Markup Language (OASIS, Burlington, MA (USA)) and OpenID) for determining user identities when issuing certificates. Federated authentication enables users to obtain certificates using existing identities (university, Google, etc.). Federated authentication also enables CILogon to serve a national-scale user community without requiring a large network of registration authorities performing manual user identification. CILogon supports multiple levels of assurance and custom interfaces for specific user communities. In this article, we introduce the CILogon service and describe experiences and lessons learned from the first 3years of operation.

Original languageEnglish (US)
Pages (from-to)2225-2239
Number of pages15
JournalConcurrency Computation Practice and Experience
Volume26
Issue number13
DOIs
StatePublished - Sep 10 2014

Keywords

  • InCommon
  • OAuth
  • OpenID
  • PKI
  • SAML
  • Shibboleth
  • X.509
  • XSEDE
  • grid computing
  • identity federation

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Computer Science Applications
  • Computer Networks and Communications
  • Computational Theory and Mathematics

Fingerprint Dive into the research topics of 'CILogon: A federated X.509 certification authority for cyberinfrastructure logon'. Together they form a unique fingerprint.

Cite this