The “Distributed Web Security for Science Gateways” project provides an open source, standards-compliant client and server security solutions that leverages the best-practices already adopted by industry. … Read More
OAuth provides a relatively simple yet powerful mechanism for resource owners (that is, end users) to allow controlled, third-party access to their resources. This requirement is common across many applications, including the science gateways and web portals that are the focus of our proposal. In the OAuth protocol, the resource owner interacts with an OAuth authorization server to approve access to the resource by the third party (the OAuth client) and issue tokens to the third party for secure … [Read More]
Trust is essential for science gateways. Users demand that their research and personal information are kept protected, and resource providers demand that their computing and storage resources are used appropriately by vetted users. Meeting these requirements has always required a leap of faith by both gateway users and resource providers, as gateways are not centrally managed or reviewed by any authority, and the distributed nature of the more sophisticated gateways introduces credential … [Read More]
September 19, 2013 By jbasney
Jim Basney will be presenting a short paper on "Science Gateway Security Recommendations" at the Science Gateway Institute Workshop in Indianapolis on September 27, 2013. We invite your comments about it in our discussion group.
Sign up to receive updates about software releases and find out what's new with ScienceGatewaySecurity.org!