权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

CICI: UCSS: SciAuth: Deploying Interoperable and Usable Authorization Tokens to Enable Scientific Collaborations

CICI：UCSS：SciAuth：部署可互操作和可用的授权令牌以实现科学协作

基本信息

批准号：
2114989
负责人：
James Basney
金额：
$ 50万
依托单位：
University of Illinois at Urbana-Champaign
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2021
资助国家：
美国
起止时间：
2021-07-01 至 2025-06-30
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2114989&HistoricalAwards=false
关键词：
CICI UCSS SciAuth Deploying Interoperable

项目摘要

The SciAuth project facilitates a cybersecurity transformation for NSF cyberinfrastructure, which is the scientific computing infrastructure across the nation that enables scientific productivity. The transformation at the heart of the project is a migration from cybersecurity technologies from 20 years ago to the cybersecurity standards of the modern Web. SciAuth provides needed leadership and coordination for this critical transformation through community engagement, coordinated adoption of community standards, integration with software cyberinfrastructure, security analysis and threat modeling, training, and workforce development. The project helps the community realize the benefits of an interoperable, modern cybersecurity ecosystem when transitioning between technologies, while maintaining the reliable and secure cyberinfrastructure upon which the scientific community depends. This transition to modern cybersecurity mechanisms is critical for enabling productive scientific collaborations across a diverse and distributed scientific cyberinfrastructure ecosystem. SciAuth builds on prior work by the NSF SciTokens project, in partnership with domain science projects and cyberinfrastructure providers, to realize this cybersecurity breakthrough across NSF cyberinfrastructure. SciAuth also supports the development of a diverse, globally competitive STEM workforce through a fellows program that pairs students across the country with mentors from the project to collaborate on student-led projects on the topic of cyberinfrastructure security.The migration from X.509 user certificates to JSON Web Tokens is in progress across NSF cyberinfrastructure. This migration has facilitated a re-thinking of authentication and authorization among cyberinfrastructure providers: enabling federated authentication as a core capability, improving support for attribute, role, and capability-based authorization, and reducing reliance on prior identity-based authorization methods that created security and usability problems. Achieving the benefits of a fundamentally new security credential ecosystem in NSF cyberinfrastructure, while avoiding the temptation to simply re-implement old X.509 methods, requires leadership and coordination. SciAuth provides the needed leadership and coordination to make these breakthrough technologies usable by scientists across disciplines, project sizes, and software ecosystems by enabling coordinated deployments across cyberinfrastructures in active use today.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

SciAuth项目促进了NSF网络基础设施的网络安全转型，这是全国范围内实现科学生产力的科学计算基础设施。该项目的核心转变是从20年前的网络安全技术向现代网络的网络安全标准的迁移。SciAuth通过社区参与、协调采用社区标准、与软件网络基础设施集成、安全分析和威胁建模、培训和劳动力发展，为这一关键转型提供必要的领导和协调。该项目帮助科学界在技术转换时实现可互操作的现代网络安全生态系统的好处，同时维护科学界所依赖的可靠和安全的网络基础设施。这种向现代网络安全机制的过渡对于在多样化和分布式的科学网络基础设施生态系统中实现富有成效的科学合作至关重要。SciAuth建立在NSF科学token项目之前的工作基础上，与领域科学项目和网络基础设施提供商合作，在NSF网络基础设施中实现这一网络安全突破。SciAuth还通过一项研究员计划，支持培养一支多元化的、具有全球竞争力的STEM劳动力队伍，该计划将全国各地的学生与该项目的导师配对，在以学生为主导的网络基础设施安全主题的项目上进行合作。从X.509用户证书到JSON Web令牌的迁移正在NSF网络基础设施中进行。这种迁移促进了网络基础设施提供商之间对身份验证和授权的重新思考：启用联合身份验证作为核心功能，改进对基于属性、角色和功能的授权的支持，并减少对先前基于身份的授权方法的依赖，这些方法会产生安全性和可用性问题。在NSF网络基础设施中实现全新安全凭证生态系统的好处，同时避免简单地重新实现旧X.509方法的诱惑，需要领导和协调。SciAuth提供了所需的领导和协调，使这些突破性技术能够被跨学科、项目规模和软件生态系统的科学家使用，从而实现跨网络基础设施的协调部署。该奖项反映了美国国家科学基金会的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。