Tailoring Software and Technologies to manage Authentication and Authorisation (A&A) in an Astronomical Data Center and improving user experience
The following success story was initiated as INAF strived to provide users and data centres with a robust Authentication and Authorization system.
The system requirements necessary to tailor make software and technologies to manage Authentication and Authorisation (A&A) in an Astronomical Data Centre must to take the following into account:
- Access to private and public data according to data policy;
- Data sharing among users;
- Access to software and computational resources according to data policy;
- Data computing through workflow applications.
IA2 Data Center (an Italian Astrophysical research infrastructure service of INAF that manages astronomical data archives) studied and elaborated solutions three such technologies which are:
- SAML2.0: A Security Assertion Markup Language (SAML) standard defines a framework for exchanging authentication and authorisation data between parties;
- SimpleSAMLphp; An open source lightweight implementation of several federation protocols written in PHP that deals with authentication;
- Grouper: An enterprise access management system designed for the highly distributed management environment and heterogeneous information technology environment.
Interoperability with other software: the STOA (Script Tracking for Observational Astronomy) web interface allows two-way communication with SAMP-enabled applications such as Topcat and DS9. Tasks in STOA are managed using the Common Workflow Language (CWL) standard, and the files produced can be utilised by any other programme using this standard.
How does it work ?
Worktable model: Worktables have emerged as the basic structure used in STOA. A worktable combines a workflow written in CWL with a table of input and output pairs (along with some other information such as user comments, execution status information etc.). Any process that can be described in CWL can be automatically used to create a worktable, and worktables can be linked together in a relational style. This approach automatically produces provenance information, although as yet this has not been made to conform to existing standards.