The evolution of identities in OSG

How we work and socialize has been massively transformed by the recent changes in mobile and cloud-based technologies. Influenced by these changes, our users expect to have faster, easier, on-demand access to systems to do their work. Obviously, OSG and its identity management infrastructure cannot shield themselves from these developments, and OSG’s identity management has been evolving accordingly. One thing that became even clearer recently is that forcing our users to use X.509 digital certificates as the only means of authentication is not going to be a very fruitful solution for OSG’s future success. As a result, OSG has embraced the paradigm of job submission frameworks such as glideinWMS. This change enables us to offer an alternative, easier access control mechanism for our users. Because the glideinWMS system can already keep track of users and their jobs over the grid, we no longer need to have X.509 certificates for end users. Users can log in to the job submit nodes with their ssh keys or passwords and then leave glideinWMS and security infrastructure to take care of the rest. This initial step was welcomed enthusiastically by our users and resulted in increased resource productivity. As for our future steps, we want to bring the same ease of access to the OSG data storage and transfer services.

~ Mine Altunay