Executive Summary: A researcher needs to access his/her data on a community resource after his/her allocation on that resource ends.
The SP forum agreed to a standard 90-day grace period at their meeting on January 23, 2020. The XSEDE system is currently honoring a 90-day grace period for the user authentication services used by data transfer, so as long as SP services honor the grace period, it should work for researchers. The one remaining piece is to ensure that the standard 90-day grace period is documented on the XSEDE website. No further work is proposed.
|Component||User facing?||Component’s role in the capability|
|Globus Toolkit GridFTP Service||no||The Globus Transfer service uses GridFTP servers to transfer data from one endpoint to another.|
|Globus Transfer||yes||XSEDE users use the Globus Transfer service to request data transfers to/from XSEDE storage systems.|
|OAuth for MyProxy (OA4MP)||yes||The Globus Transfer service redirects individuals to the XSEDE OA4MP service when they access an XSEDE transfer endpoint. The OA4MP service uses MyProxy to authenticate the individual as an XSEDE user and generate a credential that the Transfer service can use for data transfers on the individual's behalf.|
|XSEDE Central Database||no||The XSEDE MyProxy service queries the XCDB for allocation status when an individual authenticates. MyProxy only permits a certificate to be generated if the individual is currently part of an active allocation or has been part of an active allocation within the standard 90-day grace period.|
|XSEDE MyProxy||no||The MyProxy service authenticates individuals using XSEDE's Kerberos service and queries the XCDB for their current allocation status. On success, it returns an X.509 certificate that can be used with OA4MP to "activate" the endpoint in the Globus Transfer service so transfers can be authenticated.|