XSEDE Capability Delivery Plan for "IDM-13: Authenticate to XSEDE OpenStack APIs"
Primary tabs
Use Case IDM-13: Authenticate to a resource’s OpenStack API
Area: Account ManagementURLs: Public, Review
Executive Summary: A researcher or educator (hereafter referred to as “the user”) wants to use his/her community identity to obtain credentials that can be used to authenticate with the OpenStack API on a community resource.
First CDP: 2017-11-16
Current CDP:
No effort or changes are proposed at this time. Current users of OpenStack APIs on the one XSEDE resource that offers user access, Jetstream, are satisfied with the current authentication mechanism offered by Jetstream, and the Jetstream Service Providers (Indiana University and TACC) are satisfied with administering the current mechanism.
| Component | User facing? | Component’s role in the capability |
|---|---|---|
| Globus Auth | yes | Globus Auth is XSEDE's Web Single Sign-On (Web SSO) service. Beyond supporting user authentication for Web browser-based "Web apps," Globus Auth also provided OAuth2-based authentication for use by REST APIs. OpenStack APIs can use OAuth2 access tokens for authentication. Thus, Globus Auth can be used to protect access to OpenStack APIs, including user authentication. |
| Service Provider IaaS (Cloud) Services | yes | The cloud resources offered by XSEDE Service Providers (SPs) are the resources that are to be accessed and used once authentication via Single Sign-On is accomplished. |
© XSEDE All Rights Reserved. Visit the Feedback page for assistance or to provide feedback.
The Extreme Science and Engineering Discovery Environment is supported by the National Science Foundation.
Administrative Login