XSEDE Capability Delivery Plan for "IDM-13: Authenticate to XSEDE OpenStack APIs"

Use Case IDM-13: Authenticate to XSEDE OpenStack APIs

Area: Account Management
URLs: Public, Review

Executive Summary: An XSEDE-allocated researcher wants to authenticate to the APIs offered by an XSEDE OpenStack resource using his/her XSEDE identity.

URLs: Public
First CDP: 2017-11-16

Current Implementation Status:

PARTIAL

Issues Remaining:

XCI-451: XSEDE hasn't documented use of Globus Auth with OpenStack APIs

Time & Effort Summary:

No effort or changes are proposed at this time. Current users of OpenStack APIs on the one XSEDE resource that offers user access, Jetstream, are satisfied with the current authentication mechanism offered by Jetstream, and the Jetstream Service Providers (Indiana University and TACC) are satisfied with administering the current mechanism.

Significant Revisions:

2018-09-05 14:31

This capability is currently supported by the following 2 components:

Component	User facing?	Component’s role in the capability
Globus Auth	yes	Globus Auth is XSEDE's Web Single Sign-On (Web SSO) service. Beyond supporting user authentication for Web browser-based "Web apps," Globus Auth also provided OAuth2-based authentication for use by REST APIs. OpenStack APIs can use OAuth2 access tokens for authentication. Thus, Globus Auth can be used to protect access to OpenStack APIs, including user authentication.
Service Provider IaaS (Cloud) Services	yes	The cloud resources offered by XSEDE Service Providers (SPs) are the resources that are to be accessed and used once authentication via Single Sign-On is accomplished.