Skip to content Skip to navigation

JIRA Issue

[#XCI-2] Document how Science Gateways can use XSEDE Identity Management

[XCI-2] Document how Science Gateways can use XSEDE Identity Management Created: 06/07/2016  Updated: 08/23/2018

Status: Closed
Project: XSEDE Cyberinfrastructure Integration
Component/s: CILogon, Globus Auth, OAuth for MyProxy (OA4MP), XSEDE Identity Provider (IdP)
Fix Version/s: PY7 (Sep '17 - Aug '18)

Type: XCI New Capability Priority: Major
Reporter: Lee Liming Assignee: Shava Smallen
Resolution: Unresolved Votes: 0

Issue Links:
has review REVIEW-48 XCI-2 Document how Science Gateways c... Closed
SD&I Deliverable
is deliverable of XCI-10 CDP for SGW-1 Science Gateway Identit... Closed
Target Operator:
XSEDE Science Gateways
XSEDE Priority: -
Use Case Priority: High
Public activity link:
Devel Repository:
Use Cases:
SGW-01: Science Gateway user authentication and identity management, SGW-04: Data movement between gateway users' desktops/laptops and XSEDE resources
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Liming, Lee 1 one week of effort to draft user documentation and test plan none
Basney, Jim 0.2 one day of effort to contribute to user documentation and test plan none
TBD 2 two weeks of effort to test documentation and prepare test report none
Type Deliverable
End-user Documentation Docs that science gateway developers can use to add XSEDE user authentication to their gateway
Software Documentation Testing plan and test report
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Planned Test Readiness Review Date:
Actual Test Readiness Review Date:
Planned Complete Date:
Actual Complete Date:
Activity Lead: Lee Liming
Lead Tester: Shava Smallen
Choonhan Youn
Test Plan:
User documentation:
TRR Baseline:
Test Report:


We need to document the use of XSEDE identity management to coordinate user identities between a science gateway and XSEDE. This is one of two methods proposed for use case SGW-1 (high priority as per UREP) and it is required for SGW-4 (moderate priority).

Identity coordination is required for the 6-8-2016 Capability Delivery Plan for use case SGW-4 because the proposed implementation of this use case relies heavily on authorization by group membership, and group membership requires authenticated identities. In concrete terms, the file access services running on XSEDE systems must be able to identify the end user of the science gateway when the end user connects from their own laptop or desktop. The services then need to be able to recognize the end user’s membership in an XSEDE group that was defined by the science gateway. Thus, there must be a way to recognize XSEDE group membership when starting with an identity credential that the end user possesses (as opposed to the science gateway’s XSEDE credential, which the user does not-and must not-possess).


There are comments for SDIACT-245 that can be viewed with XSEDE authentication.