JIRA Issue

[#XCI-196] Deliver XSEDE user to OAuth identity mappings

[XCI-196] Deliver XSEDE user to OAuth identity mappings Created: 09/06/2017  Updated: 04/29/2019

Status: Development
Project: XSEDE Cyberinfrastructure Integration
Component/s: AMIE, Globus Auth, XSEDE Central Database (XCDB)
Fix Version/s: PY8 (Sep '18 - Aug '19)

Type: XCI Enhanced Capability Priority: Major
Reporter: JP Navarro Assignee: Galen Arnold
Resolution: Unresolved Votes: 1

Attachments: Text File mapfile.txt     Text File output.txt     File xci-196-mapfile.py     File xci196mapfile.py    
Issue Links:
Associated bugs and stories
associated with A3M-162 Implement XDCDB API to support work o... Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
associated with XCI-437 Evaluate Globus Auth SSH Beta Closed
Meeting Action Item
is meeting action item from XCI-216 RACD Planning Meeting - September 14,... Completed
SD&I Deliverable
is deliverable of XCI-496 SSH with OAuth (OIDC/OAuth SSH servic... Proposed
Target Operator:
XSEDE Community Infrastructure, XSEDE Enterprise Services, XSEDE Service Providers
XSEDE Priority: -
XSEDE Areas:
RACD Security
Discussion Thread: https://software.xsede.org/discussion-forums/xci-196-deliver-xsede-user-oauth-identity-mappings
Public activity link: https://software.xsede.org/display/xci-196
Devel Repository: https://software.xsede.org/svn/xci/activities/xci-196/trunk/
Use Cases:
CAN-01: Run a Remote Job, CAN-02: Managed File Transfer, CAN-04: Interactive Login
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 0.6 Lead and implement the activity none
Liming, Lee 0.2 Design and assist with documentation none
Shapiro, Michael 0.6 Implement XCDB API none
Arnold, Galen 0.4 Implement mapping download/install/distribute functionality none
TBD (tester) 0.2 one week of effort to test the software none
... ... .. none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Actual Design Review Date:
Planned Complete Date:
Activity Lead: Jim Basney
Lead Tester: Shava Smallen
Design Document: https://software.xsede.org/svn/xci/activities/xci-196/trunk/Deliverables/XCI-196-Design.pdf


Part of the Globus Toolkit de-support announcement includes retiring authenticating users to remote services using user X.509 credentials. Currently XSEDE provides SPs user X.509 credential information for mapping to local SP accounts in GridFTP and GSI OpenSSH. This activity will identity how XSEDE can map new OAuth global identity to SP accounts and what components will be changed and to implement those mappings. Implementation will likely include building an interface for extracting XSEDE to local account mappings from XCDB, and tools for downloading and installing those mappings on individual resources. This activity may spin off other activities to enhance components that implement these mappings. This activity will not retire the existing user X.509 identity mapping process


There are comments for XCI-196 that can be viewed with XSEDE authentication.