JIRA Issue

[#XCI-694] Add SciTokens support to SSH with OAuth

[XCI-694] Add SciTokens support to SSH with OAuth Created: 01/07/2020  Updated: 10/01/2020

Status: Design
Project: XSEDE Cyberinfrastructure Integration
Component/s: Globus Auth SSH
Fix Version/s: PY9 (Sep '19 - Aug '20)

Type: XCI Enhanced Capability Priority: Major
Reporter: Jim Basney Assignee: Jim Basney
Resolution: Unresolved Votes: 0

Issue Links:
Associated bugs and stories
associated with XCI-751 OAuth based SSH login capability inte... Cancelled
is blocked by XCI-496 SSH with OAuth (OIDC/OAuth SSH servic... Design Review
relates to XCI-713 Evaluate SciTokens for capability-bas... Proposed
XCI-753 Add SciTokens support to SSH with OAu... Sub-task In Progress  
Target Operator:
Campus Resource Operators, XSEDE Enterprise Services, XSEDE Service Providers
XSEDE Priority: -
XSEDE Areas:
RACD Security
Public activity link: https://software.xsede.org/display/xci-694
Devel Repository:
Use Cases:
CAN-04: Open a command shell on a login server (web browser)
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions Status
Basney, Jim 1 one week of effort to lead and implement the activity (required) none
Liming, Lee 1 one week of effort to coordinate with overall OAuth-SSH effort none
Makey, Jeff 1 one week of effort to help with implementation none
Fleury, Terry 0.1 half day for security review none
TBD (tester) 1 one week of effort to test the software none
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Planned Launch Date:
Actual Launch Date:
Planned Design Review Date:
Planned Test Readiness Review Date:
Planned Complete Date:
Activity Lead: Jim Basney Jim Basney
Lead Tester: Shava Smallen Shava Smallen


SciTokens (https://scitokens.org/) is an NSF-funded project to implement capabilities-based authorization for distributed scientific computing. SciTokens software is Open Source, follows OAuth and JSON Web Token (JWT) standards, and conforms to WLCG Common JWT Profiles (https://doi.org/10.5281/zenodo.3460258).

Adding SciTokens support to SSH with OAuth (XCI-496) enables login using standard JWTs as an alternative to Globus Auth tokens. An initial implementation is complete (see: https://github.com/XSEDE/oauth-ssh/pull/69).


There are comments for XCI-694 that can be viewed with XSEDE authentication.