JIRA Issue

[#XCI-713] Evaluate SciTokens for capability-based access to services and data

[XCI-713] Evaluate SciTokens for capability-based access to services and data Created: 02/26/2020  Updated: 12/03/2020

Status: Proposed
Project: XSEDE Cyberinfrastructure Integration
Component/s: None
Fix Version/s: None

Type: XCI Evaluation Priority: Major
Reporter: Jim Basney Assignee: Unassigned
Resolution: Unresolved Votes: 0

Attachments: PDF File XSEDE_Letter-CICI-SciTokens-XSEDE.pdf    
Issue Links:
relates to XCI-694 Add SciTokens support to SSH with OAuth Design
relates to XCI-638 Explore CVMFS use cases, priority, an... Backlog
XSEDE Priority: -
Public activity link: https://software.xsede.org/display/xci-713
Devel Repository:
Use Cases:
CAN-06: Authenticate with an application
Effort and Costs:
Staff Name (Lastname, Firstname) Effort (person weeks) Roles or Contributions
<Activity Lead Name – Last, First> ? ? weeks of effort to lead and implement the activity (required)
<User Doc Drafter – Last, First> ? one day of effort to draft user documentation (required )
TBD (tester) ? one week of effort to test the software
... ... ..
Due by Activity Deliverable
DSR Design document*
TRR Implemented Software Capability
TRR Other type of deliverable
TRR Deployment plan*
TRR Test plan*
TRR User documentation*
TRR (post) TRR Baseline* (Shava)
Deployment Deployment Baseline* (Shava)
Deployment Test Report* (Shava)
  • Click on "Deliverables" tab for URL.
Track status in meeting: no
Lead Tester: Shava Smallen Shava Smallen


SciTokens provides open source libraries for capability-based access to services and data following the WLCG Common JWT Profiles community standard. XSEDE has committed to help evaluate the SciTokens technology (see attached letter) for use by the broad range of research communities that XSEDE supports.

At https://github.com/scitokens/ the SciTokens project has example integrations with Xrootd, CVMFS, and OpenSSH. https://github.com/htcondor/scitokens-credmon also provides an integration with HTCondor. OSG is using SciTokens for data access for some VOs.

Prior to activity launch we should identify target use cases (e.g., CVMFS data access for LIGO) and collaborators (e.g., OSG).