Salvato in:
Dettagli Bibliografici
Autori principali: Alam, Sadaf R., Woods, Christopher, Williams, Matt, Moore, Dave, Prior, Isaac, Williams, Ethan, Price, Anna, Womack, James, McIntosh-Smith, Simon, Yang-Turner, Fan, Pryor, Matt, Livenson, Ilja
Natura: Preprint
Pubblicazione: 2024
Soggetti:
Accesso online:https://arxiv.org/abs/2410.18411
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866909405243506688
author Alam, Sadaf R.
Woods, Christopher
Williams, Matt
Moore, Dave
Prior, Isaac
Williams, Ethan
Price, Anna
Womack, James
McIntosh-Smith, Simon
Yang-Turner, Fan
Pryor, Matt
Livenson, Ilja
author_facet Alam, Sadaf R.
Woods, Christopher
Williams, Matt
Moore, Dave
Prior, Isaac
Williams, Ethan
Price, Anna
Womack, James
McIntosh-Smith, Simon
Yang-Turner, Fan
Pryor, Matt
Livenson, Ilja
contents Scientific workflows have become highly heterogenous, leveraging distributed facilities such as High Performance Computing (HPC), Artificial Intelligence (AI), Machine Learning (ML), scientific instruments (data-driven pipelines) and edge computing. As a result, Identity and Access Management (IAM) and Cybersecurity challenges across the diverse hardware and software stacks are growing. Nevertheless, scientific productivity relies on lowering access barriers via seamless, single sign-on (SSO) and federated login while ensuring access controls and compliance. We present an implementation of a federated IAM solution, which is coupled with multiple layers of security controls, multi-factor authentication, cloud-native protocols, and time-limited role-based access controls (RBAC) that has been co-designed and deployed for the Isambard-AI and HPC supercomputing Digital Research Infrastructures (DRIs) in the UK. Isambard DRIs as a national research resource are expected to comply with regulatory frameworks. Implementation details for monitoring, alerting and controls are outlined in the paper alongside selected user stories for demonstrating IAM workflows for different roles.
format Preprint
id arxiv_https___arxiv_org_abs_2410_18411
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Federated Single Sign-On and Zero Trust Co-design for AI and HPC Digital Research Infrastructures
Alam, Sadaf R.
Woods, Christopher
Williams, Matt
Moore, Dave
Prior, Isaac
Williams, Ethan
Price, Anna
Womack, James
McIntosh-Smith, Simon
Yang-Turner, Fan
Pryor, Matt
Livenson, Ilja
Distributed, Parallel, and Cluster Computing
Scientific workflows have become highly heterogenous, leveraging distributed facilities such as High Performance Computing (HPC), Artificial Intelligence (AI), Machine Learning (ML), scientific instruments (data-driven pipelines) and edge computing. As a result, Identity and Access Management (IAM) and Cybersecurity challenges across the diverse hardware and software stacks are growing. Nevertheless, scientific productivity relies on lowering access barriers via seamless, single sign-on (SSO) and federated login while ensuring access controls and compliance. We present an implementation of a federated IAM solution, which is coupled with multiple layers of security controls, multi-factor authentication, cloud-native protocols, and time-limited role-based access controls (RBAC) that has been co-designed and deployed for the Isambard-AI and HPC supercomputing Digital Research Infrastructures (DRIs) in the UK. Isambard DRIs as a national research resource are expected to comply with regulatory frameworks. Implementation details for monitoring, alerting and controls are outlined in the paper alongside selected user stories for demonstrating IAM workflows for different roles.
title Federated Single Sign-On and Zero Trust Co-design for AI and HPC Digital Research Infrastructures
topic Distributed, Parallel, and Cluster Computing
url https://arxiv.org/abs/2410.18411