AUTHENTICATION

How Authentication Works

TIES is a network of federated document servers.  TIES participants are affiliated with one and only one authentication server.  That server is the TIES node for that participant’s Organization.  As seen in Figure 1 authentication to the TIES network is a two step process. First the authenticating organization is determined and second the user authenticates to that organization.  The result is a “credential” that unambiguously identifies the user during her TIES session.

 

How Authorization and Access Control Works

TIES Researchers work in the context of a Research Study or “Protocol”.   Each network Document Provider must explicitly choose to participate in a given Study.  Figure 2 shows how Study based authorization works in TIES.

Technical Documentation for Security layer

Globus Web Services Resource Framework – This is the key “GRID” technology underlying TIES.  Web Services provide stateful access to “resources” which may be files, databases, or computational components.   Globus® Toolkit is a fundamental enabling technology for the “Grid,” letting people share computing power, databases, and other tools securely online across corporate, institutional, and geographic boundaries without sacrificing local autonomy. The toolkit includes software services and libraries for resource monitoring, discovery, and management, plus security and file management.  TIES is built upon the Java implementation of the Globus Toolkit.

The Grid Security Infrastructure (GSI), formerly called the Globus Security Infrastructure, is a specification for secret, tamper-proof, delegatable communication between software in agrid computing environment. Secure, authenticatable communication is enabled using asymmetric encryption.   OGSA-DAI, Open Grid Services Infrastructure Data Access and Integration. Provides Grid based access to relational database management systems.  TIES uses this technology to implement some of its middleware on top of Globus.