A Study of Three Approaches to International Identity Federation for the LIGO Project

This document is a product of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC). CTSC is supported by the National Science Foundation under Grant Number OCI-1234408. For more information about the Center for Trustworthy Scientific Cyberinfrastructure please visit: http://trustedci.org/. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation

Center for Trustworthy Scientific Cyberinfrastructure Engagement Plan: Final Report for LIGO Engagement

The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) engages with NSF-funded projects to address their cybersecurity challenges. This document presents the results of one such engagement with the Laser Interferometer Gravitational-Wave Observatory (LIGO), a large research project funded by the National Science Foundation. LIGO seeks to make the first direct detection of gravitational waves, use them to explore the fundamental physics of gravity, and develop the emerging field of gravitational wave science as a tool of astronomical discovery. The primary goal of this engagement was to apply CTSC experience and expertise in leveraging SAML identify federations to support scientific projects to remove barriers for efficient international collaboration between LIGO and other astronomy and astrophysics projects by decreasing the effort required for LIGO to federate with those projects

Center for Trustworthy Scientific Cyberinfrastructure Engagement Plan: Final Report for LIGO Engagement

The Center for Trustworthy Scientific Cyberinfrastructure (CTSC) engages with NSF-funded projects to address their cybersecurity challenges. This document presents the results of one such engagement with the Laser Interferometer Gravitational-Wave Observatory (LIGO), a large research project funded by the National Science Foundation. LIGO seeks to make the first direct detection of gravitational waves, use them to explore the fundamental physics of gravity, and develop the emerging field of gravitational wave science as a tool of astronomical discovery. The primary goal of this engagement was to apply CTSC experience and expertise in leveraging SAML identify federations to support scientific projects to remove barriers for efficient international collaboration between LIGO and other astronomy and astrophysics projects by decreasing the effort required for LIGO to federate with those projects

Upper Limit Set by Causality on the Rotation and Mass of Uniformly Rotating Relativistic Stars

Causality alone suffices to set a lower bound on the period of rotation of relativistic stars as a function of their maximum observed mass. That is, by assuming a one-parameter equation of state (EOS) that satisfies v_sound < c and that allows stars with masses as large as the largest observed neutron-star mass, M_sph^max, we find P[ms] > 0.282 + 0.196 ( M_sph^max/M_odot-1.442). The limit does not assume that the EOS agrees with a known low-density form for ordinary matter, but if one adds that assumption, the minimum period is raised by a few percent. Thus the current minimum period of uniformly rotating stars, set by causality, is 0.28ms (0.29ms for stars with normal crust). The minimizing EOS yields models with a maximally soft exterior supported by a maximally stiff core. An analogous upper limit set by causality on the maximum mass of rotating neutron stars requires a low-density match and the limit depends on the matching density, epsilon_m. We recompute it, obtaining a slightly revised value, M_rot^max \sim 6.1( 2 * 10^14 g/cm^3 epsilon_m )^1/2 M_odot.Comment: 28 pages, LaTeX2e, 8 Postscript figures, submitted to Ap

Authentication and Authorization Considerations for a Multi-tenant Service

Distributed cyberinfrastructure requires users (and machines) to perform some sort of authentication and authorization (together simply known as "auth"). In the early days of com- puting, authentication was performed with just a username and password combination, and this is still prevalent today. But during the past several years, we have seen an evolution of approaches and protocols for auth: Kerberos, SSH keys, X.509, OpenID, API keys, OAuth, and more. Not surpris- ingly, there are trade-offs, both technical and social, for each approach. The NSF Science Gateway communities have had to deal with a variety of auth issues. However, most of the early gateways were rather restrictive in their model of access and development. The practice of using community credentials (certificates), a well-intentioned idea to alleviate restrictive access, still posed a barrier to researchers and challenges for security and auditing. And while the web portal-based gate- way clients offered users easy access from a browser, both the interface and the back-end functionality were constrained in the flexibility and extensibility they could provide. Design- ing a well-defined application programming interface (API) to fine-grained, generic gateway services (on secure, hosted cyberinfrastructure), together with an auth approach that has a lower barrier to entry, will hopefully present a more welcoming environment for both users and developers. This paper provides a review and some thoughts on these topics, with a focus on the role of auth between a Science Gateway and a service provider.National Science Foundation, Grant Numbers 1339774 and 1234408

Report of NSF Workshop Series on Scientific Software Security Innovation Institute

Many individuals attended these workshops and contributed to the writing of this report. They are named in the report itself.Over the period of 2010‐2011, a series of two workshops were held in response to NSF Dear Colleague Letter NSF 10‐050 calling for exploratory workshops to consider requirements for Scientific Software Innovation Institutes (S2I2s). The specific topic of the workshop series was the potential benefits of a security-­‐focused software institute that would serve the entire NSF research and development community. The first workshop was held on August 6th, 2010 in Arlington, VA and represented an initial exploration of the topic. The second workshop was held on October 26th, 2011 in Chicago, IL and its goals were to 1) Extend our understanding of relevant needs of MREFC and large NSF Projects, 2) refine outcome from first workshop with broader community input, and 3) vet concepts for a trusted cyberinfrastructure institute. This report summarizes the findings of these workshops.This material is based upon work supported by the National Science Foundation under grant number 1043843. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science

CBR Anisotropy from Primordial Gravitational Waves in Two-Component Inflationary Cosmology

We examine stochastic temperature fluctuations of the cosmic background radiation (CBR) arising via the Sachs-Wolfe effect from gravitational wave perturbations produced in the early universe. We consider spatially flat, perturbed FRW models that begin with an inflationary phase, followed by a mixed phase containing both radiation and dust. The scale factor during the mixed phase takes the form $a(\eta)=c_1\eta^2+c_2\eta+c_3$, where $c_i$ are constants. During the mixed phase the universe smoothly transforms from being radiation to dust dominated. We find analytic expressions for the graviton mode function during the mixed phase in terms of spheroidal wave functions. This mode function is used to find an analytic expression for the multipole moments $\langle a_l^2\rangle$ of the two-point angular correlation function $C(\gamma)$ for the CBR anisotropy. The analytic expression for the multipole moments is written in terms of two integrals, which are evaluated numerically. The results are compared to multipoles calculated for models that are {\it completely} dust dominated at last-scattering. We find that the multipoles $\langle a_l^2\rangle$ of the CBR temperature perturbations for $l>10$ are significantly larger for a universe that contains both radiation and dust at last-scattering. We compare our results with recent, similar numerical work and find good agreement. The spheroidal wave functions may have applications to other problems of cosmological interest.Comment: 28 pgs + 6 postscript figures, RevTe

CBR Temperature Fluctuations Induced by Gravitational Waves in a Spatially-Closed Inflationary Universe

Primordial gravitational waves are created during the de Sitter phase of an exponentially-expanding (inflationary) universe, due to quantum zero-point vacuum fluctuations. These waves produce fluctuations in the temperature of the Cosmic Background Radiation (CBR). We calculate the multipole moments of the correlation function for these temperature fluctuations in a spatially-closed Friedman-Robertson-Walker (FRW) cosmological model. The results are compared to the corresponding multipoles in the spatially-flat case. The differences are small unless the density parameter today, $\Omega_0$, is greater than 2. (Submitted to Physical Review D).Comment: 18 pages of RevTex + 3 uuencoded postscript figure

2011 Report of NSF Workshop Series on Scientific Software Security Innovation Institute

Over the period of 2010-2011, a series of two workshops were held in response to NSF Dear Colleague Letter NSF 10-050 calling for exploratory workshops to consider requirements for Scientific Software Innovation Institutes (S2I2s). The specific topic of the workshop series was the potential benefits of a security-focused software institute that would serve the entire NSF research and development community. The first workshop was held on August 6th, 2010 in Arlington, VA and represented an initial exploration of the topic. The second workshop was held on October 26th, 2011 in Chicago, IL and its goals were to 1) Extend our understanding of relevant needs of MREFC and large NSF Projects, 2) refine outcome from first workshop with broader community input, and 3) vet concepts for a trusted cyberinfrastructure institute. Towards those goals, the participants other 2011workshop included greater representation from MREFC and large NSF projects, and, for the most part, did not overlap with the participants from the 2010 workshop. A highlight of the second workshop was, at the invitation of the organizers, a presentation by Scott Koranda of the LIGO project on the history of LIGO’s identity management activities and how those could have benefited from a security institute. A key analysis he presented is that, by his estimation, LIGO could have saved 2 senior FTE-years of effort by following suitable expert guidance had it existed. The overarching finding from the workshops is that security is a critical crosscutting issue for the NSF software infrastructure and recommended a security focused activity to address this issue broadly, for example a security software institute (S2I2) under the SI2 program. Additionally, the 2010 workshop participants agreed to 15 key additional findings, which the 2011 workshop confirmed, with some refinement as discussed in this report.NSF Grant # 1043843Ope

Federated Identity Management for Research Collaborations

This white-paper expresses common requirements of Research Communities seeking to leverage Identity Federation for Authentication and Authorisation. Recommendations are made to Stakeholders to guide the future evolution of Federated Identity Management in a direction that better satisfies research use cases. The authors represent research communities, Research Services, Infrastructures, Identity Federations and Interfederations, with a joint motivation to ease collaboration for distributed researchers. The content has been edited collaboratively by the Federated Identity Management for Research (FIM4R) Community, with input sought at conferences and meetings in Europe, Asia and North America