23 research outputs found
SciTokens: Capability-Based Secure Access to Remote Scientific Data
The management of security credentials (e.g., passwords, secret keys) for
computational science workflows is a burden for scientists and information
security officers. Problems with credentials (e.g., expiration, privilege
mismatch) cause workflows to fail to fetch needed input data or store valuable
scientific results, distracting scientists from their research by requiring
them to diagnose the problems, re-run their computations, and wait longer for
their results. In this paper, we introduce SciTokens, open source software to
help scientists manage their security credentials more reliably and securely.
We describe the SciTokens system architecture, design, and implementation
addressing use cases from the Laser Interferometer Gravitational-Wave
Observatory (LIGO) Scientific Collaboration and the Large Synoptic Survey
Telescope (LSST) projects. We also present our integration with widely-used
software that supports distributed scientific computing, including HTCondor,
CVMFS, and XrootD. SciTokens uses IETF-standard OAuth tokens for
capability-based secure access to remote scientific data. The access tokens
convey the specific authorizations needed by the workflows, rather than
general-purpose authentication impersonation credentials, to address the risks
of scientific workflows running on distributed infrastructure including NSF
resources (e.g., LIGO Data Grid, Open Science Grid, XSEDE) and public clouds
(e.g., Amazon Web Services, Google Cloud, Microsoft Azure). By improving the
interoperability and security of scientific workflows, SciTokens 1) enables use
of distributed computing for scientific domains that require greater data
protection and 2) enables use of more widely distributed computing resources by
reducing the risk of credential abuse on remote systems.Comment: 8 pages, 6 figures, PEARC '18: Practice and Experience in Advanced
Research Computing, July 22--26, 2018, Pittsburgh, PA, US
Symbiotic Futures: Health, Well-being and Care in the Post-Covid World
The "Symbiotic Futures: Health, Well-being and Care in the Post-Covid World" project was jointly conceived by the Innovation School at Glasgow School of Art and the Institute of Cancer Sciences at the University of Glasgow. The project partnership involved a community of experts working across both organisations including the University of Glasgowâs new Mazumdar-Shaw Advanced Research Centre (ARC).
Future experiences is a collaborative, futures-focused design project where students benefit from the input of a community of experts to design speculative future worlds and experiences based on research within key societal contexts.
This iteration of the project asked the students to consider what happens in the Post-Covid landscape ten years from now, where symbiotic experiences of health, well-being and care have evolved to the extent that new forms of medical practice, health communities and cultures of care transform how we interact with each other, with professionals and the world around us.
The GSA Innovation Schoolâs final year BDes Product Design students and faculty formed a dynamic community of practice with health, wellbeing and care practitioners and researchers from The University of Glasgow and beyond. This gave the students the opportunity to reflect on the underlying complexities of the future of health, well-being and care, technological acceleration, human agency and quality of life, to envision a 2031 blueprint as a series of six future world exhibits, and design the products, services and system experiences for the people and environments within it.
In the first part of the project (Stage 1), Future worlds are groups of students working together on specific topics, to establish the context for their project and collaborate on research and development. In this iteration of Future Experiences, the "Health, Well-being and Care" worlds were clustered together around âPeople focusedâ and âEnvironment focusedâ, but also joined up across these groups to create pairs of worlds, and in the process generate symbiosis between the groups. These worlds were then the starting points which the students explored in their individual projects.
The second part of the project (Stage 2) saw individual students select an aspect of their Future World research to develop as a design direction, which they then prototyped and produced as products, services, and/or systems. These are designed for specific communities, contexts or scenarios of use defined by the students to communicate a future experience.
These Future experiences reflect the societal contexts explored during the research phase, projected 10 years into the future, and communicated in a manner that makes the themes engaging and accessible.
The deposited materials are arranged as follows:
1. Project Landscape Map - A report and blueprint for the project that gives a visual overview of the structure and timeline of the project.
2. Stage one data folders - the data folders for stage one of the project are named after the themes the groups explored to create their Future Worlds.
3. Stage two data folders - the data folders for stage two of the project are named after the individual students who created the project
An OAuth service for issuing certificates to science gateways for TeraGrid users
In this paper, we present a TeraGrid OAuth service, integrated with the TeraGrid User Portal and TeraGrid MyProxy service, that provides certificates to science gateways. The OAuth service eliminates the need for TeraGrid users to disclose their TeraGrid passwords to science gateways when accessing their individual TeraGrid accounts via gateway interfaces. Instead, TeraGrid users authenticate at the TeraGrid User Portal to approve issuance of a certificate by MyProxy to the science gateway they are using. We present the design and implementation of the TeraGrid OAuth service, describe the underlying network protocol, and discuss design decisions and security considerations we made while developing the service in consultation with TeraGrid working groups and staff
Capability-Based Authorization for HEP
Outside the HEP computing ecosystem, it is vanishingly rare to encounter user X509 certificate authentication (and proxy certificates are even more rare). The web never widely adopted the user certificate model, but increasingly sees the need for federated identity services and distributed authorization. For example, Dropbox, Google and Box instead use bearer tokens issued via the OAuth2 protocol to authorize actions on their services. Thus, the HEP ecosystem has the opportunity to reuse recent work in industry that now covers our needs. We present a token-based ecosystem for authorization tailored for use by CMS.
We base the tokens on the SciTokens profile for the standardized JSON Web Token (JWT) format. The token embeds a signed description of what capabilities the VO grants the bearer; the site-level service can verify the VOâs signature without contacting a central service.
In this paper, we describe the modifications done to enable token-based authorization in various software packages used by CMS, including XRootD, CVMFS, and HTCondor. We describe the token-issuing workflows that would be used to get tokens to running jobs in order to authorize data access and file stageout, and explain the advantages for hosted web services. Finally, we outline what the transition would look like for an experiment like CMS
Prevalence of Electronic Health Records in U.S. Hospitals
This work provides prevalence estimates for electronic health record (EHR) systems within U.S. hospitals in 2008. Specifically, we identify the set of information technology (IT) applications that provide the technological pre-conditions for hospitals' achievement of meaningful use. We estimate a set of descriptive and multivariate analyses to identify the organizational attributes that are significantly related to EHR adoption. In addition to considering IT applications individually, we consider the cumulative adoption by hospitals. Our results suggest that most U.S. hospitals continue to lack the technological pre-conditions for achieving meaningful use. Approximately 72% of hospitals had adopted three or fewer of these key applications. Furthermore, we observe some evidence of complementarities between IT and other production inputs. Finally, ownership status, system affiliation, and geographic location are all significantly related to IT adoption. These results provide a useful benchmark for pending IT investments resulting from health reform
Martina Thomas, 1924-1995: painter
Contents:
Preface
Biography
Epitome
Martina's family and Martina's locations
Colour, colour and more colour
The artist: Painting with Marty, and Joy in jugs and harmony in harbour