NERC DataGrid Security is both an architecture and implementation for federated identity management and access control. It was first developed for the NERC DataGrid and has been extended to support the Earth System Grid Federation under development to support secure access to the federated data archive for CMIP5 (The Coupled Model Intercomparison Project).
- Development Activities
- ESGF: Federated Access control infrastructure for the Earth System Grid Federation, includes architectural overview
- MashMyData: a NERC funded demonstrator project to create a portal environment for users to combine their data with datasets from distributed sources. It will trial access control with multihop delegation in a workflow.
ndg_security Python Packages
- ndg_security: background information, installation and configuration details for the Python code base for NDG Security. It uses the ndg_saml, ndg_xacml and MyProxyClient packages.
ndg_saml Python SAML 2.0 Package
- ndg_saml: The Python SAML 2.0 implementation developed for NDG Security and the Earth System Grid Federation
ndg_xacml Python XACML 2.0 Package
- ndg_xacml: Python implementation of XACML, eXtensible Access Control Markup Language developed for CEDA (Centre for Environmental Data Archival).
ndg_httpsclient Python HTTPS Client Package
- ndg_httpsclient: Alternative HTTPS implementation based on PyOpenSSL for httplib and urllib2.
netCDF C API Extension for SSL based authentication with OPeNDAP
- netCDF C API Extension: modifications to the netCDF API for the Earth System Grid Federation to enable PKI based authentication.
- MyProxyClient: Python implementation of the client interface to the MyProxy Credential Management Service
- MyProxyWebService: a Python WSGI application which presents a HTTPS interface to the MyProxy Credential Management Service logon and get trust roots operations.
MyProxy Credential Translation Service
- MyProxy Credential Translation Service: Pluggable Authentication Module for MyProxy enabling the generation of short-lived user certificates from other authentication assertions.
Configuring and Deploying a Secured PyDAP
Script based download from ESGF secured OPeNDAP Service
- Instructions for downloading data from an ESGF Secured OPeNDAP Service.