wiki:ESGF

Version 9 (modified by pjkersha, 10 years ago) (diff)

--

Security Architecture for the Earth System Grid Federation

This page covers collaboration work carried out by the BADC with the ESGF partner organisations for the ESGF to develop an architecture for federated identity management and access control.

Architectural Overview

source:TI12-security/trunk/NDGSecurity/documentation/ESGF/ESGSecurityOverview.png

Authentication

The Earth System Grid security architecture supports OpenID and PKI based authentication for services. For OPeNDAP based services like TDS, the server side is configured with a filter which intercepts requests and applies these authentication schemes. OpenID based authentication is suited to interactive login with a browser, whilst PKI based authentication is more suited to non-user interactive clients such as scripts or other programs. The diagram below shows the interactions in a sequence:

source:TI12-security/trunk/NDGSecurity/documentation/ESGF/OPeNDAPSSLAuthentication.png