Progress in building the secure authentication and authorization infrastructure in CSTCloud
Constructed by CNIC team, CSTCloud AAI (China Science and Technology Cloud Authentication and Authorization Infrastructure) is a progressive system. It facilitates CAS researchers to access internal and external resources and services. Inaugurated in April 2013, CSTCloud ID has connected 819 applications using the OAuth 2.0 protocol and connected more than 95% of CAS institutions with over 1 million registered users. Facing the trends of open science, great potential has been embedded in the re-design and development of a robust federal user identity authentication and authorization system enabling access to global research resources under fair conditions. Therefore, the CSTCloudAAI was launched in 2015 with an online prototype system ready for services developed by 2021. Currently, the deployment of CSTCloud AAI is steady with access to over 20 IDPs from international organizations, CAS institutes, universities, as well as the first five major SPs, such as the CAS Conference Service Platform, the SDG Workbench for CASEarth project, JupyterHub data analytics for GOSC Testbed as well as others. CSTCloudAAI also had a bilateral connection with the European partner EGI based on the GOSC collaboration.
Besides these promising advancements, emerging challenges are also on their way forward. “One of the key future tasks is to re-define the existing reference framework to co-build a trusted, robust and sustained AAI ecosystem for cross-domain interoperability”, says Prof. Li Jianhui, Director of the CSTCloud, during a recent technical discussion with AARC this March. As for the next step, the CSTCloud team will be dedicated to enhancing the capabilities of the authentication and authorization infrastructure based on the application of the X.509 certificate and VO management. Besides, more function modules featuring security control, audit & monitoring will be developed to optimize user-friendliness whilst guaranteeing user privacy control. Moreover, the CSTCLoud AAI team will seek potential international alignment to facilitate research resources flow following mutually trusted policies, guidelines, and protocols. (Xueting Li, Lili Zhang)
For more information about the CSTCloud AAI, please turn to https://aai.cstcloud.net