Case Study

Gravitational Wave Research Boosted by Seamless Virtual Identity

February 2018

SOLUTION SUMMARY

Today’s globally distributed scientific research requires seamless access to remote instruments and data repositories from thousands of participating scientists worldwide. Data from experiments all over the world must be accessible to those who need to collaborate, but also limited to only those who are trusted to collaborate.

The international scale and distribution of scientists, instruments and data involved in gravitational-wave astrophysics research generates a major challenge in managing collaborators’ credentials and access to shared data, resources, and scientific support services.

To help break down these barriers, researchers and institutions use Identity and Access Management (IAM) solutions created by the Internet2 community, enabling seamless and trusted collaborations with hundreds of astronomers across the globe. 

COLLABORATORS

PRODUCTS & SERVICES

COMMUNITY RESOURCES

FUNDING RESOURCES

THE PROJECT

Globally-distributed gravitational-wave astrophysics requires seamless access to remote instruments and data repositories by thousands of participating scientists worldwide. The Laser Interferometer Gravitational-Wave Observatory (LIGO) is a major component of the field. Funded by the U.S. National Science Foundation (NSF), the LIGO Laboratory is a national facility designed to open the field of gravitational-wave astrophysics through the direct detection of gravitational waves predicted by Einstein’s General Theory of Relativity. Comprised of the world’s largest precision optical instruments and a massive international research cohort, LIGO is widely considered a marvel of engineering and human ingenuity. 

LIGO research is carried out by a group of over 1,300 scientists at 112 institutions in the United States and 19 other countries, known as the LIGO Scientific Collaboration (LSC). LIGO’s multi-kilometer-scale gravitational wave detectors provide opportunities for the broader scientific community to participate in detector development, observation, data analysis, and astrophysical interpretation-using laser interferometry to measure the minute ripples in space-time caused by passing gravitational waves from cataclysmic cosmic sources such as the mergers of pairs of neutron stars or black holes, or by supernovae.

These world-class instruments and scientists have recently announced two of the most significant scientific discoveries of our time. In 2016, a group of LIGO researchers announced (and later earned a Nobel Prize in Physics) the first direct evidence of gravitational waves-confirming predictions made by Albert Einstein a century before. And in 2017, the first observations of colliding binary neutron stars were announced-marking the first time a cosmic event has been viewed in both gravitational waves and light.

THE PROBLEM

“We began with an unmanageable, non-scalable infrastructure for authentication, authorization, and identity management in general. There was a need to enable more sophisticated authorization to important LIGO computing resources.”
–Scott Koranda, senior scientist at the University of Wisconsin-Milwaukee

The challenge of securely sharing resources within such a large, dynamic, and distributed research community is formidable. Within LIGO research groups alone, over 200 research servers are provided worldwide-enabling shared data and varied scientific support services such as metadata, logbooks, analysis code repositories, wikis, mailing lists, and identity and access management services. This international network of researchers must be able to access these resources in real-time, anytime, and each user’s identity must be verified.

The large number of partners and the distributed nature of data involved in this virtual collaboration generated a major challenge in managing the online identities of the vast number of colleagues needing access to critical and sensitive data. 

Further, LIGO needed to find a single, coherent way of tracking complex group memberships and relationships among the various distributed organizations, data sources, and researchers-and ease the authorization management for more than 1,300 LIGO members accessing more than 200 services.  

THE SOLUTION

Seamless access, streamlined processes, and trusted collaboration for hundreds of distributed astrophysicists are being enabled by Identity and Access Management (IAM) tools created by the Internet2 community. LIGO, in particular, uses several IAM tools created by the Internet2 community to support its hundreds of distributed scientists around the world.

“LIGO collaborates with astronomers all over the globe who are looking at the sky at the same time, but with different types of instruments, and who need ways to share discoveries securely. It is a significant challenge to keep track of LIGO participants, their roles, and what shared resources they have access to. LIGO has employed many tools created by the Internet2 community to help with these daunting tasks, which have become integral parts of LIGO’s daily operations.” –Warren Anderson, LIGO scientist and IAM manager

In 2011, LIGO joined InCommon-Internet2’s federated identity management infrastructure-helping to ease the burden of authentication and provide secure and seamless access to a set of shared services for global collaborators outside of LIGO. This provides the single sign-on convenience of using existing credentials from a user’s home university or research organization. LIGO then paired COmanage and Shibboleth with InCommon for provisioning, de-provisioning and group management. 

Federated identity is a mechanism by which people can use credentials issued by their home institutions to authenticate locally, then be authorized for access by the resource provider. The single sign-on environment protects privacy and sends only the necessary information to an online resource to establish access.

For instance, if a scientist from the University of Wisconsin (UW) wants to log in to a LIGO data server, the LIGO server would redirect the scientist to the UW Identity provider (IdP). The scientist enters his or her UW username and password, the UW IdP notifies the LIGO data server that the person is authenticated and supplies some basic information (name, email address, unique id). The LIGO data server then proceeds to make authorization decisions about the resources available to that scientist.

Additionally, by selecting Grouper and Shibboleth to manage information about user groups, memberships, and roles for its 1,300 member-scientists accessing more than 200 services, LIGO gains the ability to manage and delegate group memberships and make the appropriate authorization decisions for each particular member. 

THE RESULT

Federated identity has been widely used by universities and other educational institutions for years and is well-suited for distributed research and virtual organizations.

To advance this groundbreaking research even further, LIGO envisions a future where all gravitational wave scientists collaborate even more closely, enabling the best possible scientific outcomes through the seamless sharing of data and resources with the help of federated identity. In fact, LIGO has recently made a commitment to the U.S. National Science Foundation to greatly increase the use of federated identity in its operations, based on the benefits it sees for research. 

This will be especially important to enable seamless integration with international researchers, such as those at the new LIGO facility being built in India and partner projects like KAGRA in Japan. Federated Identity work is underway with both of these countries (and others) to enhance access and collaboration with the broader cohort, spurred by participation in eduGAIN, which interconnects identity federations around the world.

To this end, LIGO strongly encourages all gravitational wave and related communities to use federated identity to facilitate gravitational wave science-including taking these important steps toward that goal:

LIGO believes these steps will enable the best possible international and cross-collaboration science, paving the way for future groundbreaking discoveries.

ABOUT THE LASER INTERFEROMETER GRAVITATIONAL-WAVE OBSERVATORY (LIGO)

LIGO is designed to open the field of gravitational-wave astrophysics through the direct detection of gravitational waves predicted by Einstein’s General Theory of Relativity. LIGO’s multi-kilometer-scale gravitational wave detectors use laser interferometry to measure the minute ripples in space-time caused by passing gravitational waves from cataclysmic cosmic sources such as the mergers of pairs of neutron stars or black holes, or by supernovae. LIGO consists of two widely separated interferometers within the United States-one in Hanford, Washington and the other in Livingston, Louisiana-operated in unison to detect gravitational waves.

LIGO is a national facility for gravitational-wave research, providing opportunities for the broader scientific community to participate in detector development, observation, and data analysis. LIGO is funded by the U.S. National Science Foundation and operated by the California Institute of Technology (Caltech) and the Massachusetts Institute of Technology (MIT).

Research is carried out by the LIGO Scientific Collaboration (LSC), a group of more than 1,300 scientists at 112 institutions in United States and 19 other countries.

To learn more about LIGO, visit: https://www.ligo.caltech.edu/