SOLUTION SUMMARY

The Laser Interferometer Gravitational Wave Observatory (LIGO) project—like many other large, virtual science collaborations—faced a big identity management challenge. Of the available solutions, LIGO chose Grouper as the manageable, scalable infrastructure of choice to handle the complex group access and organizational relationships  their many global partnerships required.

COLLABORATORS

• Laser Interferometer Gravitational Wave Observatory (LIGO)
• LIGO Scientific Collaboration (LSC)
• California Institute of Technology
• Massachusetts Institute of Technology

PRODUCTS & SERVICES

• Grouper

COMMUNITY RESOURCES

• Grouper Working Group
• Middleware Initiative
• Adopting campuses worldwide. See Grouper Community Contributions.

FUNDING SOURCES

• Internet2
• National Science Foundation (NSF) Grant No. OCI-0330626, OCI-0721896, and OCI-1032468
• Joint Information Systems Committee (JISC) (UK)
• University of Chicago, University of Pennsylvania, Duke University, University of Washington, University of Memphis, University of Bristol (UK)

The Laser Interferometer Gravitational Wave Observatory (LIGO) project was created to detect cosmic gravitational waves and to develop gravitational-wave observations as an astronomical tool. LIGO is funded by the National Science Foundation and operated by the California Institute of Technology and the Massachusetts Institute of Technology.

Research is carried out by the LIGO Scientific Collaboration (LSC), a group of nearly 800 scientists at more than 60 institutions in United States and 11 other countries. A German-English project called GEO600 is part of the LSC, and a sister Italian-French project called Virgo is another part of the mix.

THE PROBLEM

The large number of partners involved in this virtual organization created a major challenge in identity management. The LSC needed to find a single, coherent way of tracking complex group memberships and relationships between the LIGO lab, LSC, GEO600, and Virgo.

“We began with an unmanageable, non-scalable infrastructure for authentication, authorization, and identity management in general,” says Scott Koranda, senior scientist at the University of Wisconsin-Milwaukee. “There was a need to manage it primarily to enable more sophisticated authorization to important LIGO and Virgo computing resources.”

THE SOLUTION

“We chose Grouper because of its flexibility, the number and types of interfaces (web services interfaces in particular), and because we could see that it was being solidly developed and supported.”

—Scott Koranda, LIGO Senior Scientist

After reviewing available solutions, the LIGO Scientific Collaboration selected Grouper from Internet2 as the single place where the information about groups, memberships, and (eventually) roles would be housed and from which other pieces of the infrastructure could draw. “We chose Grouper because of its flexibility, the number, and types of interfaces (web services interfaces in particular), and because we could see that it was being solidly developed and supported,” Koranda explains.

Another Grouper advantage is that it reflects membership information into a standard LDAP service. Many of the tools that use the information stored in Grouper can easily query an LDAP server.

THE RESULT

As a result of the LSC identity and access management infrastructure based on Grouper (and leveraging Shibboleth® single sign-on software), new collaborators in the virtual organization can quickly be added as members in a single location. From their identity and group information, and using a streamlined authorization process, access to key resources automatically flows out to scientists throughout the world.

A key lesson learned, says Koranda, is that a collaboration the size of LIGO cannot ignore identity management and all of the related issues, including group membership.

Please note that Funding Sources cover Internet2 involvement only.