MyProxy oAuth

November 15, 2011   |  Vas Vasiliadis

In collaboration with the XSEDE Project, Globus Online is happy to announce support for MyProxy oAuth, an authentication and x509 credential retrieval service developed by the MyProxy Team at NCSA.

MyProxy oAuth allows users to delegate their credentials to Globus Online using their MyProxy accounts via 3-legged oAuth. 3-legged oAuth is quite similar to OpenID or Facebook Connect. When a user chooses to activate their endpoints with a MyProxy oAuth provider, Globus Online will redirect the user to the provider's website where the user can enter his or her MyProxy username and password. Once authenticated, the provider's website will redirect the user back to Globus Online with an indication that the user was successfully authenticated by the provider. What makes MyProxy oAuth especially attractive for Globus Online users is that it eliminates the need to enter MyProxy passwords into Globus Online to delegate credentials for endpoint activation. As part of the  authentication handshake, MyProxy oAuth will issue Globus Online a short-lived token that it can use to securely retrieve a copy of a user's MyProxy credential for this purpose. Today, all XSEDE endpoints have been enabled for use with XSEDE MyProxy oAuth in both our website and our command-line interface (CLI). We encourage other projects to install MyProxy oAuth for use with their endpoints to help us insure a more secure and robust transfer experience.