Andrew Prout, W. Arcand, David Bestor, Bill Bergeron, C. Byun, V. Gadepally, Michael Houle, M. Hubbell, Michael Jones, Anna Klein, P. Michaleas, Lauren Milechin, J. Mullen, Antonio Rosa, S. Samsi, Charles Yee, A. Reuther, J. Kepner
{"title":"Securing HPC using Federated Authentication","authors":"Andrew Prout, W. Arcand, David Bestor, Bill Bergeron, C. Byun, V. Gadepally, Michael Houle, M. Hubbell, Michael Jones, Anna Klein, P. Michaleas, Lauren Milechin, J. Mullen, Antonio Rosa, S. Samsi, Charles Yee, A. Reuther, J. Kepner","doi":"10.1109/HPEC.2019.8916255","DOIUrl":null,"url":null,"abstract":"Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user’s more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.","PeriodicalId":184253,"journal":{"name":"2019 IEEE High Performance Extreme Computing Conference (HPEC)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE High Performance Extreme Computing Conference (HPEC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPEC.2019.8916255","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Federated authentication can drastically reduce the overhead of basic account maintenance while simultaneously improving overall system security. Integrating with the user’s more frequently used account at their primary organization both provides a better experience to the end user and makes account compromise or changes in affiliation more likely to be noticed and acted upon. Additionally, with many organizations transitioning to multi-factor authentication for all account access, the ability to leverage external federated identity management systems provides the benefit of their efforts without the additional overhead of separately implementing a distinct multi-factor authentication process. This paper describes our experiences and the lessons we learned by enabling federated authentication with the U.S. Government PKI and In Common Federation, scaling it up to the user base of a production HPC system, and the motivations behind those choices. We have received only positive feedback from our users.
联邦身份验证可以大大减少基本帐户维护的开销,同时提高整个系统的安全性。与用户在其主要组织中更频繁使用的帐户集成,既为最终用户提供了更好的体验,又使帐户折衷或关联中的更改更容易被注意到并采取行动。此外,随着许多组织将所有帐户访问转换为多因素身份验证,利用外部联邦身份管理系统的能力提供了他们努力的好处,而无需单独实现不同的多因素身份验证过程的额外开销。本文描述了我们通过启用美国政府PKI和In Common Federation的联合身份验证,将其扩展到生产HPC系统的用户群,以及这些选择背后的动机所获得的经验和教训。我们只收到了用户的积极反馈。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
