Security

Using open-source tools, the CVRG teams work to create a seamlessly integrated interface to all the tools the CVRG makes available.  Through the use of CILogon and LifeRay, users of the CVRG can authenticate to identity providers and access webpages that are embedded in the CVRG Portal. The components for security are as follows:

InCommon Federation Access

The mission of the InCommon Federation is to create and support a common framework for trustworthy shared management of access to on-line resources in support of education and research in the United States. InCommon is intended to enable production-level end-user access to a wide variety of protected resources.

CILogon Single Sign On

The goal of CILogon is to provide a new service that issues digital credentials to the NSF research community. CILogon allows for authentication through any Identification Provider currently connected to CILogon, not limited to the InCommon or any other Federation. A method for logging into Liferay now exists by which the user first connects to a standalone web application that handles the initial communication and authentication with CILogon. Once the user is authenticated, they are redirected to the Liferay Portal and logged in by means of a custom extension. Through the implementation of this resource, the CVRG allows users to sign into the CVRG Portal with usernames/passwords that they commonly use at their local institution. This reduces the overhead of authentication management by the CVRG while making things much easier for the end user.

Resource Access Authorization

Using components within LifeRay, the CVRG has developed a customizable authorization interface for use by study Principal Investigators, to allow use of tools that they have embedded in the CVRG Portal. This does not control access within the embedded tool, just to the embedded tool.  Authorization within the embedded tool remains within the embedded system, providing flexibility to the CVRG with regard to the tools that can be embedded in the Portal.