Globus Auth Issues One Billion Tokens
March 02, 2021 | Susan Tussy
Research Data Management. Simplified.
In order to leverage the ever-increasing vast amounts of data, breaking down research silos and integrating research services becomes essential. Key to accomplishing this goal is to simplify data access by using existing identities. Globus Auth - a platform service offered by Globus - enables resources like NCAR, XSEDE, and Petrel to do just that. In the five years since its launch Globus Auth has grown to over 231,000 unique users, issued over one billion access tokens, and now issues over one million new tokens daily.
Our community is also growing in leaps and bounds. Globus users can now use one of over 1,100 Identity Providers (IdPs) to authenticate to the service, and developers have registered more than 60,000 applications and services with Globus Auth. In 2020 alone, there were over 300,000 logins from Identity providers such as Google (more than 63,000) and XSEDE (over 41,000). We recently integrated IdPs from notable institutions such as the USGS in the U.S. Department of the Interior, the NIH eRA Commons, the Australian Government’s Commonwealth Scientific and Industrial Research Organisation (CSIRO), and New Zealand’s Tuakiri federation.
We recently released the Globus GCS OpenID Connect (OIDC) server. This is exciting because it allows users to integrate their local authentication mechanism with Globus Connect Server v5. Administrators can now allow users to log in with their local Linux identities (or LDAP identities) to access collections hosted on an endpoint. Globus GCS OIDC uses the Linux Pluggable Authentication Module (PAM), which administrators can configure for a variety of authentication use-cases. More information about this feature can be found in the Globus Connect Server v5.4 OIDC Server Installation Guide.
We are constantly expanding our world-class identity and access management platform for researchers. For example, Globus Auth has always supported Multi-Factor Authentication (MFA) for those IdPs that have it enabled, and MFA support is now being extended to high-assurance (HA) endpoints. This feature will allow Globus administrators to require MFA authentication from users for access to their HA endpoints, providing them with greater security for their protected data. Keep an eye out for this feature in an upcoming release announcement!