Gravitational Wave Research Boosted by Seamless Virtual Identity and Access Management (IAM)
Image credit: Caltech/MIT/LIGO Lab
Today's globally distributed scientific research requires seamless access to remote instruments and data repositories from thousands of participating scientists worldwide. Data from experiments all over the world must be accessible to those who need to collaborate, but also limited to only those who are trusted to collaborate.
The international scale and distribution of scientists, instruments and data involved in gravitational-wave astrophysics research generates a major challenge in managing collaborators' credentials and access to shared data, resources, and scientific support services.
To help break down these barriers, researchers and institutions use Identity and Access Management (IAM) solutions created by the Internet2 community, enabling seamless and trusted collaborations with hundreds of astronomers across the globe.
- LIGO Scientific Collaboration (LSC) consisting of over 1,300 collaborators at 112 institutions in 20 countries
- Laser Interferometer Gravitational Wave Observatory (LIGO)
- California Institute of Technology
- Massachusetts Institute of Technology
- gw-astronomy.org-operated by the Leonard E. Parker Center for Gravitation, Cosmology and Astrophysics at the University of Wisconsin - Milwaukee
Products & Services
- InCommon Federation
- National Science Foundation (NSF)
- Research grants from funding agencies in 20 countries and other sources
Image credit: LIGO Laboratory
Globally-distributed gravitational-wave astrophysics requires seamless access to remote instruments and data repositories by thousands of participating scientists worldwide. The Laser Interferometer Gravitational-Wave Observatory (LIGO) is a major component of the field. Funded by the U.S. National Science Foundation (NSF), the LIGO Laboratory is a national facility designed to open the field of gravitational-wave astrophysics through the direct detection of gravitational waves predicted by Einstein's General Theory of Relativity. Comprised of the world's largest precision optical instruments and a massive international research cohort, LIGO is widely considered a marvel of engineering and human ingenuity.
LIGO research is carried out by a group of over 1,300 scientists at 112 institutions in the United States and 19 other countries, known as the LIGO Scientific Collaboration (LSC). LIGO's multi-kilometer-scale gravitational wave detectors provide opportunities for the broader scientific community to participate in detector development, observation, data analysis, and astrophysical interpretation-using laser interferometry to measure the minute ripples in space-time caused by passing gravitational waves from cataclysmic cosmic sources such as the mergers of pairs of neutron stars or black holes, or by supernovae.
Image credit: NSF/LIGO/Sonoma State University/A. Simonnet
These world-class instruments and scientists have recently announced two of the most significant scientific discoveries of our time. In 2016, a group of LIGO researchers announced (and later earned a Nobel Prize in Physics) the the first direct evidence of gravitational waves-confirming predictions made by Albert Einstein a century before. And in 2017, the first observations of colliding binary neutron stars was announced-marking the first time a cosmic event has been viewed in both gravitational waves and light.
"We began with an unmanageable, non-scalable infrastructure for authentication, authorization, and identity management in general. There was a need to enable more sophisticated authorization to important LIGO computing resources."
The challenge of securely sharing resources within such a large, dynamic, and distributed research community is formidable. Within LIGO research groups alone, over 200 research servers are provided worldwide-enabling shared data and varied scientific support services such as metadata, logbooks, analysis code repositories, wikis, mailing lists, and identity and access management services. This international network of researchers must be able to access these resources in real-time, anytime, and each user's identity must be verified.
Image credit: LIGO Laboratory
The large number of partners and the distributed nature of data involved in this virtual collaboration generated a major challenge in managing the online identities of the vast number of colleagues needing access to critical and sensitive data.
Further, LIGO needed to find a single, coherent way of tracking complex group memberships and relationships among the various distributed organizations, data sources, and researchers-and ease the authorization management for more than 1,300 LIGO members accessing more than 200 services.
Seamless access, streamlined processes, and trusted collaboration for hundreds of distributed astrophysicists are being enabled by Identity and Access Management (IAM) tools created by the Internet2 community. LIGO, in particular, uses several IAM tools created by the Internet2 community to support its hundreds of distributed scientists around the world.
In 2011, LIGO joined InCommon-Internet2's federated identity management infrastructure-helping to ease the burden of authentication and provide secure and seamless access to a set of shared services for global collaborators outside of LIGO. This provides the single sign-on convenience of using existing credentials from a user's home university or research organization. LIGO then paired COmanage and Shibboleth with InCommon for provisioning, de-provisioning and group management.
Federated identity is a mechanism by which people can use credentials issued by their home institutions to authenticate locally, then be authorized for access by the resource provider. The single sign-on environment protects privacy and sends only the necessary information to an online resource to establish access.
For instance, if a scientist from the University of Wisconsin (UW) wants to log in to a LIGO data server, the LIGO server would redirect the scientist to the UW Identity provider (IdP). The scientist enters his or her UW username and password, the UW IdP notifies the LIGO data server that the person is authenticated and supplies some basic information (name, email address, unique id). The LIGO data server then proceeds to make authorization decisions about the resources available to that scientist.
Additionally, by selecting Grouper and Shibboleth to manage information about user groups, memberships, and roles for its 1,300 member-scientists accessing more than 200 services, LIGO gains the ability to manage and delegate group memberships and make the appropriate authorization decisions for each particular member.
Federated identity has been widely used by universities and other educational institutions for years and is well-suited for distributed research and virtual organizations.
To advance this groundbreaking research even further, LIGO envisions a future where all gravitational wave scientists collaborate even more closely, enabling the best possible scientific outcomes through the seamless sharing of data and resources with the help of federated identity. In fact, LIGO has recently made a commitment to the U.S. National Science Foundation to greatly increase the use of federated identity in its operations, based on the benefits it sees for research.
This will be especially important to enable seamless integration with international researchers, such as those at the new LIGO facility being built in India and partner projects like KAGRA in Japan. Federated Identity work is underway with both of these countries (and others) to enhance access and collaboration with the broader cohort, spurred by participation in eduGAIN, which interconnects identity federations around the world.
To this end, LIGO strongly encourages all gravitational wave and related communities to use federated identity to facilitate gravitational wave science-including taking these important steps toward that goal:
Participation in national research and education identity federations (available in most nations) by all institutions and organizations doing gravitational wave science;
Participation of all federations in eduGAIN, to allow for the federation of identities across national borders;
Adoption of research-friendly standards, like the Research and Scholarship Entity Category and the SIRTFI security specification, by all identity providers supporting research.
LIGO believes these steps will enable the best possible international and cross-collaboration science, paving the way for future groundbreaking discoveries.
About the Laser Interferometer Gravitational-Wave Observatory (LIGO)
LIGO is designed to open the field of gravitational-wave astrophysics through the direct detection of gravitational waves predicted by Einstein's General Theory of Relativity. LIGO's multi-kilometer-scale gravitational wave detectors use laser interferometry to measure the minute ripples in space-time caused by passing gravitational waves from cataclysmic cosmic sources such as the mergers of pairs of neutron stars or black holes, or by supernovae. LIGO consists of two widely separated interferometers within the United States-one in Hanford, Washington and the other in Livingston, Louisiana-operated in unison to detect gravitational waves.
LIGO is a national facility for gravitational-wave research, providing opportunities for the broader scientific community to participate in detector development, observation, and data analysis. LIGO is funded by the U.S. National Science Foundation and operated by the California Institute of Technology (Caltech) and the Massachusetts Institute of Technology (MIT).
Research is carried out by the LIGO Scientific Collaboration (LSC), a group of more than 1,300 scientists at 112 institutions in United States and 19 other countries.
To learn more about LIGO, visit: https://www.ligo.caltech.edu/