Over the past year, Fermilab has refined the way it shares information over the web. Most of our web-based information is no longer accessible to the general public. Information that must be publicly available can only be shared from the specially built Public Zone, a completely separate web infrastructure where public versions of DocDB, SharePoint and the Fermilab web exist. An example of a website in the Public Zone is the Technical Publications website. For further information about the Public Zone, please see this article.
All other information is restricted and requires authorization as determined by the information owner. Information may need to be accessible to just a few individuals, an experimental collaboration or the entire Fermilab community. To ensure only properly authorized people may access the information, we authenticate people’s identities through the Fermilab Single Sign On (SSO) mechanism using Services accounts.
However, Fermilab also needs to share information with scientists from other institutions, members of the HEP community, most of whom do not have Services accounts. A robust way to share information with this community is through federation, in which Fermilab accepts individuals’ login credentials from other institutions. As proofs of concept, we have done this for CERN, DOE, Jefferson Lab and SLAC (through Stanford University). For an example, see the Projects DocDB SSO login page, which accepts Fermilab Services accounts or credentials from the other organizations. It is now possible to grant access to specific individuals from any of these institutions, anyone from one of these institutions or anyone from any of these institutions.
Although elegant in use, setting up federation is a time-consuming process. Individually federating with every institution around the world would be impossible. Thankfully, eduGAIN provides a solution. Federating with eduGAIN enables us to automatically connect with its thousands of participating institutions. We expect to have eduGAIN federation in place by the end of 2022.
Comments, questions? Please contact Heath O’Connell, email@example.com.