Using your identity¶

Your collaboration identity is used to authenticate you and authorise access to collaboration services, both via your web browser, and from software applications. Typically in your browser, you will need to use the username and password associated with your identity to gain access to services.

Outside of the browser a number of different technologies are used to authenticate and authorise access based on your identity.

What types of credentials are there?¶

IGWN Computing services that allow non-browser access should support one or more of the following credential types.

Kerberos¶

Kerberos is a network authentication protocol supported by a number of IGWN Computing services. Users can generate a ticket-granting ticket tied to their identity that can be used to authenticate against services.

For more details, see Kerberos.

SciTokens¶

SciTokens is a capability-based authorisation system whereby tokens are issued that grant access to perform specific actions on specific services (for example to query for segment information from the Segment Database).

For more details, see SciTokens.

X.509¶

The IGWN collaborations rely heavily on a technology standard called X.509 to authenticate users and authorise access to data and services.

In a typical workflow, users authenticate using their institutional or collaboration identity to create an X.509 credential that is valid for a short amount of time (normally a few days). This credential can then be leveraged to gain access to various computing centres and services.

For more details, see X.509 Authentication.