Research challenges such as climate change and the search for habitable planets increasingly use academic and commercial computing resources distributed across different institutions and physical sites. Furthermore, such analyses often require a level of automation that precludes direct human interaction, and securing these workflows involves adherence to security policies across institutions. In this paper, we present a decentralized authorization and security framework that enables researchers to utilize resources across different sites while allowing service providers to maintain autonomy over their secrets and authorization policies. We describe this framework as part of the Tapis platform, a web-based, hosted API used by researchers from multiple institutions, and we measure the performance of various authorization and security queries, including cross-site queries. We conclude with two use case studies -- a project at the University of Hawaii to study climate change and the NASA NEID telescope project that searches the galaxy for exoplanets.

翻译：气候变化与宜居行星搜索等科研挑战正日益利用分布在多个机构与物理地点的学术和商业计算资源。此外，此类分析通常需要一定程度的人类无法直接参与的自动化，而保护这些工作流需要在跨机构间遵守安全策略。本文提出一种去中心化授权与安全框架，使研究人员能够利用不同站点的资源，同时允许服务提供商保持其秘密与授权策略的自主性。我们将该框架作为Tapis平台的一部分进行描述——这是一个由多机构研究人员使用的基于Web的托管API，并测量了包括跨站点查询在内的多种授权与安全查询的性能。最后，我们通过两个用例研究进行总结：夏威夷大学气候变化研究项目以及NASA NEID望远镜项目——该项目在银河系中搜索系外行星。