Research challenges such as climate change and the search for habitable planets increasingly use academic and commercial computing resources distributed across different institutions and physical sites. Furthermore, such analyses often require a level of automation that precludes direct human interaction, and securing these workflows involves adherence to security policies across institutions. In this paper, we present a decentralized authorization and security framework that enables researchers to utilize resources across different sites while allowing service providers to maintain autonomy over their secrets and authorization policies. We describe this framework as part of the Tapis platform, a web-based, hosted API used by researchers from multiple institutions, and we measure the performance of various authorization and security queries, including cross-site queries. We conclude with two use case studies -- a project at the University of Hawaii to study climate change and the NASA NEID telescope project that searches the galaxy for exoplanets.

翻译：诸如气候变化和宜居行星搜索等研究挑战，日益需要利用分布于不同机构及物理地点的学术与商业计算资源。此外，此类分析往往要求一定程度的自动化，从而排除了直接人工交互的可能性，而保障这些工作流的安全涉及跨机构间安全策略的遵守。本文提出了一种去中心化授权与安全框架，该框架使研究人员能够利用不同站点的资源，同时允许服务提供商对其密钥及授权策略保持自主权。我们描述了该框架作为Tapis平台的一部分——一个基于Web的托管API，供来自多个机构的研究人员使用——并测量了各类授权与安全查询（包括跨站点查询）的性能。最后，我们通过两个案例研究进行总结：夏威夷大学研究气候变化的一个项目，以及扫描银河系寻找系外行星的NASA NEID望远镜项目。