Scientific workflows have become highly heterogenous, leveraging distributed facilities such as High Performance Computing (HPC), Artificial Intelligence (AI), Machine Learning (ML), scientific instruments (data-driven pipelines) and edge computing. As a result, Identity and Access Management (IAM) and Cybersecurity challenges across the diverse hardware and software stacks are growing. Nevertheless, scientific productivity relies on lowering access barriers via seamless, single sign-on (SSO) and federated login while ensuring access controls and compliance. We present an implementation of a federated IAM solution, which is coupled with multiple layers of security controls, multi-factor authentication, cloud-native protocols, and time-limited role-based access controls (RBAC) that has been co-designed and deployed for the Isambard-AI and HPC supercomputing Digital Research Infrastructures (DRIs) in the UK. Isambard DRIs as a national research resource are expected to comply with regulatory frameworks. Implementation details for monitoring, alerting and controls are outlined in the paper alongside selected user stories for demonstrating IAM workflows for different roles.
翻译:科学工作流已变得高度异构,广泛利用高性能计算(HPC)、人工智能(AI)、机器学习(ML)、科学仪器(数据驱动管道)及边缘计算等分布式设施。因此,跨多样化硬件与软件栈的身份与访问管理(IAM)及网络安全挑战日益严峻。然而,科学生产力依赖于通过无缝单点登录(SSO)与联邦登录降低访问壁垒,同时确保访问控制与合规性。本文提出一种联邦IAM解决方案的实现,该方案结合多层安全控制、多因素认证、云原生协议以及有时限的基于角色的访问控制(RBAC),专为英国Isambard-AI与HPC超级计算数字研究基础设施(DRI)协同设计与部署。作为国家研究资源,Isambard DRI需符合监管框架要求。本文详述了监控、告警与控制的具体实施方案,并通过选定的用户案例展示了面向不同角色的IAM工作流程。