Globus Auth is a foundational identity and access management platform service designed to address unique needs of the science and engineering community. It serves to broker authentication and authorization interactions between end-users, identity providers, resource servers (services), and clients (including web, mobile, desktop, and command line applications, and other services).
Globus Auth thus makes it easy, for example, for a researcher to authenticate with one credential, connect to a specific remote storage resource with another identity, and share data with colleagues based on another identity. By eliminating friction associated with the frequent need for multiple accounts, identities, credentials, and groups when using distributed cyberinfrastructure, Globus Auth streamlines the creation, integration, and use of advanced research applications and services. Globus Auth builds upon the OAuth 2 and OpenID Connect specifications to enable standards-compliant integration using existing client libraries. It supports identity federation models that enable diverse identities to be linked together, while also providing delegated access tokens via which client services can obtain short term delegated tokens to access other services.
Many research communities have adopted Globus Auth to facilitate access to their resources and services, including the JetStream cloud, XSEDE, NCAR's Research Data Archive, and FaceBase.
Explore Globus Auth
- Read our paper describing the design and implementation of Globus Auth
- Use the Globus Auth Developer's Guide to get started.
- Globus SDK for Python: Documentation · Source Code
- Experiment with the platform via Jupyter notebooks
- Globus Auth API Reference
- The Modern Research Data Portal, a new design pattern for providing secure, scalable, and high performance access to research data, is built using Globus platform services