Published July 10, 2022 | Version 1.0
Report Open

The Federated Identity Management Cookbook

  • 1. RENCI
  • 2. Indiana University


One of the basic tasks any Cyberinfrastructure (CI) has to handle is the problem of keeping track of who the users are, what they’re allowed to do, and whether it’s likely they are who they say they are. This is the core of Identity Management, usually abbreviated as IdM. At the simplest, it might be a list of users and passwords on a computer in the back of a lab. National Science Foundation (NSF) Major Facilities (MFs), on the other hand, may have many kinds of users in large numbers of subgroups, many overlapping, some mutually exclusive, and with complicated rulesets determining membership. The problem becomes worse when we face the challenge of applying those rulesets to a large number of data products, instruments, and CI resources. Managing this constellation of capabilities becomes time consuming and prone to errors with substantial impacts.

The goal of this document is twofold. First, we want to provide a few time-tested recipes for building IdM capabilities. This is indeed where our title comes from. Secondly, this report can serve as a quick introduction and primer on topics in IdM with references for further learning.


This work was supported by the National Science Foundation (NSF) Grant #2127548: CI Compass: An NSF Cyberinfrastructure (CI) Center of Excellence for Navigating the Major Facilities Data Lifecycle and NSF Grant #1920430: Trusted CI, the NSF Cybersecurity Center of Excellence.


idm cookbook final.pdf

Files (3.1 MB)

Name Size Download all
3.1 MB Preview Download