Enhancing the earth system grid security infrastructure through single sign-on and autoprovisioning

In this paper, we discuss recent development and implementation efforts by the Earth System Grid (ESG) concerning its security infrastructure. ESG's requirements are to make user logon as easy as possible and to facilitate the integration of security services and Grid components for both developers and system administrators. To meet that goal, we leverage existing primary authentication mechanisms, deploy a "lightweight" but secure OpenID WebSSO, deploy a "lightweight" X.509-PKI, and use autoprovisioning to ease the burden of security configuration management. We are close to completing the associated development and deployment.