About the IGTF
“Research is a global endeavour” – it’s a fact that we take for granted and whose prerequisites we all assume are there: near-instantaneous communication, the exchange of data and knowledge, and the sharing and pooling of resources to achieve our common goals. Increasingly reliant on ICT as an instrument for research in itself, this has resulted in large-scale distributed IT infrastructures for research. From pathfinder projects like EU DataGrid, through long-standing collaborations like PRAGMA, we have entered an age of major IT service infrastructures such as EGI, HPCI, Open Science Grid, PRACE, XSEDE, NeCTAR, and many more. A highly-available and secure infrastructure is essential to ensure maximum research output and minimize the security risks involved in running an open and globally accessible system. Security collaboration and mutual trust are the basis for long-term sustainability, and the Interoperable Global Trust Federation IGTF supports the collaboration of distributed IT infrastructures at a national, regional, and global level.
Why authenticate?
Establishing a trusted set of identity credential providers was one of the first interoperation issues addressed in the pathfinder EU DataGrid. It obviated the need for user registration at each and every resource centre registry. This coordination effort led in 2004 to the establishment of the EUGridPMA and soon thereafer the IGTF. Leveraging a distributed set of trusted authorities, today the IGTF and its members coordinate a highly distributed group of national and regional identity providers, who are intimately familiar with the local environment, know their user base, and can work with national resource centres to collect requirements. Being local, they can ensure appropriate identity vetting, adapt to local customs and legislation, and even arrange for meetings when issuing credentials for a user, and do so via a documented and standard process that inspires the trust required by resource providers.
The IGTF thus consists of close to a hundred members: accredited authorities, relying parties, and key global stakeholders, organised in three regional policy management authorities:
- APGridPMA - covering the Asia-Pacific region from India to New Zealand
- EUGridPMA - covering Europe, the Middle East and Africa
- TAGPMA - covering all of the Americas from Alaska to Patagonia
The IGTF also encourages trust through the adoption of ‘best practices’ for other key elements of the infrastructure: management of community attributes, the operation of credential stores and user credential management, and the integration of research and education federations for the use in distributed IT infrastructures for research. Taking the requirements of researchers and the resource centres (our relying parties) and matching them with the capabilities and requirements of our trusted identity authorities – both of whom are full members of the IGTF policy management authorities – we establish the minimum requirements for the global trust fabric. Participation by cross-national and global relying parties and infrastructures is explicitly encouraged.
With our closely affiliated groups, such as the Security Collaboration among Infrastructures (SCI) group, the Open Grid Forum working groups in the security area, TERENA and the TERENA-operated registry TACAR, and the global R&E federation and AAI comunity, we hope to aid interoperation, encourage trust, and keep the IT infrastructures available and secure.