How A*STAR is enhancing the research ecosystem in Singapore: Federated Identity Management System
The Information Technology Shared Services (ITSS) team at the Agency for Science, Technology and Research (A*STAR) in Singapore has developed a web-based system for automated authentication and authorisation for end-users of the National Super Computing Centre (NSCC) resources at the Institutes of Higher Learning (IHLs) in Singapore.
The Federated Identity Management (FIM) System allows staff, researchers, and students at A*STAR, National University of Singapore (NUS), Nanyang Technological University (NTU), Singapore University of Technology and Design (SUTD), and Singapore Management University (SMU) to access e-Resources offered by the NSCC and SingAREN, without the need to change existing usernames or passwords of their home IHLs.
NSCC manages Singapore’s first national petascale facility with high performance computing (HPC) resources to support science and engineering computing needs for academic, research and industry communities, while SingAREN is the sole provider of local and international networks dedicated for serving the Research and Education community in Singapore. SingAREN’s members consist of the Institutions of Higher Learning (IHLs), Research Organizations, Government and network industry players.
The proposed solution has been adopted by NSCC since it is a proven working system. The solution is well-connected and integrated seamlessly with the existing systems, as compared to the commercial products available in the market.
The identity management system removes the risk of user keying errors, as the users are automatically authenticated against their home organisation. The system not only allows the members to sign-on to the NSCC facilities, but also supports the users to access services across various organisations, such as A*STAR, NUS, NTU, SUTD.
This project provides significant benefits for the end user, service provider and Identity provider.
The end-user gets an improved user experience by accessing more services, and there is no need for them to remember additional passwords.
The service provider can easily interface with the system, thereby saving significant time in creating user accounts to access the new services. Identity provider is the one who manages the single identity management system (user accounts and passwords etc.), while allowing their valid users to access more services in the federation.
Researchers, faculty staff and students from stakeholder organisation of NSCC can self-register their accounts, anytime and anywhere (Web Single Sign - On or WebSSO), immediately using their existing Username and Passwords of the host organisation. This FIM User Portal also helps to periodically verify the user access rights of staff – such as password changes every 3 months - due to built-in security features.
In the absence of the FIM system, it would be a highly tedious process to register thousands of user accounts from different organisations. Thus, FIM improves the overall staff productivity, and also saves time and money. Furthermore, this provides the option to add more organisations into the FIM system.
Through the FIM implementation, a total cost savings of about S$250, 000 has been achieved, as it eliminated the need to buy a commercial software available in the market. The amount of $250,000 cost savings has been considered based on the customer quotation received from Centrify.
The FIM system also provides faster access to global scientific databases and libraries. The system provides a ‘File Sender’ facility, a secure collaboration ‘Dropbox’ for sending/ receiving big files globally.
Professor Tan Tin Wee, Chief Executive, NSCC, praised the FIM system, saying, “FIM provides an opportunity for everyone in our stakeholder institutions to have an universal access to NSCC supercomputers at the level of most basic of resources, i.e., able to try it out, educate themselves on the supercomputer, write and compile software, run very small test jobs, learn how to submit jobs etc.”