The MyProxy Gateway

In 2000, the original My Proxy server was released to provide a centralized way to securely store and delegate grid credentials. In 2009, the OAuth for My Proxy (OA4MP) server was released in response to security concerns expressed by resource providers and a strong trend of science gateways moving to the web. OA4MP provided a standards-based way for users to delegate X.509 credentials from My Proxy to science gateways without exposing user passwords to third-party services. This addressed both a security concern for service providers and a desire by gateway developers for a standards-based approaches to security. While OA4MP solved some problems, it introduced others. The My Proxy Gateway Service (MPG) is a Restful API to My Proxy that picks up where OA4MP left off by supporting OAuth2 credential renewal, attribute insertion, trust root management, language agnostic access patterns, and improved accounting. In this paper we first start by looking at related work and detailing the evolution of My Proxy up to the writing of this paper. Next we briefly describe OAuth2 and highlight the differences between it and OAuth1. After that we describe the MPG, its multiple configurations, and security considerations. We conclude with finishing remarks.