User Identity Mapping for Secure Workflows Spanning Cloud and HPC in the Anvil Supercomputer
Sathvika Kotha, Erik Gough, Rajesh Kalyanam
In the Anvil cloud, users are able to deploy container-based applications as any user id (uid), even root. Anvil’s storage systems use NFS and authorize users based on uid and UNIX permissions. A solution is required that validates a user’s ACCESS identity and runs containers as their assigned Anvil uid so data in the storage system can be securely accessed. We provide a mechanism to integrate federated identity management via CILogon and user identity mapping via LDAP into Kubernetes-based Zero-to-Jupyterhub deployments.