LLMpediaThe first transparent, open encyclopedia generated by LLMs

Globus Nexus

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CILogon Hop 5
Expansion Funnel Raw 89 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted89
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Globus Nexus
NameGlobus Nexus
DeveloperUniversity of Chicago; Argonne National Laboratory; Globus (project)
Initial release2011
Latest release2020s
Programming languagePython (programming language); JavaScript
PlatformCloud computing; RESTful web services
LicenseBSD license; Apache License

Globus Nexus Globus Nexus is a cloud-hosted identity and profile management service that provides federated identities, group management, and authentication brokering for scientific research communities, linking accounts across National Science Foundation, Department of Energy, European Grid Infrastructure, XSEDE, and research facilities such as Argonne National Laboratory. It serves as an identity hub used by projects like Open Science Grid, S3 (storage service), and HDF5-related collaborations, enabling interoperability among services including Google Cloud Platform, Microsoft Azure, and cloud-based platforms at Lawrence Berkeley National Laboratory. The service supports integration with institutional credentials from InCommon, eduGAIN, and research infrastructures like CERN and EMBL-EBI.

Overview

Globus Nexus operates in the ecosystem connecting identity providers such as ORCID, GitHub, Google (company), Microsoft (company), and institutional identity federations including InCommon and eduGAIN to science gateways like Galaxy (bioinformatics), data repositories like Zenodo, compute centers such as Oak Ridge National Laboratory, and workflow systems like Apache Airflow. It is positioned alongside services like OAuth 2.0, OpenID Connect, and Shibboleth while complementing authorization tools used in Earth System Grid Federation and Sage Bionetworks projects. Stakeholders include consortia such as XSEDE and funding agencies like NSF and DOE Office of Science.

Architecture and Components

The architecture of Globus Nexus uses microservices and REST APIs built on frameworks influenced by Django (web framework), Flask (web framework), and Tornado (web server), storing records in databases comparable to PostgreSQL and indexing via systems like Elasticsearch. It exposes APIs modeled after OAuth 2.0 and OpenID Connect and integrates with messaging and event systems akin to RabbitMQ and Apache Kafka for asynchronous updates between components used by projects like Globus Transfer and Globus Auth. Core components include an Identity Registry, Group Service, Profile Store, and OAuth client management, interacting with authentication stacks deployed in Amazon Web Services, Google Cloud Platform, and private clouds run by National Center for Supercomputing Applications.

Identity and Access Management

As an identity hub, Globus Nexus links identities from providers including ORCID, Twitter, GitHub, and institutional SAML providers such as InCommon members (e.g., University of Michigan, Stanford University). It implements delegated authorization patterns used by OAuth 2.0 and tokens similar to those in JSON Web Token ecosystems, enabling fine-grained access control for groups mirrored after collaborations like LIGO Scientific Collaboration and Human Genome Project. Group management resembles models used by COmanage and Apache Ranger, supporting nested groups and role attributes required by projects like OpenStack-based deployments and research data services at Pacific Northwest National Laboratory.

Deployment and Integration

Deployments of Globus Nexus have occurred on cloud platforms such as Amazon Web Services, Microsoft Azure, and institutional clouds at Lawrence Livermore National Laboratory and Los Alamos National Laboratory, with integration examples at University of Chicago-hosted gateways and Argonne National Laboratory science portals. Integration adapters connect to identity federations like eduGAIN and directories such as LDAP instances maintained by CERN or universities like Massachusetts Institute of Technology and University of California, Berkeley. It interfaces with data transfer services including Globus Transfer, storage systems like Ceph, and workflow managers used in Galaxy (bioinformatics) and Nextflow pipelines.

Use Cases and Applications

Research collaborations in fields like astronomy (e.g., Large Synoptic Survey Telescope workflows), genomics (e.g., 1000 Genomes Project data portals), climate science (e.g., Coupled Model Intercomparison Project), and high-energy physics (e.g., ATLAS experiment) use Globus Nexus to manage federated identities, group membership, and permissioned data sharing. Science gateways such as CyVerse, analysis platforms like Jupyter Notebook, and repository services like Figshare and Zenodo have used identity brokering for single sign-on and group-managed access to computational resources at centers like Oak Ridge National Laboratory and National Energy Research Scientific Computing Center.

Security and Compliance

Security practices for Globus Nexus align with frameworks adopted by NIST and compliance regimes referencing FISMA and guidance from DOE Office of the Chief Information Officer for research services. Authentication mechanisms leverage standards such as SAML 2.0, OAuth 2.0, and OpenID Connect, with token management consistent with JSON Web Token usage and auditing workflows similar to those in Splunk-based monitoring. Operational security involves integrations with identity proofing efforts like ORCID verification and adherence to privacy expectations articulated by organizations such as European Commission data protection guidance.

History and Development

Globus Nexus originated from the Globus (project) initiated at University of Chicago and Argonne National Laboratory to support data movement and identity federation for computational science, evolving alongside projects like Globus Transfer and Globus Auth. Early funding and adoption were supported by National Science Foundation and Department of Energy collaborations, with deployments at facilities including Argonne National Laboratory and Oak Ridge National Laboratory. Development drew on identity research from institutions such as Internet2 and software engineering practices from open-source ecosystems like Apache Software Foundation, with community contributions from universities including University of Illinois Urbana–Champaign and University of Wisconsin–Madison.

Category:Identity management