LLMpediaThe first transparent, open encyclopedia generated by LLMs

LCMAPS

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: VOMS Hop 5
Expansion Funnel Raw 54 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted54
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
LCMAPS
NameLCMAPS
DeveloperArgonne National Laboratory; Lawrence Berkeley National Laboratory
Initial release2003
Latest release2010s
Programming languageC (programming language), XML
Operating systemLinux, Unix
LicenseBSD license

LCMAPS

LCMAPS is an authentication and authorization mapping service originally created to mediate grid identity and local account mappings for high-performance computing and distributed research infrastructures. It provides a pluggable framework to translate remote credentials into local accounts using policy modules, and integrates with batch systems, file systems, and portal software. The project influenced middleware stacks used by projects such as the Open Science Grid, European Grid Infrastructure, and select National Laboratories services.

Overview

LCMAPS was designed as a modular mapping service to bridge federated identity assertions and local account credentials. It accepts inputs such as X.509 certificates, Kerberos tickets, and virtual organization attributes from systems like Grouper and translates them into local account names, group assignments, and session attributes. The architecture emphasized pluggability, auditability, and policy-driven decision making to support use in environments operated by institutions such as Fermilab, CERN, and Brookhaven National Laboratory.

History and Development

Development began in the early 2000s at Argonne National Laboratory and Lawrence Berkeley National Laboratory to meet needs of large collaborations including Large Hadron Collider experiments and astrophysics consortia. Early deployments interworked with middleware projects such as Globus Toolkit and influenced security components of the Open Science Grid and the Enabling Grids for E-sciencE project. Over time, contributions and integrations were made alongside software from HTCondor, Torque (software), and SLURM Workload Manager, and the codebase incorporated lessons from operational deployments at National Energy Research Scientific Computing Center and other sites.

Architecture and Functionality

LCMAPS implements a pipeline of modules that perform mapping, account selection, and credential provisioning. Core components handle inputs from transport stacks like GridFTP and authentication sources such as Shibboleth and GSI (Grid Security Infrastructure), invoking policy modules to consult sources including LDAP, static mapping files, and virtual organization membership services like VOMS. Outputs include local UNIX account names, supplementary group lists, and temporary credentials for file systems such as GPFS and Lustre. The design supports audit trails compatible with site policies at institutions like Los Alamos National Laboratory and Sandia National Laboratories.

Use Cases and Applications

LCMAPS has been used to provide mapped accounts for batch job submission to schedulers including HTCondor, PBS Professional, and Slurm, and to gate access to distributed storage systems used by collaborations such as ATLAS (particle detector), CMS (Compact Muon Solenoid), and LSST. It facilitated federated access for multi-institution projects funded by DOE programs and coordinated with identity federations like InCommon and eduGAIN for campus integrations. Research projects in computational chemistry, climate modeling linked to NOAA, and computational biology leveraged LCMAPS-enabled gateways to provide consistent local identity handling across partner sites including NERSC and university clusters such as University of Chicago and University of California, Berkeley.

Implementation and Deployment

Administrators install LCMAPS as part of middleware stacks on head nodes, gateways, or service endpoints; deployments frequently paired it with GSI-enabled services, GridFTP endpoints, and job submission front-ends like GRAM (Globus Resource Allocation Manager). Configuration is managed via XML and site-specific module configuration files, allowing sites such as SLAC National Accelerator Laboratory and Brookhaven National Laboratory to enforce institutional policies, use LDAP directory lookups, or consult local accounting databases. Interoperability tests and operational runbooks were exercised in collaboration with projects like Open Science Grid and European Middleware Initiative.

Limitations and Criticisms

Critics highlighted that LCMAPS' reliance on legacy stacks such as Globus Toolkit and X.509-centric models limited adoption as federated models evolved toward OAuth 2.0 and OpenID Connect flows used by cloud providers like Amazon Web Services and Google Cloud Platform. Operational complexity, XML-based configuration, and the need for site-specific module maintenance posed challenges for smaller institutions and projects such as university clusters lacking dedicated middleware staff. Security reviews by laboratory security teams pointed to the need for tighter integration with modern identity federations like eduGAIN and attribute authorities to reduce local policy drift. Despite these criticisms, LCMAPS influenced later access-mapping components and informed designs in middleware modernization efforts at organizations like CERN and Fermilab.

Category:Grid computing Category:Authentication systems