Speaker
Description
HEPS, the High Energy Photon Source, is one of the key national major scientific and technological infrastructures undertaken by the Institute of High Energy Physics (IHEP) of the Chinese Academy of Sciences during the 13th Five-Year Plan period. It stores electron beam energy of 6 GeV and the first phase of construction includes 14 user beamlines, providing high-energy, high-brightness, and high-coherence synchrotron radiation with energy up to 300 kiloelectron volts. Additionally, IHEP possesses multiple large-scale facility installations such as the Beijing Synchrotron Radiation Facility (BSRF) and the China Spallation Neutron Source (CSNS) across different campuses, with intercommunication between the campuses. The complex issues arising from the distributed multi-campus and multi-source authentication, including personnel information and data security, pose significant challenges to the authentication system.
To address these challenges, the HEPS authentication system integrates user information from the Chinese Academy of Sciencesd Large Research Infrastructures User Service Platform (LSSF), CSNS, IHEP, and HEPS. This integration allows scientists to use the same set of account credentials across different campuses for tasks such as experiment application, computation, reconstruction, and result retrieval.
The system implements dynamic permission management, where each account is assigned independent permissions to determine its access rights to data and experiments. Given the interdisciplinary research background and the complexity of user identities, some users may be involved in multiple experiments simultaneously. Therefore, account permissions can be requested by the users and, upon approval by experiment administrators, are written into the account information in real-time. This ensures flexible, unified, and efficient transmission of user information.
Login anomaly detection is an essential aspect of account security, considering the large and complex personnel information involved. Compared to traditional anomaly detection methods, the HEPS authentication system incorporates deep learning-based algorithms that combine user habits, behaviors, and other characteristics to further improve the accuracy of anomaly login detection, safeguarding normal scientific research activities.
To facilitate the increasing domestic and international collaborations, enabling convenient and efficient login to the HEPS system for personnel from different universities, research institutes, and organizations is the first step towards enhancing experimental efficiency. By joining the CERNET Authentication and Resource Sharing Infrastructure (CARSI) domestically and Education Global Authentication Infrastructure (EduGAIN) internationally, the HEPS authentication system enables seamless login for experiment users, laying a solid foundation for smooth experimental operations.
In conclusion, the HEPS authentication system has undergone upgrades and functionality expansions in various aspects to address these challenges. It provides strong support for the successful operation and research of HEPS, offering convenience and security for scientists' experimental activities.