Versions Compared

Old Version 3

changes.mady.by.user Audrey McQuagge

Saved on

compared with

New Version Current

changes.mady.by.user Audrey McQuagge

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What is STAR?

The Science and Technology Authorization Realm (STAR) is an open-source , Keycloak-based identity management and authorization platform supporting NASA research ecosystems. It provides centralized authentication for modern scientific collaboration, bringing together diverse user groups into a single identity ecosystem:

...

By centralizing access control and removing the need for individual applications to build and maintain their own login systems, STAR reduces the IT management burden on project teams. This accelerates scientific collaboration, eliminates password fatigue, and simplifies compliance. The result is a highly available, secure, and user-friendly authentication environment for NASA science.


...

The STAR Impact: Before and After

  • Before STAR: Users suffer from "password fatigue," juggling different credentials for data repositories, collaboration platforms, and analysis tools. Furthermore, application developers are forced to build and maintain isolated security systems, while IT teams spend valuable time resetting passwords and manually onboarding external partners.
  • After STAR: Users experience a seamless, unified login across all participating applications within a tenant's specific ecosystem. Applications never directly handle or store passwords—STAR does the heavy lifting. Meanwhile, project teams are given administrative rights to their own dedicated realm, empowering them to manage user roles and access directly without bearing the underlying security and infrastructure burden.


...

Features of STAR

  • Unified Login Experience: Tenants can provide a unified login experience across their own specific suite of applications and sites. Users authenticate once with their credentials and instantly gain secure access to that tenant's integrated research tools and data repositories without needing separate passwords.
  • Broad Identity Provider Integration: STAR is highly customizable and integrates with a wide array of identity providers to support diverse audiences, including InCommon, ORCID, and Login.gov.

  • One Realm Per Tenant Model:

     Each

    Each onboarded application (or tenant) receives its own dedicated

    Keycloak realm

    authorization realm. Realm administrators have full delegated authority to configure user groups, roles, and authorization profiles within that realm according to their specific audience and access requirements.

  • Standardized Security & Cloud Infrastructure: STAR ensures that individual applications never handle or store passwords directly. Its infrastructure runs natively on AWS and is scaled across multiple availability zones, ensuring it remains highly available to support critical research applications.
  • Protocol Flexibility: STAR supports modern industry-standard authentication protocols, including OIDC (OpenID Connect), SAML 2.0, and OAuth 2.0, making integration straightforward for both cloud-based and on-premises applications.


...

Is STAR Right for Your Project?

STAR works best for applications that require authentication and need to serve a diverse user base.

STAR is a great fit if:

  • You manage multiple user types (internal NASA, university partners, international collaborators).
  • You want to reduce your team's administrative burden (e.g., password resets, managing external access).
  • Your application can communicate via standard authentication protocols (OIDC, SAML, OAuth).
  • You are planning to grow or expect to onboard external collaborators in the future.

STAR may not be a good fit if:

  • Your application is purely public-facing and does not require user authentication.
  • Your system has extreme real-time requirements where milliseconds of latency matter.
  • You are locked into a proprietary authentication system that cannot be changed.
  • Your project has absolutely no development resources available to complete the initial integration.


...

STAR Roadmap

STAR is actively being developed and tested alongside early adopters. The current rollout timeline is:

  • Q1: Prototype with Alpha Users. Core functionality running in a single region, gathering requirements, and testing authentication patterns with early alpha partners.
  • Q2: Operational Prototype. Expanding across internal Science Cloud services, conducting enhanced testing for scalability, latency, and multi-region deployment, and defining the OS integration architecture.
  • Q3: Minimum Viable Product (MVP). STAR reaches production readiness for cloud-based applications, with a finalized operations model, standard provisioning timelines, and ConOps.


...

How to Request a Realm & Get Involved

All levels of engagement are welcome, whether you are ready to integrate today or are just in the early planning stages of a future project.

...