NDG Security

NERC DataGrid Security is both an architecture and implementation for federated identity management and access control. It was first developed for the NERC DataGrid and has been extended to support the Earth System Grid Federation under development to support secure access to the federated data archive for CMIP5 (The Coupled Model Intercomparison Project).


  • ESGF: Federated Access control infrastructure for the Earth System Grid Federation, includes architectural overview
  • MashMyData: a NERC funded demonstrator project to create a portal environment for users to combine their data with datasets from distributed sources. It will trial access control with multihop delegation in a workflow.

Development Activities

ndg_security Python Packages

ndg_saml Python SAML 2.0 Package

  • ndg_saml: The Python SAML 2.0 implementation developed for NDG Security and the Earth System Grid Federation

ndg_xacml Python XACML 2.0 Package

  • ndg_xacml: Python implementation of XACML, eXtensible Access Control Markup Language developed for CEDA (Centre for Environmental Data Archival).

ndg_httpsclient Python HTTPS Client Package

  • ndg_httpsclient: Alternative HTTPS implementation based on PyOpenSSL for httplib and urllib2.

netCDF C API Extension for SSL based authentication with OPeNDAP

  • netCDF C API Extension: modifications to the netCDF API for the Earth System Grid Federation to enable PKI based authentication.


  • MyProxyClient: Python implementation of the client interface to the MyProxy Credential Management Service


  • MyProxyWebService: a Python WSGI application which presents a HTTPS interface to the MyProxy Credential Management Service logon and get trust roots operations.

MyProxy Credential Translation Service


Configuring and Deploying a Secured PyDAP

Script based download from ESGF secured OPeNDAP Service

  • Instructions for downloading data from an ESGF Secured OPeNDAP Service.

ndg_oauth with mod_wsgi