Request for IDAC OIDC

alec_b612 · February 26, 2026, 6:00pm

Hi Rubin team,

We reviewed RTN-003 and related authentication/authorization guidance (including DMTN-253), and we’re implementing our cutout workflow to be compliant for proprietary Rubin data access as an IDAC.

At a high level, we are:

enforcing authenticated access with org context,
requiring Rubin-linked user identity/entitlement checks for proprietary cutout access,
ensuring proprietary cutout outputs are not exposed publicly.

Could you please register two OIDC clients for us:

adam-api-rubin-prod
Redirect URI: https://adam-api.app.b612.ai/api/users/rubin/link/callback/
adam-api-rubin-dev
Redirect URI: https://adam-api-oidc.dev.b612.ai/api/users/rubin/link/callback/

We’ll route local developer testing through that single dev callback host, so two client credentials should be sufficient.

Please confirm this setup is acceptable, and if there are specific required scopes/claims you want us to rely on for entitlement checks.

Thanks.

alec_b612 · March 11, 2026, 6:01pm

Hello,
I’m updating this thread to see what next steps we might need to take to qualify.

Cheers and thank you,
Alec

knutago · March 11, 2026, 9:02pm

Hi Alec,

Can you indicate which IDAC you’re representing, and give some background on it?

Thanks, Knut Olsen

alec_b612 · March 11, 2026, 9:19pm

Sure, I represent Asteroid Institute at the B612 Foundation. We are requesting to become an authorized IDAC.

I am happy to provide whatever information is requested. I could not locate an official process in the documentation.

knutago · March 11, 2026, 11:16pm

Hi again,

So you might have a look at this pair of documents:

https://rtn-003.lsst.io – Guidelines for IDACs
and
https://rtn-086.lsst.io – Bulk data transfer policies and procedures.

IDACs are generally expected to be centers designed to serve broad segments of the Rubin community, and commit to some requirements as laid out in RTN-003. You can see the list of IDACs here: Contributed Computing Resources | Rubin Observatory.

As the B612 Foundation, you may be intending to serve mainly the Solar System Science Collaboration, which is ok, but would fall in the ‘Tier 2’ data transfer priority per RTN-086. At the moment, we’re still working on getting data transfer processes set up for the IDACs listed above, as well as a couple of institutions in the US that are serving a large segment of the Rubin community. It may be a little while before we could work with you to set up data transfers, if you are in this category.

If your intent is to serve a smaller group than a science collaboration, this would fall into Tier 3, and we would ask you to hold on for now.

Cheers Knut

alec_b612 · March 12, 2026, 1:03pm

Hi Knut,
Thanks for the guidance and for pointing us to RTN-003 and RTN-086.

To clarify our immediate ask: we are not requesting bulk transfer or mirrored release copies at this stage. We are specifically trying to support on-demand access to proprietary exposures/cutouts for existing Rubin data-rights holders, with strict access controls and no public redistribution. Our understanding is that the only correct way to do this currently is via the IDAC route.

Our near-term request is therefore for IDAC-style authentication integration (OIDC client pre-registration), not RTN-086 bulk-transfer onboarding. We intend to enforce Rubin-linked identity and data-rights checks per user before serving any proprietary data.

Let me know the correct path here, happy to put in the work.

Alec