Upload
sally
View
52
Download
0
Tags:
Embed Size (px)
DESCRIPTION
TF-EMC 2 Lyon - 14/02/2011. Presenter or main title…. Accessing e-Infrastructure. Session Title or subtitle…. Christopher Brown Digital Infrastructure. e-Infrastructure Programme. April 2006 – March 2009 Followed UK’s 5 year investment in e-Science infrastructure Aims: - PowerPoint PPT Presentation
Citation preview
Presenter or main title…Session Title or subtitle…
TF-EMC2 Lyon - 14/02/2011
Accessing e-Infrastructure
Christopher BrownDigital Infrastructure
April 2006 – March 2009 Followed UK’s 5 year investment in e-Science infrastructure Aims:
– Increase the benefits to, and use of, e-Infrastructure by a wider user base
– Ensure that e-Infrastructure builds on and shares common core services – Explore the ways in which the benefits of the capabilities being
developed in grid computing can be transferred to other domains 4 thematic areas:
– Community engagement and support– e-Infrastructure security– Grid services and tools– Knowledge organisation and semantic services
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
e-Infrastructure Programme
14/02/2011 Slide 2
Aims to facilitate UK research by providing access to a broad range of computational and data based resources.
Deliver a production quality e-infrastructure to support academic research across all Higher Education Institutes (HEIs) in the UK
Provide core services to enable collaborative access to computing and data resources in support of UK researchers
Ensures UK researchers can efficiently exploit computing facilities across the globe – developed partnerships with infrastructures in EU, US, etc.
http://www.ngs.ac.uk/
http://www.flickr.com/photos/14171139@N08/2041447039/sizes/z/in/photostream
National Grid Service (NGS)
14/02/2011 Slide 3
Free to use for UK academics Joining process:
– Apply for your personal e-Science Certificate from the UK Certification Authority
– Download your certificate into your browser– Apply for a NGS Grid Account– Backup your Certificate and Private Key from your browser– Run the Certificate Wizard to set up your computer– Get started using NGS tools
http://www.ngs.ac.uk/
http://www.flickr.com/photos/chough/3600381635/sizes/m/in/photostream/
National Grid Service (NGS)
14/02/2011 Slide 4
To deliver into production a Shibboleth based infrastructure for the NGS, to enable HEI users/researchers to access NGS resources using their institutional identities as provided through membership of the UK federation. Goals:
– Broaden the NGS user base.– Easier access for researchers who are not technology specialists– Easier support for the Service Provider– Prevent unauthorised access– Deliver a production service
Access to NGS resources:– People use X.509 Certificates– Trusted globally – IGTF– Sometimes seen as challenging to use
http://http://www.flickr.com/photos/pjh/187636402/sizes/z/in/photostream//
SARoNGS (Jan 2008 – March 2009)
14/02/2011 Slide 5
In SARoNGS– People who have certificates can keep using them– Created transparently for people who don’t– Users don’t even know they have certificates
What’s in it for you?– Users get non-certificate access to the NGS, mainly via portals– SPs can hook into NGS SP/portal (if you wish), particularly if you require
X.509– Use NGS’ VO management infrastructure– Non-UK federations: can be reused
http://www.jisc.ac.uk/whatwedo/programmes/einfrastructure/sarongs.aspx https://cts.ngs.ac.uk/
http://www.flickr.com/photos/dicknella/503494947/
SARoNGS
14/02/2011 Slide 6
4main activities
– to provide grid authentication tied to the UK AMF (a new service based upon outputs from the ShibGrid project)
– to link this authentication token with VO attributes from the grid computing domain – to translate attributes within the context of UK AMF into attributes suitable for
consumption by grid computing infrastructures (a new service based upon the outputs of the SHEBANGS project)
– to demonstrate these via both subject based and generic demonstrator applications
http://www.flickr.com/photos/brothermagneto/3528084605/sizes/z/in/photostream/
SARoNGS
SHEBANGS
VPMan
ShibGrid
MIMAS
Grid Authn Translate attributes
Authorisation Demonstrator
SARoNGS
14/02/2011 Slide 7
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
CTS MyProxy
User and management portals
The NGS Grid
VO Management
CTS access control
research resources(MIMAS)
SARoNGS Architecture
14/02/2011 Slide 8
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 9
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 10
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 11
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 12
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 13
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 14
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
SARoNGS Architecture
14/02/2011 Slide 15
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
Demo
14/02/2011 Slide 16
VRE funded project Connects different institutional portals through Access Grid (AG) technologies Connection through AG venues managed by VOMS certificates Using SARoNGS for OneVRE VO Management
– User logs in to portal using Proxy Cert issued by SARoNGS, includes all the VOs the user is a member of
– VOs are basis for accessing the AG virtual venues on OneVRE servers– OneVRE also allows users to securely share data and apps across
different AG and OneVRE servers http://wiki.rcs.manchester.ac.uk/community/OneVRE
http://www.flickr.com/photos/kubina/471164507/sizes/z/in/photostream/
OneVRE
14/02/2011 Slide 17
Certs are only as good as the material on which they are based NGS would’ve liked to have the SARoNGS CA to become accredited with the
IGTF like the UK e-Science CA. Not possible:
– Permitted reuse of eduPersonTargetedId – Names are not published– Id Management Policies too numerous/varied– Revocation vs Lifetime
http://www.flickr.com/photos/kubina/471164507/sizes/z/in/photostream/
Limitations of the SARoNGS Grid Credentials
14/02/2011 Slide 18
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
CollaborationGFIVO
CUCKOO
NGSSARoNGSSHINTAUVPMAN
IdentificationUK federation
OpenID ReviewNAMES
Data SharingASPiS
ES-LoAiREADAGASTSPIDER
PersonalisationGOLDDUST
DPIE2
IdentityThe Identity
Project
Past
14/02/2011 Slide 19
AIM Programme
1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011) Focus:
– Process– Policy– Technology
Objectives
– Build foundations for production systems that universities might adopt in the future
– Prepare the sector for future developments– Improve user experience– Increase value and make AIM relevant to wider community – Enable integrated systems architecture– Develop practical tools to enable AIM
14/02/2011 | Slide 20
Exploring Innovative new areas
http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
AIM Programme
UK Access Management Federation – Support– Expand– Improve– Increase uptake
Funding– Shibboleth Consortium (JISC, Internet2, SWITCH)
• Technical roadmap• Governance mechanisms• Operate open source project => Shibboleth Foundation?
– Extending Access Mgmt into BCE– Publisher Support– WAYFless URLs
14/02/2011 Slide 21http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/
AIM Projects – NGS
A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service– Develop proxy certificate auditing infrastructure that supports
monitoring/auditing use of proxy credential• General usage monitoring• Patterns of use and prediction of misuse• Exploit and harden existing software for this
• Globus Incubator project• Extensions to support
• VO-specific monitoring and usage• Resource-specific monitoring and usage
– Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects
• includes usage of NGS, ScotGrid, TeraGrid, D‐Grid
Wie JieThames Valley University 15 months
14/02/2011 Slide 22http://www.flickr.com/photos/argonne/4244642347/sizes/m/in/photostream/
AIM Projects – Web Services
Fiona CullochEDINA 12 months
14/02/2011 Slide 23http://www.flickr.com/photos/aqua-marina/840167789/sizes/m/in/photostream/
WSTIERIA (Web Services Tiered Internet Authorization )– Make web services work with UK federation – Investigating two approaches:
• using “façade” to handle authentication• new Shib features to invoke web service between SPs
– Tested on two application domains:• Geospatial web service (SEE-GEO)• WebDAV (widely deployed remote file-access protocol layered on
HTTP)– Community Benefit
• Web services interoperate with FAM• Improve end-user experience by application componentization
– Real components need authorization• Access presently hidden web services
– Discussing with MIMAS, SDSS, Shibboleth
AIM Projects – Social Net and Shib
Identity and Access Management using Social Networking Technologies– FOAF is an RDF (Resource Description Framework) vocabulary mainly
aimed at describing links between people and memberships– produce a functional WebID (formerly FOAF+SSL) based Authentication
system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids
– Bridge to SAML/Shibboleth• Converting information available in RDF into SAML attributes
– e.g. WebID URI into eduPersonPrincipalName– Easy to derive membership of a project or (virtual) organisation based on
the FOAF relations– Easier ad-hoc collaborations (potentially with people outside the federation
too)
Mike JonesUniversity of Manchester 9 months
14/02/2011 Slide 24http://www.flickr.com/photos/marc_smith/4511843933/sizes/m/in/photostream/
Any questions?
14/02/2011 Slide 25