1 / 11

FIM-related activities and issues being discussed in Japan

FIM-related activities and issues being discussed in Japan. GEO Grid Yoshio Tanaka (AIST) HPCI, GakuNin Eisaku Sakane , Kento Aida (NII). Global Earth Observation (GEO) Grid. Web2.0 based User Interface. Provide data via OGC Standards. Grid-based Infrastructure.

anthea
Download Presentation

FIM-related activities and issues being discussed in Japan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FIM-related activities and issues being discussed in Japan • GEO GridYoshio Tanaka (AIST) • HPCI, GakuNinEisakuSakane, Kento Aida (NII)

  2. Global Earth Observation (GEO) Grid Web2.0 based User Interface Provide data via OGC Standards Grid-based Infrastructure

  3. Current Grid-based Implementation of ASTER Data Services user account (GAMA) server TDRS VO (VOMS) server WFS WCS GRAM GridFTP GEO Grid Cluster L0 L0 L0 L0 L0 L0 L0 L0 L0 L0 L0 L0 username/password OpenID X.509 Certificate login Terra/ASTER Account DB VO DB credential APAN/TransPAC portal server GET exec query GSI + VOMS ERSDIS/NASA GSI + VOMS GSI + VOMS OGSA DAI CSW WMS GIS server map server catalogue/ metadata server gateway server Data Maps Meta data Storage (DEM)

  4. Towards Cloud-based implementation • GEO Grid is in operation supporting academic users, but there is a strong demand for make easy federation of satellite data for business use. • Re-designing GEO Grid security • GSI does not fit well with Web services and clouds. • GSI is still not easy to install/configure, especially at the server side. • Basic idea is to use OpenID + OAuth2.0 (OpenID Connect)

  5. Issues being discussed related FIM • LoA of OpenID providers • Do we need a common guidelines/profiles for both IdP and AuthZ Services as IGTF did? • The answer must be yes, but who and how do we do this? • How do we connect to HPCI (High Performance Computing Infrastructure) which is based on GSI? • Technically possible (e.g. SLCS/MICS), but not easy in policy level. • What are the issues to be solved? I believe that these issues are described in the FIM document and look forward to keep in touch.

  6. HPCI in Japan • High Performance Computing Infrastructure (HPCI) • national project promoted by Ministry of Education, Culture, Sports, Science and Technology (MEXT) in Japan • distributed computing infrastructure for high performance computing • “K computer”, supercomputers and high performance storage • first production level infrastructure for high performance computing in Japan • Roadmap – Mar 2011 basic design • network, authentication, user management, shared storage, testbed for advanced software • Apr – Dec 2011 detailed design • Jan – Aug 2012 test operation • Sep 2012 – production level operation

  7. HPCI Overview (at Sep. 2012) user management authentication CA system HPCI ID registration HPCI acct. shib. SP review proposals apply certificate portal acct. registration certificaterepository shib. IdP single sign-on shib. IdP shib. IdP helpdesk shib. SP HPCISecretariat (organized in 2011) computer resource computer resource computer resource NII AICS (K-computer) Supercomputer Centers in 9 Universities shared storage network infrastructure AICS, U. Tokyo More resources will be connected after 2012.

  8. Authentication • The goal is enabling single sign-on computer resources and shared storage in HPCI. • survey of existing software technologies and operation of grid infrastructures • account management • centralized or distributed? portal sign-on the portal with HPCI acct. HPCI acct/password single sign-on user (2) ssh login to computers without password % gsi-ssh host.univ.ac.jp • login to computers • access to shared storage

  9. Shibboleth + GSI • Shibboleth for account management of HPCI • HPCI account = account to sign-on HPCI • federation of HPCI accounts managed in distributed way using Shibboleth • Supercomputer centers play the role of IdP. • NII plays the role of SP that provides a certificate issuance. • A user has a HPCI account in one supercomputer center. • Grid Security Infrastructure (GSI) for single sign-on • de facto in grid communities • enabling single sign-on using PKI • creating proxy certificate and delegation • mapping “Distinguished Name (DN)” in a client certificate and a local account name (LN) in supercomputer centers

  10. 学認GakuNin • Academic Access Management Federation in Japan • A federation for academic e-resources • universities who are users of academic e-resources • organizations like publishers, who are providers of such e-resources • E Journal • Issuance of certificate, e.g., server certificate • Issuance of account, e.g., wireless LAN • e-Learning • On-campus system • This federation is realized by Shibboleth. • 35 IdPs and about 60 SPs in production level • about 60 IdPs in test

  11. Issues • Federation between GakuNin and HPCI • Can users of HPCI access academic services provided in Gakunin? • HPCI users are not only academic but also industrial. • Some users of supercomputer may have two IDs for on-campus system and supercomputer. • Currently, each ID is managed independently because a supercomputer center in a university provides resources to not only users belonging to same university. • Should these be unified? Can these be unified? • Credential translation between GeoGrid and HPCI • 9 supercomputers & NII: Shibboleth + GSI • GeoGrid: OpenID connect • We plan to evaluate a translation service provided by GakuNin, which translates Shibboleth credential to OpenID connect credential.

More Related