1 / 10

User Support in IGI: Related Tools and Services in Italy

User Support in IGI: Related Tools and Services in Italy. Giuseppe LA ROCCA ( giuseppe.larocca@ct.infn.it ) INFN – Sez. di Catania, Italy. EGI Technical Forum 2011 19-23 September 2011, Lyon Conference Centre, France. Outline. Introduction to the RESTfull “lightweight”crypto library API:

lamya
Download Presentation

User Support in IGI: Related Tools and Services in Italy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Support in IGI: Related Tools and Services in Italy Giuseppe LA ROCCA (giuseppe.larocca@ct.infn.it)INFN – Sez. di Catania, Italy EGI Technical Forum 2011 19-23 September 2011, Lyon Conference Centre, France

  2. Outline • Introduction to the RESTfull “lightweight”crypto library API: • The Architecture; • SW/HW Requirements; • Success stories. • Investigation of new solutions for the design of a general purpose Grid portal for scientific applications; • GriF: a collaborative tool for grid empowered computational applications.

  3. Introduction to the RESTful “lightweight” crypto library API: • The Architecture; • Software Requirements: • Java™ PKCS#11, Bouncy Castle and Java CoG Kits; • JAX-RS 1.2 Java APIs using Jersey implementation; • VOMS-API v.3.0; • Apache Tomcat 6.0.32 as a Web Container; • Success Stories: • The DECIDE, ViralGrid and EUMEDGrid-Support use cases.

  4. Why a RESTful “lightweight” crypto library ? • REST (Representational State Transfer) is nowadays a de facto standard to access distributed resources in a web-affine manner. • Every resources is uniquely represented by a URI: • Eg.: https://infn-lb-01.ct.pi2s2.it:9000/cANG8Wt2C8PYcL6h8YiLRg • The JAX-RS(Java API for RESTful Web Services) specification presented in JSR 311 defines a standard way to deploy RESTful web services; • Jersey is the open source, JAX-RS (JSR 311) Reference Implementation for building RESTful Web services.

  5. Additional SW/HW Requirements … • The Cryptographic Token Interface Standard (PKCS#11) is a standard introduced by RSA Data Security Inc; • It defines native programming interfaces to cryptographic tokens, (hardware cryptographic accelerators, smart cards, … ); • The Bouncy Castle APIs provide support for creating two kinds of X.509 certificates (ver.1 and ver.3); • CoG Kits allow users to provide Globus Toolkit functionality within their code without calling scripts, or in some cases without having Globus installed; • VOMS-Admin library (ver. 3.0), developed in the context of the DILIGENT and D4Science projects, were used for interacting the VOMS server and retrieve the list of groups/roles per VO; • eToken PRO smart cards (32/64KB) with the pki-client software (ver. 4.55-34).

  6. The 4-tier architecture of the “lightweight” crypto library Grid Portals / Science Gateways Client Applications Users

  7. Main Features Deployed on Tomcat Application Server (ver. 6.0.32); SafeNet eToken PRO (32/64KB) smart cards; Thread-safe access to the list of smart cards; SSL encryption using a trusted host certificate; Caching of proxy certificates for each valid requestID = serial + vo + fqan If lifetime (requestID) – threshold > 0the proxy cached will be sent to the Science Gateways Evaluated performance of the server using Apache Jmeter: ~ 6-8 s waiting time for a new proxy; 20 ms for a cached proxy.

  8. The working scenario ask for a service eTokenServer get results store long proxy ask for VOMS AC attributes VOMS Server MyProxy Server (*) SSL encryption list/createrequest (*) retrieveserials/proxy (*) execute service get results

  9. Success Stories • The new crypto libraryis currently used by: • The DECIDE Science Gateway (See the DECIDE demonstration at EGI-UF 2011 here); (Abstract [47] – “The DECIDE project Science Gateway”, on Sept. 20th, 14:00 – 14:15, Rhone 3) • The ViralGrid Science Gateway ( web ); • The EUMEDGRID-Support Service Challenge ( web ) and Science Gateway (Abstract[57] – “The EUMEDGRID-Support User Forum”, on Sept. 23rd, 09:00 – 12:30, Rhone 2)

  10. Thank you!

More Related