1 / 19

The ASPiS project

The ASPiS project. UK e-Science AHM Oxford, 08 Dec 2009 Jens Jensen, STFC. Who…. Developers: Eric Liao (KCL CeRCH), Andrea Weise (Reading ACET) Others: Roger Downing, STFC e-Science Mark Hedges, KCL CeRCH Adil Hasan, Liverpool Jens Jensen, STFC e-Science. ASPiS.

lan
Download Presentation

The ASPiS project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The ASPiS project • UK e-Science AHM • Oxford, 08 Dec 2009 • Jens Jensen, STFC

  2. Who… • Developers: • Eric Liao (KCL CeRCH), • Andrea Weise (Reading ACET) • Others: • Roger Downing, STFC e-Science • Mark Hedges, KCL CeRCH • Adil Hasan, Liverpool • Jens Jensen, STFC e-Science

  3. ASPiS • iRODS as datastore • SSO login via Shibboleth • PERMIS access control policy • Provenance metadata in PASOA • Funded by JISC

  4. Target Users • Arts and Humanities • STFC facilities • Was Diamond Light Source (no IdP) • Now ISIS Neutron Source • SRB users on the National Grid Service

  5. User Shib service Apache iRODS PASOA PERMIS PDP Disk

  6. Shib loginSo what does it do? • Single password • Password managed by home institution • S.E.P. • Home institution provides attrs • ASPiS can use these for access control • And for provenance

  7. User Authentication Home (institution) National Grid User

  8. Shibboleth login Home Inst. iRODS

  9. Shibby stuff • Use ePTID for login • Same account every time • Caveat on reuse in UK federation • Use ePEntitlement for “VO mgmt” • Home institutions IdPs manage it • Attrs available to rule engine and µservices • Alternative to individual authentication

  10. Shibby stuff • Web based • PHP front-end for iRODS • Permits persistent deep linking?

  11. iRODS • Rule Engine to manage data workflow • Microservices calling out to ext’l services • No changes to iRODS itself • Improves maintenance • Except fed back upstream

  12. Example Rule workflow iRODS Log attrs Rule Engine PERMIS PDP Access Ctrl PASOA Update metadata Branch on file type Image metadata Document metadata

  13. Example workflow • All files: timestamps, owner, checksum,… • Microservice workflow: µservice, parameters • Images: create thumbprints, extract JPG metadata • PDF files: text summary (no formatting)

  14. Two Federations ASPiS iRODS Federation UK Access Management Federation (Shibboleth) King’s iRODS Shib Service Provider STFC iRODS Reading iRODS

  15. PASOA ? iRODS Q Q Q MySQL databases P P P 1ary id problem

  16. Query interface EU provenance portal Provenance data

  17. Screenshot of successful query (shows 1 warning and result)

  18. TODO • “Real” µservices, Prod’n infrastructure • µservices workflow management? • Interface to MSS (use HPSS from IN2P3 for?) • Integrate with NGS portal? • TextGrid involvement? • Relation to use of iCommands? • Service redirect (file held at remote site) • ‘ls’ doesn’t go through the rule engine • (PEP in µservice)

More Related