1 / 13

National Computational Science MyProxy: An Online Credential Repository for the Grid

MyProxy is a secure server that manages user credentials for Grid portals, enabling secure access from any location. Users delegate credentials for short-term use, enhancing security and convenience for Grid services. Explore MyProxy's architecture, implementations, deployments, and ongoing progress.

lstevens
Download Presentation

National Computational Science MyProxy: An Online Credential Repository for the Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MyProxy: An Online Credential Repository for the Grid Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ National Computational Science

  2. Grid Portals • Allow users to access Grid services using standard web browsers • Need credentials to act on user’s behalf • Standard web browsers don’t support credential delegation • The user’s credentials may not be available on the web browser machine • Install credentials on each portal in advance? • Each portal must be trusted to manage credentials securely National Computational Science

  3. MyProxy • Secured MyProxy server manages user’s credentials • Allows secure access to credentials from anywhere on the Grid • Delegates credentials to resources (like web portals) that don’t already support delegation • Limits credential exposure with short-lived proxy credentials National Computational Science

  4. MyProxy Architecture User delegates credential to MyProxy server using MyProxy client program User chooses username and pass phrase for credential to protect against unauthorized retrieval User specifies lifetime of credential on MyProxy server and lifetime of credentials delegated to Grid Portals User Grid MyProxy Server Grid Portal National Computational Science

  5. MyProxy Architecture User connects to the Web Portal at a later time using a standard web browser from any machine User provides MyProxy username and pass phrase to the Portal User Grid MyProxy Server Grid Portal National Computational Science

  6. MyProxy Architecture Web Portal contacts MyProxy server and provides user’s username and pass phrase MyProxy delegates short-term proxy credentials to Web Portal User Grid MyProxy Server Grid Portal National Computational Science

  7. MyProxy Architecture Web Portal uses the short-term proxy credential to access Grid resources on the user’s behalf User Grid MyProxy Server Grid Portal National Computational Science

  8. MyProxy Implementations • C implementation of client and server • ftp://ftp.ncsa.uiuc.edu/aces/myproxy/ • Java Community Grid (CoG) toolkit client implementation • http://www.globus.org/cog/ • Grid Portal Development Kit • http://dast.nlanr.net/Projects/GridPortal/ National Computational Science

  9. MyProxy Deployments • NCSA (Alliance User Portal, Gaussian portal, Chemical Engineering) • NASA IPG (Launchpad user portal) • University of Lecce, Italy(Grid Resource Broker) • Poznan Supercomputing Center (Web-based resource broker) • NPACI/SDSC (HotPage) • UK HPC center National Computational Science

  10. Work in Progress • Convenient, secure access to credentials from multiple sites • Without copying credential files by hand • Unattended proxy credential renewal • Submit job to CondorG with pointer to MyProxy server to use for proxy renewal • CondorG authenticates to MyProxy server using the current user proxy before it expires • MyProxy delegates a new user proxy to CondorG National Computational Science

  11. Work in Progress • Additional authentication mechanisms • Kerberos (and others?) • More control over managed credentials • Restricted delegation • Credential access control • Which identities can download credentials? • What authentication methods are trusted? • Multiple credentials per user • Download the credential needed for the current task • Standardization • Global Grid Forum and IETF National Computational Science

  12. Work in Progress • CAS: Community Authorization Service • Allows community members to access community owned/allocated resources • Users authenticate to CAS to obtain a “community credential” valid on a resource • Interface for community administrators to add/remove users, etc. National Computational Science

  13. Demo • Alliance User Portal • Built with Grid Portal Development Kit • http://aup.ncsa.uiuc.edu • NCSA MyProxy server • myproxy.ncsa.uiuc.edu National Computational Science

More Related