1 / 25

Presenter or main title…

TF-EMC 2 Lyon - 14/02/2011. Presenter or main title…. Accessing e-Infrastructure. Session Title or subtitle…. Christopher Brown Digital Infrastructure. e-Infrastructure Programme. April 2006 – March 2009 Followed UK’s 5 year investment in e-Science infrastructure Aims:

maine
Download Presentation

Presenter or main title…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TF-EMC2 Lyon - 14/02/2011 Presenter or main title… Accessing e-Infrastructure Session Title or subtitle… Christopher BrownDigital Infrastructure

  2. e-Infrastructure Programme • April 2006 – March 2009 • Followed UK’s 5 year investment in e-Science infrastructure • Aims: • Increase the benefits to, and use of, e-Infrastructure by a wider user base • Ensure that e-Infrastructure builds on and shares common core services • Explore the ways in which the benefits of the capabilities being developed in grid computing can be transferred to other domains • 4 thematic areas: • Community engagement and support • e-Infrastructure security • Grid services and tools • Knowledge organisation and semantic services http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  3. National Grid Service (NGS) • Aims to facilitate UK research by providing access to a broad range of computational and data based resources. • Deliver a production quality e-infrastructure to support academic research across all Higher Education Institutes  (HEIs) in the UK • Provide core services to enable collaborative access to computing and data resources in support of UK researchers • Ensures UK researchers can efficiently exploit computing facilities across the globe – developed partnerships with infrastructures in EU, US, etc. • http://www.ngs.ac.uk/ http://www.flickr.com/photos/14171139@N08/2041447039/sizes/z/in/photostream

  4. National Grid Service (NGS) • Free to use for UK academics • Joining process: • Apply for your personal e-Science Certificate from the UK Certification Authority • Download your certificate into your browser • Apply for a NGS Grid Account • Backup your Certificate and Private Key from your browser • Run the Certificate Wizard to set up your computer • Get started using NGS tools • http://www.ngs.ac.uk/ http://www.flickr.com/photos/chough/3600381635/sizes/m/in/photostream/

  5. SARoNGS (Jan 2008 – March 2009) To deliver into production a Shibboleth based infrastructure for the NGS, to enable HEI users/researchers to access NGS resources using their institutional identities as provided through membership of the UK federation. • Goals: • Broaden the NGS user base. • Easier access for researchers who are not technology specialists • Easier support for the Service Provider • Prevent unauthorised access • Deliver a production service • Access to NGS resources: • People use X.509 Certificates • Trusted globally – IGTF • Sometimes seen as challenging to use http://http://www.flickr.com/photos/pjh/187636402/sizes/z/in/photostream//

  6. SARoNGS • In SARoNGS • People who have certificates can keep using them • Created transparently for people who don’t • Users don’t even know they have certificates • What’s in it for you? • Users get non-certificate access to the NGS, mainly via portals • SPs can hook into NGS SP/portal (if you wish), particularly if you require X.509 • Use NGS’ VO management infrastructure • Non-UK federations: can be reused • http://www.jisc.ac.uk/whatwedo/programmes/einfrastructure/sarongs.aspx • https://cts.ngs.ac.uk/ http://www.flickr.com/photos/dicknella/503494947/

  7. SARoNGS ShibGrid SHEBANGS • 4main activities • to provide grid authentication tied to the UK AMF (a new service based upon outputs from the ShibGrid project) • to link this authentication token with VO attributes from the grid computing domain • to translate attributes within the context of UK AMF into attributes suitable for consumption by grid computing infrastructures (a new service based upon the outputs of the SHEBANGS project) • to demonstrate these via both subject based and generic demonstrator applications Grid Authn Translate attributes VPMan SARoNGS MIMAS Authorisation Demonstrator http://www.flickr.com/photos/brothermagneto/3528084605/sizes/z/in/photostream/

  8. SARoNGS Architecture User and management portals VO Management CTS MyProxy CTS access control research resources (MIMAS)‏ The NGS Grid http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  9. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  10. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  11. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  12. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  13. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  14. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  15. SARoNGS Architecture http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  16. Demo http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  17. OneVRE • VRE funded project • Connects different institutional portals through Access Grid (AG) technologies • Connection through AG venues managed by VOMS certificates • Using SARoNGS for OneVRE VO Management • User logs in to portal using Proxy Cert issued by SARoNGS, includes all the VOs the user is a member of • VOs are basis for accessing the AG virtual venues on OneVRE servers • OneVRE also allows users to securely share data and apps across different AG and OneVRE servers • http://wiki.rcs.manchester.ac.uk/community/OneVRE http://www.flickr.com/photos/kubina/471164507/sizes/z/in/photostream/

  18. Limitations of the SARoNGS Grid Credentials • Certs are only as good as the material on which they are based • NGS would’ve liked to have the SARoNGS CA to become accredited with the IGTF like the UK e-Science CA. • Not possible: • Permitted reuse of eduPersonTargetedId • Names are not published • Id Management Policies too numerous/varied • Revocation vs Lifetime http://www.flickr.com/photos/kubina/471164507/sizes/z/in/photostream/

  19. Past Data Sharing ASPiS ES-LoA iREAD AGAST SPIDER NGS SARoNGS SHINTAU VPMAN Identity The Identity Project Collaboration GFIVO CUCKOO Identification UK federation OpenID Review NAMES Personalisation GOLDDUST DPIE2 http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  20. AIM Programme • 1st Jan 2009 to 31st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011) • Focus: • Process • Policy • Technology • Objectives • Build foundations for production systems that universities might adopt in the future • Prepare the sector for future developments • Improve user experience • Increase value and make AIM relevant to wider community • Enable integrated systems architecture • Develop practical tools to enable AIM Exploring Innovative new areas http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  21. AIM Programme • UK Access Management Federation • Support • Expand • Improve • Increase uptake • Funding • Shibboleth Consortium (JISC, Internet2, SWITCH) • Technical roadmap • Governance mechanisms • Operate open source project => Shibboleth Foundation? • Extending Access Mgmt into BCE • Publisher Support • WAYFless URLs http://www.flickr.com/photos/triplemaximus/156523870/sizes/z/in/photostream/

  22. Wie Jie Thames Valley University 15 months AIM Projects – NGS • A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service • Develop proxy certificate auditing infrastructure that supports monitoring/auditing use of proxy credential • General usage monitoring • Patterns of use and prediction of misuse • Exploit and harden existing software for this • Globus Incubator project • Extensions to support • VO-specific monitoring and usage • Resource-specific monitoring and usage • Demonstrate in numerous projects and roll out to NGS • Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects • includes usage of NGS, ScotGrid, TeraGrid, D‐Grid http://www.flickr.com/photos/argonne/4244642347/sizes/m/in/photostream/

  23. Fiona Culloch EDINA 12 months AIM Projects – Web Services • WSTIERIA (Web Services Tiered Internet Authorization ) • Make web services work with UK federation • Investigating two approaches: • using “façade” to handle authentication • new Shib features to invoke web service between SPs • Tested on two application domains: • Geospatial web service (SEE-GEO) • WebDAV (widely deployed remote file-access protocol layered on HTTP) • Community Benefit • Web services interoperate with FAM • Improve end-user experience by application componentization • Real components need authorization • Access presently hidden web services • Discussing with MIMAS, SDSS, Shibboleth http://www.flickr.com/photos/aqua-marina/840167789/sizes/m/in/photostream/

  24. Mike Jones University of Manchester 9 months AIM Projects – Social Net and Shib • Identity and Access Management using Social Networking Technologies • FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships • produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids • Bridge to SAML/Shibboleth • Converting information available in RDF into SAML attributes • e.g. WebID URI into eduPersonPrincipalName • Easy to derive membership of a project or (virtual) organisation based on the FOAF relations • Easier ad-hoc collaborations (potentially with people outside the federation too) http://www.flickr.com/photos/marc_smith/4511843933/sizes/m/in/photostream/

  25. Any questions?

More Related