1 / 10

UCTrust Integration for UC Grid

David Walker University of California, Davis DHWalker @ ucdavis.edu Kejian Jin University of California, Los Angeles kjin @ ats.ucla.edu. UCTrust Integration for UC Grid. Overview. Vision Background on UCTrust Existing Registration Process New Registration Process

yitro
Download Presentation

UCTrust Integration for UC Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. David Walker University of California, Davis DHWalker @ ucdavis.edu Kejian Jin University of California, Los Angeles kjin @ ats.ucla.edu UCTrust Integration for UC Grid

  2. Overview • Vision • Background on UCTrust • Existing Registration Process • New Registration Process • Technology Integration • Demonstration

  3. Vision • UC Grid will become the infrastructure linking high-performance computing resources within UC. These resources will be used by all members of the community. • 100,000s of users! • Very few (1,000s? 100s?) of these people will be programming. Nearly all will be using canned applications. • That is, we need an extremely efficient user registration process for pool users.

  4. UCTrust • Federation of “all” UC community members (faculty, staff, student, affiliates) • Fully integrated into InCommon, the national federation of university community members • Relies on trust that each campus can properly identify its own community members and provide information about them. • Protocol is encrypted and enables mutual authentication of both service and identity providers • http: //www.ucop.edu/ir/itlc/uctrust

  5. Existing Registration Process • An end-user requests a UC Grid login via the UC Grid portal. • If this is a request for a Cluster User login, the cluster administrator is asked to approve the request. • The campus grid portal administrator is asked to approve the request. • The UC Grid portal finalizes the registration and creates the user's certificate.

  6. New Registration Process • An end-user logins into the UC Grid portal via UCTrust to register and create a certificate. The user is given access to the UC Grid default pool. Afterwards... If the user needs access to a specific cluster, the cluster administrator authorizes access. If the user needs access to a campus default pool, the campus grid administrator authorizes access.

  7. Technical Integration • UC Grid is a Service Provider within UCTrust (InCommon). It obtains eduPersonPrincipleName (ePPN) from the campus Identity Providers. • The ePPN replaces the function of the old UC Grid login and password. • On the first login, ePPN is used to create the user's long-term digital certificate. • On subsequent logins, ePPN is used to create the short-term certificate for the session.

  8. Demonstration

More Related