Science gateway e risultati dei progetti Europei di e-Infrastructure Roberto Barbera Univ. di Catania & INFN Riunione CCR – Frascati, 25 Ottobre 2012

Outline  Introduction and driving considerations  The Catania Science Gateway framework and its implementation in various projects/contexts  An outlook into the future: CHAIN-REDS  Summary and conclusions 2

IT acceptance model Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3): 319–340 Development of web browsers The World Wide Web – the Web

The evolution leap in web browsers evolution leap 4

The «strength» of the web: standards! 5

Path to technology uptake The Rogers “bell-shape” curve - Rogers, E. M. (1962), “Diffusion of Innovations”, Glencoe: Free Press. 6

Some figures… 7

saturation decrease 8 Mar 2010

The eResearch2020 report ( Some barriers in the adoption of Grids:  Changes on Grids means changes on applications  Time required to adapt usual workflows  Lack of structure to support anonymous access  Download and installation of applications  Interface  Slow to get to compared to other resources  Difficult to use in the beginning  Time spent to get the application compiled and running 9

Using Grids is not straightforward  Users have to cope with complex security procedures, execution scripts, job description languages, command line based interfaces and lack of standards. This makes the learning curve very steep and keeps non IT-experts away.

Another consideration… VRCs # of users There is a huge number of non IT-experts out there who do not belong to any constituted Virtual Research Community. How can we attract them ? 11

Community-driven web portals have started to integrate Grid Tools and Applications “A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community.” Teragrid/XSEDE 12

Davis, F. D. (1989), "Perceived usefulness, perceived ease of use, and user acceptance of information technology", MIS Quarterly 13(3): 319–340 Development of Science Gateway Requirement for sustainability IT acceptance model – the Grid 13

EGI Portal & Traceability Policies (1/2) Portal Classes Portal ClassExecutableParametersInput Simple one- click provided by portal provided by portal Parameter provided by portal chosen from enumerable and limited set chosen from repository vetted by the portal Data processing provided by portal chosen from enumerable and limited set provided by user Job management provided by user provided by user Science Gateways 14

 The Portal, the VO the Portal is associated to, and the Portal manager are all individually and collectively responsible and accountable for all interactions with the Grid  The Portal must be capable of limiting the job submission rate  The Portal must keep audit logs for all interactions with the Grid as defined in the Traceability and Logging Policy (minimum 90 days)  The Portal manager and operators must assist in security incident investigations  Where relevant, private keys associated with (proxy) certificates must not be transferred across a network, not even in encrypted form 15 EGI Portal & Traceability Policies (2/2)

The Catania Science Gateway framework Science Gateway Science Gateway App. 1 App. 2 App. N Embedded Applications Administrator Power User Basic User Users from different organisations having different roles and privileges Standard-based (SAGA) middleware-independent Grid Engine Standard-based (SAGA) middleware-independent Grid Engine Grid middleware supported so far

Summary of standards adopted  Catania Science Gateway framework builds on consolidated and widely adopted standards:  The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards)JSR 168JSR 286  The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementationsOASISSecurity Assertion Markup Language ShibbolethSimpleSAMLphp  The Lightweight Direct Access Protocol, and its OpenLDAP implementationOpenLDAP  The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementationCryptographic Token Interface Standard  The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementationOpen Grid ForumSimple API for Grid ApplicationsJSAGA 17

AuthN & AuthZ Schema AuthorisationAuthorisation Science Gateway GrIDP (“catch-all”) GrIDP (“catch-all”) IDPCT (“catch- all”) IDPCT (“catch- all”) IDP_y LDAP Register to a Service 2. Sign in Authentication Social Networks’ Bridge IdP 18

Official Identity Federations currently supported by Catania Science Gateways 19 To be created Nov Tutors from INFN Catania will be paid by RENATA, the Colombian NREN

eduGAIN ( 20 Catania Science Gateways are also registered as Service Providers of eduGAIN

The Grid IDentity Pool (GrIDP) ( This is an “open” Identity Federation

Identity Federations’ discovery service The normal Authentication Procedure 22 «Open» Identity Provider

Identity Federations’ discovery service The “social” Authentication Procedure 23 For more information watch

Catania Science Gateways access workflow Compliant with the EGI.eu Portal and Traceability Policies 1. sign in 3. create a proxy from an eToken server with robot certificates User 6. get the results 4. execute action 3’/4’. track user Admin 5. get output The Grid 2”. authZ eToken server 2’. authN Identity Provider User Registry 24

The «lightweight» crypto-library 25

eTokenServer MyProxy Server ask/get VOMS AC attributes VOMS Server store long proxy (*) SSL encryption get results ask for a service list/create request execute a service get the results back retrieve serials/proxy (*) The eToken server working scenario 26

CNGrid NKN & Garuda EUAsiaGrid SAGrid & SANREN GISELA 27 The “Global” Grid

The “non-Global” middleware CNGrid NKN & Garuda EUAsiaGrid SAGrid & SANREN GISELA Genesis II 28

CHAIN strategic vision  A world-wide Distributed Computing Infrastructure can address big scientific challenges that are not manageable with departmental computing systems  Virtual Research Communities can transparently access different kind of resources: scientific applications and tools, Data Repositories, down to CPUs and Disks. The vision is that of VRCs using resources ubiquitously across different administrative domains  Regional e-Infrastructures should be made interoperable among each other. CHAIN is committed to promote and validate a proof-of- concept that addresses this 29

First set of considerations - Interoperability  Interoperability is a property referring to the ability of diverse systems and organizations to work together (inter- operate). The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to system performance;  According to ISO/IEC (Information Technology Vocabulary, Fundamental Terms), interoperability is "The capability to communicate, execute programs, or transfer data among various functional units in a manner that requires the user to have little or no knowledge of the unique characteristics of those units". 30

The CHAIN Worldwide Interoperability Demo ( 31  To demonstrate that:  e-Infrastructures can be made interoperable to each other at user application level using standards  with the meaning of interoperability given in the previous slide;  VRC-specific applications can be submitted from anywhere and run everywhere

The Catania Grid Engine Grid Engine Users Tracking DB Science GW Interface SAGA/JSAGA API Job Engine Data Engine Users Track & Monit. Science GW 1 Science GW 2 Science GW 3 Grid MWs Liferay Portlets eToken Server New ModifiedNewModified

The CHAIN Worldwide Interoperability Demo - Requirements The user interface must be only web based 2. Users must be transparently authenticated & authorised on all e-Infrastructures without any additional human/machine intervention 3. There must be the smallest possible interaction with both site managers and e-Infrastructure operators 4. No modification whatsoever of the various middleware should be required to their developers (missing JSAGA adaptors should be created)

CHAIN Science Gateway ( 34 Server managed by INFN Roma Tre

CHAIN Demo Contributors 35

CHAIN Demo Applications ( 36 general purpose applications

CHAIN Demo Status ( 37

Second set of considerations – Social Networks  About 1 billion people have accounts on the existing Social Networks (many of the researchers we are targeting with e-Infrastructures are among them)  Web-based social networking accounts for more than 10-15% of the total time spent online in the whole world  Social Networks’ are by far the most used (liked) virtual environments in the world 38

Catania “social” Science Gateways ( 39

Catania “social” Science Gateways (agINFRA Science Gateway as Facebook app) 40 SSO possible through the Social Networks’ Bridge IdP

41 Catania “social” Science Gateways (Italian Soil Information System – WebGIS-based and Cloud-enabled)

ISIS: the Italian Soil Information System (Integration architecture – reusable!) INFN Catania cloud Apache mod_rewrite VM WebGIS DB + ISIS data Web proxy URL 1 open Web proxy URL 2 Shibboleth-protected Direct access forbidden X 42

Third set of considerations – Mobile Access 43  More than 25% of mobile phones in the world are smartphones and the number of people connected through mobile appliances increases every year  Social networking amounts to 91% of mobile internet access, compared to 79% on desktops, and it is expected that by 2014 mobile internet should take over desktop internet usage (*)  So, mobile access to “everything” is not any more an option; it is a must and e-Infrastructures shouldn’t/won’t be an exception (*)

The “mobile” Authentication Procedure (REST API independent of the Science Gateway) 44

Example #1: the new gLibrary architecture gLibrary REST API Metadata ServicesStorage Services AuthN/AuthZ Services StoragesDatabases Identity Federations eToken Service Grid Auth Service e-infrastructure resources Science Gateways Repo 1 Repo 2 Repo 3 Discovery Service Rest API 45

The mobile version of the INDICATE e-Culture Science Gateway – Browse contents The e-Culture Science Gateway (web and mobile) will be «the tool» of the DCH-RP (now DC-MAP) project 46

INDICATE Project Meeting The mobile version of the INDICATE e-Culture Science Gateway – Download contents 47

INDICATE Project Meeting First prototype The mobile version of the INDICATE e-Culture Science Gateway – Annotate contents 48

MoU template ( with financial part) 49

Uptake of Catania Science Gateways (as of today) 50 Users from 206 Organisations in 44 Countries

Number of registered peopleNumber of sign-ins Catania Science Gateways in numbers (as of the end of September 2012) 51

Science Gateway-based model in Latin America Final Project Review, Brussels,

Services for Researchers & Students Communities Online S&T Olympics Citizen Science Final Project Review, Brussels,

GISELA – Final Project Review - Brussels – 11/10/ Scope & Composition –Extract (English translation): “…The Ecuadorian (CEDIA), Mexican (CUDI) and Colombian (RENATA) NRENs commit themselves to find the financial resources to ensure the continuity of the operation of the Latina American e-Infrastructure currently supported by the GISELA partner Institutions. This to put at disposal of Research & Education the advanced computing & network resources for the e- Science benefit which on its turn will manifest itself in improving the quality of life of people in the Region…” –Signatories so far:  NRENs: CEDIA (Ecuador), CUDI (México), Innova|Red (Argentina), RedCONARE (Costa Rica), RENATA (Colombia)  Academic Institutions: UNAM (México), UNIANDES (Colombia) Durable Financial Support scheme The “Mexico Declaration” as funding agreement

The new Catania General Engine for CHAIN-REDS General Engine Users Tracking DB Science GW Interface SAGA/JSAGA API Job Engine Data Engine Users Track & Monit. Science GW 1 Science GW 2 Science GW 3 Grid/Cluster/Cloud MW Liferay Portlets eToken Server Grid MW Cluster MW: LSF, PBS, … Cluster MW: CLEVER, … Demos planned next month both at SC’12 and agINFRA review Hardware funds are requested to wide the cloud to be used in agINFRA and CHAIN-REDS

Summary and conclusions  e-Infrastructures can be very beneficial platforms for many users, provided they are really «easy to use»  Catania Science Gateways, with support for Identity Federations, Social Networks and mobile access, are changing the way Grid infrastructures are used, hugely widening their potential user base (especially non-IT experts and the “citizen scientist”) yet keeping the required security  The adoption of standards (JSR 286, SAGA, SAML, etc.) represents a concrete investment towards sustainability and allows worldwide interoperability at user application level  Catania Science Gateways have have been already adopted in/by several other EU projects (agINFRA, DC-MAP, DECIDE, EarthServer, eI4Africa, EUMEDGRID-Support, GISELA, INDICATE, etc.)  This activity is giving INFN a high visibility worldwide and new projects have started just around the Science Gateway model  A discussion would be worth within CCR to see how to apply tge model to small/medium INFN experiments that still do not use the Grid 57

Thank you ! 58