Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.

Slides:



Advertisements
Similar presentations
MyProxy Jim Basney Senior Research Scientist NCSA
Advertisements

Summary Role of Software (1 slide) ARCS Software Architecture (4 slides) SNS -- Caltech Interactions (3 slides)
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Public Key Infrastructure from the Most Trusted Name in e-Security.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n A Standard-based.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n The CHAIN-REDS.
Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,
Towards a Javascript CoG Kit Gregor von Laszewski Fugang Wang Marlon Pierce Gerald Guo
EMI INFSO-RI EMI Quality Assurance Processes (PS ) Alberto Aimar (CERN) CERN IT-GT-SL Section Leader EMI SA2 QA Activity Leader.
EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
Unit – I CLIENT / SERVER ARCHITECTURE. Unit Structure  Evolution of Client/Server Architecture  Client/Server Model  Characteristics of Client/Server.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
The gLite API – PART I Giuseppe LA ROCCA INFN Catania Master Class for Life Science, 4-6 May 2010 Singapore.
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)
Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing
EGI-InSPIRE RI EGI-InSPIRE RI A new “lightweight” Crypto Library for supporting an Advanced Grid Authentication Process.
EGI-InSPIRE RI EGI-InSPIRE RI User Support in IGI: Related Tools and Services in Italy EGI Technical Forum
Università di Perugia Enabling Grids for E-sciencE Status of and requirements for Computational Chemistry NA4 – SA1 Meeting – 6 th April.
How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
Tutorial on Science Gateways, Roma, Catania Science Gateway Framework Motivations, architecture, features Riccardo Rotondo.
1 A “lightweight” Crypto Library fo supporting a new Advanced Grid Authentication Process with Smart Card R. Barbera 1,2, V. Ciaschini 3, A. Falzone 4.
Utilizzo di portali per interfacciamento tra Grid e Cloud Workshop della Commissione Calcolo e Reti dell’INFN, May Laboratori Nazionali del.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Co-funded.
REST API to develop application for mobile devices Mario Torrisi Dipartimento di Fisica e Astronomia – Università degli Studi.
Consorzio COMETA - Progetto PI2S2 UNIONE EUROPEA The GENIUS Grid Portal and robot certificates Giuseppe LA ROCCA
The eCSG Mobile App Mario Torrisi INFN – Division of Catania 24 June 2013 Webinar on the eCSG 1.
Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.
Co-ordination & Harmonisation of Advanced e-INfrastructures CHAIN Worldwide Interoperability Test Roberto Barbera – Univ. of Catania and INFN Diego Scardaci.
EGI-InSPIRE RI EGI Compute and Data Services for Open Access in H2020 Tiziana Ferrari Technical Director, EGI.eu
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
Sistema di Autenticazione e Autorizzazione per Science Gateway basato su Shibboleth M. Fargetta Consorzio.
EGI-InSPIRE RI An Introduction to European Grid Infrastructure (EGI) March An Introduction to the European Grid Infrastructure.
Servizi di AAI e job management per Science Gateway basati su standard D. Scardaci INFN Catania.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n° iGrid Aron Kondoro.
A Data Engine for Grid Science Gateways Enabling Easy Transfers and Data Sharing Dr. Marco Fargetta (1), Mr. Riccardo Rotondo (2,*), Prof. Roberto Barbera.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
Enabling Grids for E-sciencE University of Perugia Computational Chemistry status report EGAAP Meeting – 21 rst April 2005 Athens, Greece.
Accessing the VI-SEEM infrastructure
Operations Management Board 19th Dec. 2013
C Loomis (CNRS/LAL) and V. Floros (GRNET)
Giuseppe LA ROCCA INFN - Catania, Italy
Clouds , Grids and Clusters
Giuseppina Inserra INFN Catania
CHAIN-REDS computing solutions for Virtual Research Communities CHAIN-REDS Workshop – 11 December 2013 Roberto Barbera – University of Catania and.
Riccardo Rotondo INFN Catania – Italy
NA3: User Community Support Team
Q&A about Science Gateways
GSAF Grid Storage Access Framework
Interoperability & Standards
GSAF Grid Storage Access Framework
Status report of the LToS platform
EGI Webinar - Introduction -
Introduction to Databases Transparencies
Elisa Ingrà – Consortium GARR
Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.
Public Key Infrastructure from the Most Trusted Name in e-Security
Distributed Systems Bina Ramamurthy 12/2/2018 B.Ramamurthy.
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
The SADE mini-project of the EGI DARIAH Competence Centre
CLASP Project AAI Workshop, Nov 2000 Denise Heagerty, CERN
Grid Engine Riccardo Rotondo
Grid Engine Diego Scardaci (INFN – Catania)
Distributed Systems Bina Ramamurthy 4/22/2019 B.Ramamurthy.
Grid Computing Software Interface
Presentation transcript:

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant Agreement n The eTokenServer: a standard-based solution developed by INFN Catania for central provisioning of robot credentials Giuseppe LA ROCCA, INFN Catania - Italy CHAIN-REDS School for Application Porting to Science Gateways, June 2014, Catania - Italy

Outline  Some introductory concepts and driving considerations  Introduction to the “light-weight” crypto library  The Architecture  Java™ PKCS#11, Bouncy Castle  Java CoG Kits v  VOMS-Admin APIs v.3.0  Apache Tomcat as a Web Container  JAX-RS 1.2 Java APIs using Jersey implementation  Summary and Conclusions CHAIN-REDS School for Application Porting to Science Gateways –

The 21 st Century Research Challenges 3 RS Ophiuchi INAF – Oss. Astronomico Palermo

Virtual Research Community (VRC) Grid/Cloud Infrastructure The Research Network Infrastructure provides fast interconnection and advanced services among Research and Education institutes of different countries The Research Grid/Cloud Infrastructure provides a distributed environment for sharing computing power, storage, instruments and databases through the appropriate software (middleware) e-Infrastructure “an environment where research resources (hardware, software and content) can be readily shared and accessed where necessary to promote better and more efficient research” e-Infrastructure Network Infrastructure The e-Infrastructure vision CHAIN-REDS School for Application Porting to Science Gateways –

The European Grid Infrastructure (EGI) European Over 30 countries EGI MISSION To support researchers from all disciplines with the reliable and innovative ICT services they need to accelerate excellent science. Natural sciences Physical sciences Medical and health sciences Engineering and technology Any research activity within the European Research Area EGI MISSION To support researchers from all disciplines with the reliable and innovative ICT services they need to accelerate excellent science. Natural sciences Physical sciences Medical and health sciences Engineering and technology Any research activity within the European Research Area Grid Secure sharing of IT resources Infrastructure Computers (clusters) Data Applications CHAIN-REDS School for Application Porting to Science Gateways –

Some barriers limit the e-Infrastructure adoption (*) The eResearch2020 report / Some barriers limit the e-Infrastructure adoption

Some introductory concepts and driving considerations Security is based on the Public Key Infrastructure (PKI) of X.509 certificates and the procedures to manage these certificates are unfortunately not straightforward There is a “scientific gap” we have to overcome before to get some benefits in using e-Infrastructures The adoption of robot certificates can reduce these barriers and help non-expert users to experience ICT-based platform technology! CHAIN-REDS School for Application Porting to Science Gateways –

Robot certificates in a nutshell  Robot certificates have been introduced to allow non- expert users to experience e-Infrastructures for research activity; – They are extremely useful, for instance, to automate Grid service monitoring, data processing production, distributed data collection systems; CHAIN-REDS School for Application Porting to Science Gateways –

 Introduction to the “light-weight” crypto library:  Java™ PKCS#11, Bouncy Castle  Java CoG Kits v  VOMS-Admin APIs v.3.0  Apache Tomcat as a Web Container  JAX-RS 1.2 Java APIs using Jersey implementation CHAIN-REDS School for Application Porting to Science Gateways –

The “light-weight” crypto library interface has been designed to provide seamless and secure access to computing e- Infrastructures, based-on gLite MW, using robot certificates The business logic of the library, combines different programming native interfaces and standards such as the: – “cryptoki” Java™ Cryptographic Token Standard Interface (PKCS#11) libraries – Open source BouncyCastle libraries – Java CoG Kits APIs – VOMS-Admin APIs – RESTful technology (JSR 311) The “light-weight” crypto library CHAIN-REDS School for Application Porting to Science Gateways –

List of SW packages adopted The Cryptographic Token Interface Standard (PKCS#11) is a standard introduced by RSA Data Security IncCryptographic Token Interface Standard (PKCS#11)RSA Data Security Inc – It defines native programming interfaces to access cryptographic tokens The Bouncy Castle APIs provide support for creating X.509 certificates (ver.1 and ver.3)Bouncy Castle The Java CoG Kits APIs allow users to provide Globus Toolkit functionality within their code without calling scripts, or in some cases without having Globus installed (v1.8.0)CoG Kits VOMS-Admin APIs (v3.0), developed in the context of the DILIGENT and D4Science projects, were used for interacting the VOMS server and retrieve the list of groups/roles per VO VOMS-AdminDILIGENTD4Science The JAX-RS (Java API for RESTful Web Services) specification presented in JSR 311 defines a standard way to deploy RESTful web servicesJAX-RS CHAIN-REDS School for Application Porting to Science Gateways –

 Deployed on Tomcat Application Server (v7.0.27) Application Server Caching of proxy certificates for each valid requestID – If lifetime(requestID)-12h>0  the cached proxy is sent to the Science Gateway Thread-safe access to the list of smart cards – Evaluated performance of the server using Apache JMeter™ – ~ 6-8 sec. Waiting time for a new proxy – 20 msec. If the proxy is cached CHAIN-REDS School for Application Porting to Science Gateways –

 To reduce security risks, robot certificate are saved on board of the Aladdin eToken USB smart cards The Aladdin eToken smart card can support several certificates: – 4 certificates per each eToken PRO 64KB – PKI Client supports maximum 16 slots! Hardware Tokens A token PIN is prompted every time the user needs to interact with the smart card Costs: – eToken PRO 64KB € 49,00 – eToken PKI Client € 15,90 – eToken Shell € 2,00 CHAIN-REDS School for Application Porting to Science Gateways –

 The Architecture  The typical working scenario  Some REST APIs  The web interface (protected)  More info CHAIN-REDS School for Application Porting to Science Gateways –

The five-layer architecture of the “light-weight” crypto library CHAIN-REDS School for Application Porting to Science Gateways –

The working scenario… CHAIN-REDS School for Application Porting to Science Gateways –

The web interface (protected access) CHAIN-REDS School for Application Porting to Science Gateways – Use the VOMS-ADMIN APIs to get the list of FQANs

CHAIN-REDS School for Application Porting to Science Gateways – The web interface (protected access) Enable / Disable long-term proxy Enable RFC / Full-legacy proxyAdding additional CN (for accounting)

Some RESTFul APIs to request proxies / list robots voms=fedcloud.egi.eu:/fedcloud.egi.eu&proxy-renewal=true&disable-voms-proxy=false&rfc- proxy=true&cn-label=LAROCCA Create RFC 3820 complaint proxies Create full-legacy globus proxies voms=fedcloud.egi.eu:/fedcloud.egi.eu&proxy-renewal=true&disable-voms-proxy=false&rfc- proxy=false&cn-label=Empty eTokenServer host & port MD5Sum Options FQANs Create plain proxies (without VOMS ACs) Get the list of available robot certificates Create full-legacy globus proxies (with more FQANs) voms=fedcloud.egi.eu:/fedcloud.egi.eu&proxy-renewal=true&disable-voms-proxy=true&rfc- proxy=false&cn-label=Empty CHAIN-REDS School for Application Porting to Science Gateways – voms=vo.eu-decide.eu:/vo.eu-decide.eu/Role=Neurologist+vo.eu-decide.eu:/vo.eu- decide.eu&proxy-renewal=true&disable-voms-proxy=false&rfc-proxy=false&cn-label=Empty

Who is using the crypto-library ?  The eTokenServer service is currently used by the following SGs / Projects: CHAIN-REDS School for Application Porting to Science Gateways –

New eTokenServer installations (being) supported by CHAIN-REDS in preparation CHAIN-REDS School for Application Porting to Science Gateways –

Summary & Conclusions  The eTokenServer is currently used as central service to provision robot proxy credentials to different VRCs  It provides a transparent and secure mechanism to access robot certificates installed on USB smart cards  The business logic relies on different standards  By design the eTokenServer is complaint with the policies reported in these two documents: EUGridPMA guidelines, OperationsGuidelineEUGridPMA OperationsGuideline CHAIN-REDS School for Application Porting to Science Gateways –

Social Networks: Contacts CHAIN-REDS School for Application Porting to Science Gateways –

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant Agreement n

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.