TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Slides:



Advertisements
Similar presentations
National Center for Supercomputing Applications MyProxy and NVO or Web SSO for Grid Portals GlobusWorld 2006 Washington, DC, USA September 12, 2006 Mike.
Advertisements

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
MyProxy Jim Basney Senior Research Scientist NCSA
Federated Identity for Grid Architects Tom Scavo NCSA
Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
MyProxy: A Multi-Purpose Grid Authentication Service
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,
Identity Management, PKI and Grids Jill Gemmill, PhD University of Alabama at Birmingham.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Widely Distributed Access Management Tom Barton University of Chicago.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts
SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.
FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
August 2007 Leveraging Campus Authentication to Access the TeraGrid - OR - Partnering with Campuses to Broaden Participation in TeraGrid Scott Lathrop.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Identity Federation and Attribute-based Authorization through the Globus Toolkit, Shibboleth, GridShib, and MyProxy Tom Barton 1, Jim Basney 2, Tim Freeman.
GridShib: Campus/Grid RBAC Integration Penn State Grid Computing Workshop August 5th, 2005 Von Welch
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Tools for Grid/Campus Integration: GridShib and MyProxy Internet2 Advanced Camp July 1, 2005 Von Welch
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
GridShib Grid-Shibboleth Integration An Overview Von Welch
Challenges of Federated Authentication to TeraGrid and Open Science Grid Jim Basney
1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
University of Illinois at Urbana-Champaign National Center for Supercomputing Applications GridShib Grid/Shibboleth Interoperability
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
2NCSA/University of Illinois
LIGO Identity and Access Management
Von Welch Emerging NCSA Security R&D NSF CyberSecurity Summit September 28th, 2004 Von Welch
Grid Security.
TeraGrid Plans for Authentication and Authorization Testbed
MyProxy and NVO or Web SSO for Grid Portals
ESA Single Sign On (SSO) and Federated Identity Management
Shibboleth for Non-Web-Based Applications: GridShib
NSF Middleware Initiative: GridShib
GridShib: Grid/Shibboleth Integration Update GGF 18 Shibboleth Developers BoF September 10-11, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey,
MyProxy Integration with PubCookie
TeraGrid 08 The Third Annual TeraGrid Conference
TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch
Federated Environments and Incident Response: The Worst of Both Worlds
A Grid Authorization Model for Science Gateways
NSF Middleware Initiative: GridShib
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007 VonWelch NCSA/U. of Illinois National Center for Supercomputing Applications

TeraGrid Overview Nine site federation of resource providers http://www.teragrid.org/ Each with own accounts, processes, policies, etc. There exist both TeraGrid users and local, site-specific users O(10k) TeraGrid users from wide variety of different sites Most users not from TeraGrid sites Almost all from U.S. campuses TeraGrid users have accounts on some/all sites Each site has own local users as well These are centrally managed National Center for Supercomputing Applications

Account management Central process for getting/managing allocation NSF Allocations process Central database keeps track of TG user accounts at all sites no uid or username alignment across sites Also keeps track of User’s Grid Identities X.509 DNs Both TG-issued and from external CAs Pushes out to all sites All users have a TG username and password Exposed via Kerberos 5 domain and MyProxy online-CA TeraGrid User Portal National Center for Supercomputing Applications

TeraGrid Access Traditional interactive SSH login via Site authn Grid (PKI) SSO SSH interactive login Short-lived PKI credentials issues via MyProxy and User’s TG username & password Hides site-specific identity details from user Grid Services Globus job submission, GridFTP, etc. Science Gateways/Web Portals Have own user databases Tied to community accounts and allocations on TG sites Give constrained, domain-specific interface National Center for Supercomputing Applications

Ultimate Id Federation Goals and Testbed Allow scaling of TeraGrid to O(100k)+ users Get TeraGrid out of identity management game to allow this Leverage existing campus identity management Allowing servicing of existing VO’s Attribute-based authorization Allow for incident response Blocking and/or contacting problematic users Testbed running first half of 2007 to evaluate how Shibboleth, GridShib and other tools can achieve this NCSA, Purdue National Center for Supercomputing Applications

Testbed Thrusts Three thrusts… One: Java-based Grid-enabled SSH and MyProxy client Build on work from UK NGS http://www.grid-support.ac.uk/files/gsissh/ Allow user to do Grid-based SSH SSO with no Grid client installation Just vanilla Java Using TeraGrid username and password This is working: http://grid.ncsa.uiuc.edu/gsi-sshterm/ National Center for Supercomputing Applications

Testbed Thrusts Two: Shibboleth-based TeraGrid Access Using GridShib-CA to access existing TeraGrid account In Shibboleth terms, a Shibboleth SP that issues short-lived Grid credentials Allows user to connect to TeraGrid using their local campus authentication Integrated with Java GSI-SSH client to allow for zero-client install SSH access Currently doing bi-lateral Shibboleth peering eventually InCommon Requires ePPN from IdP Friendly user mode One time registration of Shibboleth-based X.509 DN http://gridshib-ca.ncsa.uiuc.edu/ National Center for Supercomputing Applications

Testbed Thrusts Three: Attribute-based authorization from Science Gateways Allow Science Gateways to push VO attributes to TeraGrid sites Could be passed from user’s Idp or generated locally In development. National Center for Supercomputing Applications

Testbed Next Steps Get friendly users kicking the tires Peer with some more campuses to allow this Currently U. of Illinois, U. of Chicago, ProtectNetwork, OpenIdp Try out some incident response dry runs National Center for Supercomputing Applications

Questions? vwelch@ncsa.uiuc.edu National Center for Supercomputing Applications

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.