ACET The ASPiS project UK e-Science AHM Oxford, 08 Dec 2009 Jens Jensen, STFC.

Slides:

Advertisements

Similar presentations

Panel 2 – Promoting Re-Use of Scientific Collections John Harrison SHAMAN Project University of Liverpool

Advertisements

OGF-23 iRODS Metadata Grid File System Reagan Moore San Diego Supercomputer Center.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

FAME-PERMIS Project University of Manchester University of Kent London, July 2006.

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

The technical side of Portals and ePortfolios Bonnie Ferguson Michael Wilcox.

Updating User Details and Password Tutorial 5. Step 1.1 From the Energy Infrastructure Portal Home Page, click the Enter Site link to access the Portal.

Viewing, Acknowledging & Downloading Electronic Documents Tutorial 6.

Introduction to Shibboleth and the IAMSECT Project.

Implementing Federated Security with ConSec Jens Jensen, STFC OGF40, Oxford, 16 Jan 2014.

EUDAT FIM4R at TNC 2014 Jens Jensen, STFC, on behalf of EUDAT AAI task force.

A Very Brief Introduction to iRODS

Towards a Federated Infrastructure for the Preservation and Analysis Archival Data Chien-Yi HOU Richard MARCIANO {chienyi, School.

1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.

EDINA 20 th March 2008 EDINA Geo/Grid - Security Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland.

Technology on the NGS Pete Oliver NGS Operations Manager.

Metadata Server system software laboratory. Overview metadata service in Grid environment Grid environment Metadata server User query data search information.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.

Overview of the ODP Data Provider Sergey Sukhonosov National Oceanographic Data Centre, Russia Expert training on the Ocean Data Portal technology, Buenos.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Here Come the Feds Federated identity management: the consumer’s perspective Jens Jensen, STFC On behalf of EUDAT AAI TF EGI CF Manchester April 2013.

UK e-Science All Hands Meeting, September 2007 The GLASS Project: Supporting Secure Shibboleth-based Single Sign-On to Campus Resources John Watt (

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Using SRB and iRODS with the Cheshire3 Information Framework Building Data Grids with iRODS May, 2008 National e-Science Centre Edinburgh Dr Robert.

Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.

ESP workshop, Sept 2003 the Earth System Grid data portal presented by Luca Cinquini (NCAR/SCD/VETS) Acknowledgments: ESG.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

Usable Security for Science Challenges and Next Steps Jens Jensen Science and Technology Facilities Council Trust and Security 2 nd Workshop Oxford 8-9.

1 All-Hands Meeting 2-4 th Sept 2003 e-Science Centre The Data Portal Glen Drinkwater.

Production Data Grids SRB - iRODS Storage Resource Broker Reagan W. Moore

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

authenticated networked guided environment for learning - secure integration of learning environments with digital libraries - Current.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Jens G Jensen CCLRC e-Science Single Sign-on at RAL (and DLS too) Authentication and Integrated Identity Management hepsysman Cambridge, 23 Oct 2006.

ASPiS Security Jens Jensen Science and Technology Facilities Council AHM, 8-11 Sep 2008 Edinburgh.

Working Group Practical Policy based on slides and latest documents from the PP WG chaired by Reagan Moore, Rainer Stotzka presented by Johannes Reetz.

Shibboleth: An Introduction

Access Management in Federated Digital Libraries Kailash Bhoopalam Kurt Maly Mohammed Zubair Ravi Mukkamala Old Dominion University Norfolk, Virginia.

IRODS: the use of rules and micro services for automatic data conversion and signal pattern searching Martyn Fletcher, Tom Jackson, Bojian Liang, Michael.

Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Authentication and Integrated Identity Management HEPiX, CASPUR, Rome 3-7 April 2006.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Metadata for structural science Workshop on research metadata in context Nijmegen, 7–8 September 2010 Simon Lambert STFC e-Science UK.

Connect. Communicate. Collaborate AAI scenario: How AutoBAHN system will use the eduGAIN federation for Authentication and Authorization Simon Muyal,

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

1 e-Science AHM st Aug – 3 rd Sept 2004 Nottingham Distributed Storage management using SRB on UK National Grid Service Manandhar A, Haines K,

Attribute Aggregation in Federated Identity Management David Chadwick, George Inman, Stijn Lievens University of Kent.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

AHM04: Sep 2004 Nottingham CCLRC e-Science Centre eMinerals: Environment from the Molecular Level Managing simulation data Lisa Blanshard e- Science Data.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

The National Grid Service User Accounting System Katie Weeks Science and Technology Facilities Council.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

CRISP WP 17 1 / 2 Proposed Metadata Catalogue Architecture Document.

User Domain Storage Elements SURL  TURL LFC Domain (LCG File Catalogue) SA1 – Data Grid Interoperation Enabling Grids for E-sciencE EGEE-III INFSO-RI

Digital Library Storage using iRODS Data Grids Mark Hedges, Tobias Blanke Centre for e-Research, King’s College London Arts and Humanities Data Service.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Using Your Own Authentication System with ArcGIS Online

Jens Jensen EU Grid PMA, Berlin Jan 2015

Status of new ALICE web pages

AAAI Pathfinder J Jensen, STFC 031 Oct,

Jens Jensen, STFC Sep EUGridPMA Manchester

ICAT- Experience and activities at ISIS

Middleware independent Information Service

Overview and Development Plans

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Presentation transcript:

ACET The ASPiS project UK e-Science AHM Oxford, 08 Dec 2009 Jens Jensen, STFC

ACET Who… Developers: Eric Liao (KCL CeRCH), Andrea Weise (Reading ACET) Others: Roger Downing, STFC e-Science Mark Hedges, KCL CeRCH Adil Hasan, Liverpool Jens Jensen, STFC e-Science

ACET ASPiS iRODS as datastore SSO login via Shibboleth PERMIS access control policy Provenance metadata in PASOA Funded by JISC

ACET Target Users 1.Arts and Humanities 2.STFC facilities –Was Diamond Light Source (no IdP) –Now ISIS Neutron Source 3.SRB users on the National Grid Service

ACET iRODS PASOA Shib service PERMIS PDP PERMIS PDP Disk Apache User

ACET Shib login So what does it do? Single password Password managed by home institution S.E.P. Home institution provides attrs ASPiS can use these for access control And for provenance

ACET User Authentication User National Grid Home (institution)

ACET Shibboleth login Home Inst. Home Inst. iRODS

ACET Shibby stuff Use ePTID for login Same account every time Caveat on reuse in UK federation Use ePEntitlement for “VO mgmt” Home institutions IdPs manage it Attrs available to rule engine and µservices Alternative to individual authentication

ACET Shibby stuff Web based PHP front-end for iRODS Permits persistent deep linking?

ACET iRODS Rule Engine to manage data workflow Microservices calling out to ext’l services No changes to iRODS itself Improves maintenance Except fed back upstream

ACET Log attrs Access Ctrl Update metadata Update metadata PASOA PERMIS PDP PERMIS PDP Branch on file type Branch on file type Document metadata Document metadata Image metadata Image metadata Rule Engine iRODS Example Rule workflow

ACET Example workflow All files: timestamps, owner, checksum,… Microservice workflow: µservice, parameters Images: create thumbprints, extract JPG metadata PDF files: text summary (no formatting)

ACET UK Access Management Federation (Shibboleth) UK Access Management Federation (Shibboleth) Shib Service Provider STFC iRODS STFC iRODS Reading iRODS Reading iRODS King’s iRODS King’s iRODS ASPiS iRODS Federation Two Federations

ACET PASOA P P Q Q Q Q Q Q P P P P 1ary id problem iRODS MySQL databases ?

Query interfaceProvenance data EU provenance portal

Screenshot of successful query (shows 1 warning and result)

ACET TODO “Real” µservices, Prod’n infrastructure µservices workflow management? Interface to MSS (use HPSS from IN2P3 for?) Integrate with NGS portal? TextGrid involvement? Relation to use of iCommands? Service redirect (file held at remote site) ‘ls’ doesn’t go through the rule engine (PEP in µservice)