Presenter or main title… Session Title or subtitle… TF-EMC 2 Lyon - 14/02/2011 Accessing e-Infrastructure Christopher Brown Digital Infrastructure

April 2006 – March 2009 Followed UK’s 5 year investment in e-Science infrastructure Aims: –Increase the benefits to, and use of, e-Infrastructure by a wider user base –Ensure that e-Infrastructure builds on and shares common core services –Explore the ways in which the benefits of the capabilities being developed in grid computing can be transferred to other domains 4 thematic areas: –Community engagement and support –e-Infrastructure security –Grid services and tools –Knowledge organisation and semantic services e-Infrastructure Programme 14/02/2011 Slide 2

Aims to facilitate UK research by providing access to a broad range of computational and data based resources. Deliver a production quality e-infrastructure to support academic research across all Higher Education Institutes (HEIs) in the UK Provide core services to enable collaborative access to computing and data resources in support of UK researchers Ensures UK researchers can efficiently exploit computing facilities across the globe – developed partnerships with infrastructures in EU, US, etc. National Grid Service (NGS) 14/02/2011 Slide 3

Free to use for UK academics Joining process: –Apply for your personal e-Science Certificate from the UK Certification Authority –Download your certificate into your browser –Apply for a NGS Grid Account –Backup your Certificate and Private Key from your browser –Run the Certificate Wizard to set up your computer –Get started using NGS tools National Grid Service (NGS) 14/02/2011 Slide 4

To deliver into production a Shibboleth based infrastructure for the NGS, to enable HEI users/researchers to access NGS resources using their institutional identities as provided through membership of the UK federation. Goals: –Broaden the NGS user base. –Easier access for researchers who are not technology specialists –Easier support for the Service Provider –Prevent unauthorised access –Deliver a production service Access to NGS resources: –People use X.509 Certificates –Trusted globally – IGTF –Sometimes seen as challenging to use SARoNGS (Jan 2008 – March 2009) 14/02/2011 Slide 5

In SARoNGS –People who have certificates can keep using them –Created transparently for people who don’t –Users don’t even know they have certificates What’s in it for you? –Users get non-certificate access to the NGS, mainly via portals –SPs can hook into NGS SP/portal (if you wish), particularly if you require X.509 –Use NGS’ VO management infrastructure –Non-UK federations: can be reused SARoNGS 14/02/2011 Slide 6

4main activities –to provide grid authentication tied to the UK AMF (a new service based upon outputs from the ShibGrid project) –to link this authentication token with VO attributes from the grid computing domain –to translate attributes within the context of UK AMF into attributes suitable for consumption by grid computing infrastructures (a new service based upon the outputs of the SHEBANGS project) –to demonstrate these via both subject based and generic demonstrator applications SARoNGS SHEBANGS VPMan ShibGrid MIMAS Grid AuthnTranslate attributes AuthorisationDemonstrator SARoNGS 14/02/2011 Slide 7

CTS MyProxy User and management portals The NGS Grid VO Management CTS access control research resources (MIMAS)‏ SARoNGS Architecture 14/02/2011 Slide 8

SARoNGS Architecture 14/02/2011 Slide 9

SARoNGS Architecture 14/02/2011 Slide 10

SARoNGS Architecture 14/02/2011 Slide 11

SARoNGS Architecture 14/02/2011 Slide 12

SARoNGS Architecture 14/02/2011 Slide 13

SARoNGS Architecture 14/02/2011 Slide 14

SARoNGS Architecture 14/02/2011 Slide 15

Demo 14/02/2011 Slide 16

VRE funded project Connects different institutional portals through Access Grid (AG) technologies Connection through AG venues managed by VOMS certificates Using SARoNGS for OneVRE VO Management –User logs in to portal using Proxy Cert issued by SARoNGS, includes all the VOs the user is a member of –VOs are basis for accessing the AG virtual venues on OneVRE servers –OneVRE also allows users to securely share data and apps across different AG and OneVRE servers OneVRE 14/02/2011 Slide 17

Certs are only as good as the material on which they are based NGS would’ve liked to have the SARoNGS CA to become accredited with the IGTF like the UK e-Science CA. Not possible: –Permitted reuse of eduPersonTargetedId –Names are not published –Id Management Policies too numerous/varied –Revocation vs Lifetime Limitations of the SARoNGS Grid Credentials 14/02/2011 Slide 18

Collaboration GFIVO CUCKOO NGS SARoNGS SHINTAU VPMAN Identification UK federation OpenID Review NAMES Data Sharing ASPiS ES-LoA iREAD AGAST SPIDER Personalisation GOLDDUST DPIE2 Identity The Identity Project Past 14/02/2011 Slide 19

AIM Programme 1 st Jan 2009 to 31 st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011) Focus: –Process –Policy –Technology Objectives –Build foundations for production systems that universities might adopt in the future –Prepare the sector for future developments –Improve user experience –Increase value and make AIM relevant to wider community –Enable integrated systems architecture –Develop practical tools to enable AIM 14/02/2011 | Slide 20 Exploring Innovative new areas

AIM Programme UK Access Management Federation –Support –Expand –Improve –Increase uptake Funding –Shibboleth Consortium (JISC, Internet2, SWITCH) Technical roadmap Governance mechanisms Operate open source project => Shibboleth Foundation? –Extending Access Mgmt into BCE –Publisher Support –WAYFless URLs 14/02/2011 Slide 21

AIM Projects – NGS A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service –Develop proxy certificate auditing infrastructure that supports monitoring/auditing use of proxy credential General usage monitoring Patterns of use and prediction of misuse Exploit and harden existing software for this Globus Incubator project Extensions to support VO-specific monitoring and usage Resource-specific monitoring and usage –Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects includes usage of NGS, ScotGrid, TeraGrid, D ‐ Grid Wie Jie Thames Valley University 15 months 14/02/2011 Slide 22

AIM Projects – Web Services Fiona Culloch EDINA 12 months 14/02/2011 Slide 23 WSTIERIA (Web Services Tiered Internet Authorization ) –Make web services work with UK federation –Investigating two approaches: using “façade” to handle authentication new Shib features to invoke web service between SPs –Tested on two application domains: Geospatial web service (SEE-GEO) WebDAV (widely deployed remote file-access protocol layered on HTTP) –Community Benefit Web services interoperate with FAM Improve end-user experience by application componentization –Real components need authorization Access presently hidden web services –Discussing with MIMAS, SDSS, Shibboleth

AIM Projects – Social Net and Shib Identity and Access Management using Social Networking Technologies –FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships –produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids –Bridge to SAML/Shibboleth Converting information available in RDF into SAML attributes –e.g. WebID URI into eduPersonPrincipalName –Easy to derive membership of a project or (virtual) organisation based on the FOAF relations –Easier ad-hoc collaborations (potentially with people outside the federation too) Mike Jones University of Manchester 9 months 14/02/2011 Slide 24

Any questions? 14/02/2011 Slide 25