Presenter or main title… Session Title or subtitle… TF-EMC 2 Lyon - 14/02/2011 Accessing e-Infrastructure Christopher Brown Digital Infrastructure.

Slides:



Advertisements
Similar presentations
Lousy Introduction into SWITCHaai
Advertisements

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.
The National Grid Service and OGSA-DAI Mike Mineter
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Joint Information Systems Committee 25/08/2014 | slide 1 JISC Core Middleware Programme Meeting Middleware in Development Joint Information Systems CommitteeSupporting.
Joint Information Systems Committee 19/05/2015 | | Slide 1 Connecting People to Resources The UK Access Management Federation Nicole Harris Programme Manager.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Technology on the NGS Pete Oliver NGS Operations Manager.
Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,
Jens G Jensen CCLRC e-Science Single Sign-on to the Grid Federated Access and Integrated Identity Management.
Federated A(A(A))I Jens Jensen hepsysman, RAL,
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
1 Identity and Transparency ( Bridging the GAPS of Governance Bridging the GAPS of Governance in eGov Initiatives in eGov Initiatives )‏ Badri Sriraman.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Shibboleth and Grids Oxford Internet Institute, Oxford e-Science Centre and e-Horizons Institute Mark Norman 10 May 2006.
Australian Access Federation and other Middleware Initiatives Presented at TF-EMC2, Prague 4 Sep 2007 Patty McMillan, The University of Queensland.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.
2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Supporting further and higher education Middleware and AA within the JISC Environment Nicole Harris, JISC Development Group.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
OGC/Grid activities in UK Chris Higgins (EDINA), Phil James (Uni of Newcastle), Andrew Woolf (CCLRC)
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
ASPiS Security Jens Jensen Science and Technology Facilities Council AHM, 8-11 Sep 2008 Edinburgh.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Web Services Tiered Internet Authorization (WSTIERIA) 21 June 2011 Fiona Culloch
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Next Steps: becoming users of the NGS Mike Mineter
Combining the strengths of UMIST and The Victoria University of Manchester “Use cases” Stephen Pickles e-Frameworks meets e-Science workshop Edinburgh,
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
Authentication and Authorisation for Research and Collaboration Licia Florio AARC Workshop The AARC Project Brussels, 26 October.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
The UK Access Management Federation John Chapman Project Adviser – Becta.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
MAPS Middleware Action Plan & Strategy Project Middleware Action Plan & Strategy Project (MAPS) Patricia McMillan, Project Manager.
The National Grid Service Mike Mineter.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Presenter or main title… Session Title or subtitle… TNC2011 – 18 May 2011 JISC’s Access & Identity Management (AIM) – supporting innovation Christopher.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
All Hands Meeting 2005 BIRN-CC: Building, Maintaining and Maturing a National Information Infrastructure to Enable and Advance Biomedical Research.
Security and Delegation The Certificate Perspective Jens Jensen Rutherford Appleton Laboratory Workshop at NIKHEF, 27 April 2010.
Networks ∙ Services ∙ People Licia Florio TNC, Lisbon Consuming identities across e- Infrastructures 16 June 2015 PDO GÈANT.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
WLCG Update Hannah Short, CERN Computer Security.
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

Presenter or main title… Session Title or subtitle… TF-EMC 2 Lyon - 14/02/2011 Accessing e-Infrastructure Christopher Brown Digital Infrastructure

April 2006 – March 2009 Followed UK’s 5 year investment in e-Science infrastructure Aims: –Increase the benefits to, and use of, e-Infrastructure by a wider user base –Ensure that e-Infrastructure builds on and shares common core services –Explore the ways in which the benefits of the capabilities being developed in grid computing can be transferred to other domains 4 thematic areas: –Community engagement and support –e-Infrastructure security –Grid services and tools –Knowledge organisation and semantic services e-Infrastructure Programme 14/02/2011 Slide 2

Aims to facilitate UK research by providing access to a broad range of computational and data based resources. Deliver a production quality e-infrastructure to support academic research across all Higher Education Institutes (HEIs) in the UK Provide core services to enable collaborative access to computing and data resources in support of UK researchers Ensures UK researchers can efficiently exploit computing facilities across the globe – developed partnerships with infrastructures in EU, US, etc. National Grid Service (NGS) 14/02/2011 Slide 3

Free to use for UK academics Joining process: –Apply for your personal e-Science Certificate from the UK Certification Authority –Download your certificate into your browser –Apply for a NGS Grid Account –Backup your Certificate and Private Key from your browser –Run the Certificate Wizard to set up your computer –Get started using NGS tools National Grid Service (NGS) 14/02/2011 Slide 4

To deliver into production a Shibboleth based infrastructure for the NGS, to enable HEI users/researchers to access NGS resources using their institutional identities as provided through membership of the UK federation. Goals: –Broaden the NGS user base. –Easier access for researchers who are not technology specialists –Easier support for the Service Provider –Prevent unauthorised access –Deliver a production service Access to NGS resources: –People use X.509 Certificates –Trusted globally – IGTF –Sometimes seen as challenging to use SARoNGS (Jan 2008 – March 2009) 14/02/2011 Slide 5

In SARoNGS –People who have certificates can keep using them –Created transparently for people who don’t –Users don’t even know they have certificates What’s in it for you? –Users get non-certificate access to the NGS, mainly via portals –SPs can hook into NGS SP/portal (if you wish), particularly if you require X.509 –Use NGS’ VO management infrastructure –Non-UK federations: can be reused SARoNGS 14/02/2011 Slide 6

4main activities –to provide grid authentication tied to the UK AMF (a new service based upon outputs from the ShibGrid project) –to link this authentication token with VO attributes from the grid computing domain –to translate attributes within the context of UK AMF into attributes suitable for consumption by grid computing infrastructures (a new service based upon the outputs of the SHEBANGS project) –to demonstrate these via both subject based and generic demonstrator applications SARoNGS SHEBANGS VPMan ShibGrid MIMAS Grid AuthnTranslate attributes AuthorisationDemonstrator SARoNGS 14/02/2011 Slide 7

CTS MyProxy User and management portals The NGS Grid VO Management CTS access control research resources (MIMAS)‏ SARoNGS Architecture 14/02/2011 Slide 8

SARoNGS Architecture 14/02/2011 Slide 9

SARoNGS Architecture 14/02/2011 Slide 10

SARoNGS Architecture 14/02/2011 Slide 11

SARoNGS Architecture 14/02/2011 Slide 12

SARoNGS Architecture 14/02/2011 Slide 13

SARoNGS Architecture 14/02/2011 Slide 14

SARoNGS Architecture 14/02/2011 Slide 15

Demo 14/02/2011 Slide 16

VRE funded project Connects different institutional portals through Access Grid (AG) technologies Connection through AG venues managed by VOMS certificates Using SARoNGS for OneVRE VO Management –User logs in to portal using Proxy Cert issued by SARoNGS, includes all the VOs the user is a member of –VOs are basis for accessing the AG virtual venues on OneVRE servers –OneVRE also allows users to securely share data and apps across different AG and OneVRE servers OneVRE 14/02/2011 Slide 17

Certs are only as good as the material on which they are based NGS would’ve liked to have the SARoNGS CA to become accredited with the IGTF like the UK e-Science CA. Not possible: –Permitted reuse of eduPersonTargetedId –Names are not published –Id Management Policies too numerous/varied –Revocation vs Lifetime Limitations of the SARoNGS Grid Credentials 14/02/2011 Slide 18

Collaboration GFIVO CUCKOO NGS SARoNGS SHINTAU VPMAN Identification UK federation OpenID Review NAMES Data Sharing ASPiS ES-LoA iREAD AGAST SPIDER Personalisation GOLDDUST DPIE2 Identity The Identity Project Past 14/02/2011 Slide 19

AIM Programme 1 st Jan 2009 to 31 st March 2011 (IdM Toolkit Pilots – Feb-Aug 2011) Focus: –Process –Policy –Technology Objectives –Build foundations for production systems that universities might adopt in the future –Prepare the sector for future developments –Improve user experience –Increase value and make AIM relevant to wider community –Enable integrated systems architecture –Develop practical tools to enable AIM 14/02/2011 | Slide 20 Exploring Innovative new areas

AIM Programme UK Access Management Federation –Support –Expand –Improve –Increase uptake Funding –Shibboleth Consortium (JISC, Internet2, SWITCH) Technical roadmap Governance mechanisms Operate open source project => Shibboleth Foundation? –Extending Access Mgmt into BCE –Publisher Support –WAYFless URLs 14/02/2011 Slide 21

AIM Projects – NGS A Proxy Credential Auditing Infrastructure for the UK e-Science National Grid Service –Develop proxy certificate auditing infrastructure that supports monitoring/auditing use of proxy credential General usage monitoring Patterns of use and prediction of misuse Exploit and harden existing software for this Globus Incubator project Extensions to support VO-specific monitoring and usage Resource-specific monitoring and usage –Demonstrate in numerous projects and roll out to NGS Case studies: nanoCMOS, ENROLLER, DAMES, NeISS projects includes usage of NGS, ScotGrid, TeraGrid, D ‐ Grid Wie Jie Thames Valley University 15 months 14/02/2011 Slide 22

AIM Projects – Web Services Fiona Culloch EDINA 12 months 14/02/2011 Slide 23 WSTIERIA (Web Services Tiered Internet Authorization ) –Make web services work with UK federation –Investigating two approaches: using “façade” to handle authentication new Shib features to invoke web service between SPs –Tested on two application domains: Geospatial web service (SEE-GEO) WebDAV (widely deployed remote file-access protocol layered on HTTP) –Community Benefit Web services interoperate with FAM Improve end-user experience by application componentization –Real components need authorization Access presently hidden web services –Discussing with MIMAS, SDSS, Shibboleth

AIM Projects – Social Net and Shib Identity and Access Management using Social Networking Technologies –FOAF is an RDF (Resource Description Framework) vocabulary mainly aimed at describing links between people and memberships –produce a functional WebID (formerly FOAF+SSL) based Authentication system for Shibboleth based IdP and an Authentication and Authorisation system for Globus based grids –Bridge to SAML/Shibboleth Converting information available in RDF into SAML attributes –e.g. WebID URI into eduPersonPrincipalName –Easy to derive membership of a project or (virtual) organisation based on the FOAF relations –Easier ad-hoc collaborations (potentially with people outside the federation too) Mike Jones University of Manchester 9 months 14/02/2011 Slide 24

Any questions? 14/02/2011 Slide 25