Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.

Slides:

Advertisements

Similar presentations

National Center for Supercomputing Applications MyProxy and NVO or Web SSO for Grid Portals GlobusWorld 2006 Washington, DC, USA September 12, 2006 Mike.

Advertisements

September 13, 2004NVO Summer School1 VO Protocols Overview Tom McGlynn NASA/GSFC T HE US N ATIONAL V IRTUAL O BSERVATORY.

8 September 2008NVO Summer School 2008 – Santa Fe1 Publishing Data and Services to the VO Ray Plante Gretchen Greene T HE US N ATIONAL V IRTUAL O BSERVATORY.

MyProxy Jim Basney Senior Research Scientist NCSA

GT 4 Security Goals & Plans Sam Meder

A PPARC funded project AstroGrid Framework Consortium meeting, Dec 14-15, 2004 Edinburgh Tony Linde Programme Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

CASDA Virtual Observatory CSIRO ASTRONOMY AND SPACE SCIENCE Arkadi Kosmynin 11 March 2014.

The Anatomy of the Grid: An Integrated View of Grid Architecture Carl Kesselman USC/Information Sciences Institute Ian Foster, Steve Tuecke Argonne National.

MyProxy: A Multi-Purpose Grid Authentication Service

High Performance Computing Course Notes Grid Computing.

Using Sakai to Support eScience Sakai Conference June 12-14, 2007 Sayeed Choudhury Tim DiLauro, Jim Martino, Elliot Metsger, Mark Patton and David Reynolds.

14 October 2003ADASS 2003 – Strasbourg1 Resource Registries for the Virtual Observatory R.Plante (NCSA), G. Greene (STScI), R. Hanisch (STScI), T. McGlynn.

Updated SkyMouse and Suggestions to VO Service Developers HuaPing SUN, Chenzhou CUI China-VO National Astronomical Observatory of China.

PKI Single Sign On & Auto Provisioning Frank Siebenlist (ANL) Rachana Ananthakrishnan (ANL) Charles Bacon (ANL)

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.

The Web 2.0 and the NOAO NVO Portal Christopher J. Miller Data Products Program CTIO/NOAO.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

Globus 4 Guy Warner NeSC Training.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

The Japanese Virtual Observatory (JVO) Yuji Shirasaki National Astronomical Observatory of Japan.

How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009.

Dec 2, 2014 MAST Data Discovery Portal Tom Donaldson Tony Rogers.

WSRF Supported Data Access Service (VO-DAS)‏ Chao Liu, Haijun Tian, Dan Gao, Yang Yang, Yong Lu China-VO National Astronomical Observatories, CAS, China.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

ESP workshop, Sept 2003 the Earth System Grid data portal presented by Luca Cinquini (NCAR/SCD/VETS) Acknowledgments: ESG.

PLoS ONE Application Journal Publishing System (JPS) First application built on Topaz application framework Web 2.0 –Uses a template engine to display.

OEI’s Services Portfolio December 13, 2007 Draft / Working Concepts.

A PPARC funded project AstroGrid Intro & Demo John Taylor Institute for Astronomy, Edinburgh.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

The Grid System Design Liu Xiangrui Beijing Institute of Technology.

CYBERINFRASTRUCTURE FOR THE GEOSCIENCES Data Replication Service Sandeep Chandra GEON Systems Group San Diego Supercomputer Center.

CAS Lightning Talk Jasig-Sakai 2012 Tuesday June 12th 2012 Atlanta, GA Andrew Petro - Unicon, Inc.

Federation and Fusion of astronomical information Daniel Egret & Françoise Genova, CDS, Strasbourg Standards and tools for the Virtual Observatories.

Federated Discovery and Access in Astronomy Robert Hanisch (NIST), Ray Plante (NCSA)

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

IODE Ocean Data Portal - ODP  The objective of the IODE Ocean Data Portal (ODP) is to facilitate and promote the exchange and dissemination of marine.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The International Virtual Observatory Alliance (IVOA) interoperability in action.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

25 April 2005NVO Team Meeting - Tucson1 Interoperable Authentication And Authorization for the VO T HE US N ATIONAL V IRTUAL O BSERVATORY Background: Single.

1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

1 Gateways. 2 The Role of Gateways  Generally associated with primary sites in ESG-CET  Provides a community-facing web presence  Can be branded as.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Introduction to the VO ESAVO ESA/ESAC – Madrid, Spain.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Introduction to Terra Dotta Applications Integration with Campus Data Systems for institutions beginning their software implementation.

Introduction: AstroGrid increases scientific research possibilities by enabling access to distributed astronomical data and information resources. AstroGrid.

Developing our Metadata: Technical Considerations & Approach Ray Plante NIST 4/14/16 NMI Registry Workshop BIPM, Paris 1 …don’t worry ;-) or How we concentrate.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

The FederID project The First Identity Management and Federation Free Software.

Data Grids, Digital Libraries and Persistent Archives: An Integrated Approach to Publishing, Sharing and Archiving Data. Written By: R. Moore, A. Rajasekar,

Data and Applications Security Developments and Directions

Welcome to the 20th Anniversary of the IUG

MyProxy and NVO or Web SSO for Grid Portals

ESA Single Sign On (SSO) and Federated Identity Management

Presentation transcript:

Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop What is the Virtual Observatory? Network-based environment for doing astronomical research Worldwide federation of archives and services – Interoperate using standards – Standards body: International Virtual Observatory Alliance A community of separately-funded projects – U.S. National Virtual Observatory – 15 other national VOs

What is the Virtual Observatory?

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Virtual Observatory Standards Data Models and Formats Images, Spectra, Tables Metadata, Catalogs Service Protocols Data Discovery and Access Authentication Analysis services Remote Storage

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Data Discovery—What’s available? Registry: Search based on subject DataScope: Search by sky position Open Sky Server: Cross-correlation of catalogs Data Access Common interfaces for searching contents of archives Portals Provide friendly browser-based access to services Virtual Observatory Services

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop There are many portals Each specialized for a target community Distributed; managed by a variety of institutions Most resources are open & free Some are not –for example 1-year proprietary period But users want the same tools for open and proprietary data, and to mix data Users derive new proprietary datasets Need secure remote storage Virtual Observatory Portals VOSpace Remote Storage VO TAP Remote Science Database

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop VOSpace Remote Storage VO TAP Remote Science Database Centralized Authentication Simple for Users Single identity for multiple services Supports Developers Provide toolkit, documentation, support Built-in security (don’t have to worry about mistakes; never see password) Facilitates Community Share user identity among services and portals Interoperate smoothly with open resources Delegation to enable complex workflows

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Authentication Issues Weak vs. Strong Weak authn: I am the same person each time Strong authn: I really am who I claim to be –Rely on existing ID verification systems Privacy Give users control over what to share with portals Developers, developers Goal: Foster the creation of portals and services

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Web Sign-on Mechanisms Pubcookie (Web SSO Software) Web SSO; NCSA added MyProxy integration Mature but not standards-based Apache or IIS module (requires root) OpenID Standard; Gaining widespread adoption Many toolkits exist; doesn’t require web server integration NVO is in Alpha, rolling out to first customer soon (still need to implement credential delegation though)

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Web Sign-on Auxiliaries Registration PuRSe—evolved, re-written, patched Provides user services (password reminder, etc.) Logging (Under Development) To take the place of old local authentication logs Privacy—admins should only see “their” users Correlation—track a user’s path through invitation, registration, confirmation, login

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Lessons Learned Toolkits are important Pubcookie can be hard to debug Globus is big to install—our devs prefer a self-contained MyProxy client People like their languages: OpenID is available in Perl, Python, Java, C, Ruby … High Availability Never be down when a portal is up Redundancy is hard work

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Lessons Learned Need logging—accessible, expressive, private For every production server, there are several development servers to support Most portals only need identity We are still getting used to it “I went to a DES URL but got an NVO login page”

Virtual Observatory Single Sign-onCILogon – Fall 2009 Workshop Work in Progress Smoothing out OpenID wrinkles – Delegation – User Interface – Library Support Implementing Logging Service Questions / Comments?