Portals and Credentials David Groep Physics Data Processing group NIKHEF.

Slides:

Advertisements

Similar presentations

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (

Advertisements

What does LOFAR have to do with the Virtual Observatory (VO)? LOFAR Science Day 16 December 2003 Melbourne David Barnes The University of Melbourne.

Legacy code support for commercial production Grids G.Terstyanszky, T. Kiss, T. Delaitre, S. Winter School of Informatics, University.

Globus Toolkit 4 hands-on Gergely Sipos, Gábor Kecskeméti MTA SZTAKI

SARA Reken- en Netwerkdiensten ToPoS: High-Throughput Parallel Processing Pipelines on the Grid Pieter van Beek SARA Computing and Networking Services.

Minimum intrusion GRID. Build one to throw away … So, in a given time frame, plan to achieve something worthwhile in half the time, throw it away, then.

Minimum intrusion GRID. Build one to throw away … So, in a given time frame, plan to achieve something worthwhile in half the time, throw it away, then.

Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.

Porto, January Grid Computing Course Summary of day 2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

S ELECTION OF WEB HOST AND WEB PAGE SYSTEM. W EB HOST stores all the pages of your website and makes them available to computers connected to the Internet.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

QCDgrid Technology James Perry, George Beckett, Lorna Smith EPCC, The University Of Edinburgh.

INFSO-RI Enabling Grids for E-sciencE FloodGrid application Ladislav Hluchy, Viet D. Tran Institute of Informatics, SAS Slovakia.

08/11/908 WP2 e-NMR Grid deployment and operations Technical Review in Brussels, 8 th of December 2008 Marco Verlato.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

DIRAC Web User Interface A.Casajus (Universitat de Barcelona) M.Sapunov (CPPM Marseille) On behalf of the LHCb DIRAC Team.

Functions and Demo of Astrogrid 1.1 China-VO Haijun Tian.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

QCDGrid Progress James Perry, Andrew Jackson, Stephen Booth, Lorna Smith EPCC, The University Of Edinburgh.

INFSO-RI Enabling Grids for E-sciencE Supporting legacy code applications on EGEE VOs by GEMLCA and the P-GRADE portal P. Kacsuk*,

Grid Execution Management for Legacy Code Applications Grid Enabling Legacy Code Applications Tamas Kiss Centre for Parallel.

Cracow Grid Workshop October 2009 Dipl.-Ing. (M.Sc.) Marcus Hilbrich Center for Information Services and High Performance.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

Association with the Gilda Virtual Organization Certificate,VO membership, and MyProxy Server usage.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

A PPARC funded project Workflow and Job Control in Astrogrid Jeff Lusted Dept Physics and Astronomy University of Leicester.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Getting started DIRAC Project. Outline  DIRAC information system  Documentation sources  DIRAC users and groups  Registration with DIRAC  Getting.

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

Grid Execution Management for Legacy Code Applications Grid Enabling Legacy Applications.

Cooperative experiments in VL-e: from scientific workflows to knowledge sharing Z.Zhao (1) V. Guevara( 1) A. Wibisono(1) A. Belloum(1) M. Bubak(1,2) B.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Services for advanced workflow programming.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.

Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.

Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)

Secure hardware tokens David Groep DutchGrid CA. DutchGrid CA requirements Need for automated clients –from the bioinformatics domain (NBIC BioRange/BioAssist)

INFSO-RI Enabling Grids for E-sciencE GILDA and GENIUS Guy Warner NeSC Training Team An induction to EGEE for GOSC and the NGS NeSC,

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

The SEE-GRID-SCI initiative is co-funded by the European Commission under the FP7 Research Infrastructures contract no Workflow repository, user.

Computer Hardware Software, Memory & Storage Internet & EthicsPowerPoint

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

SCI-BUS is supported by the FP7 Capacities Programme under contract nr RI Accessing Cloud Systems from WS-PGRADE/gUSE Zoltán Farkas MTA SZTAKI LPDS.

INFSO-RI Enabling Grids for E-sciencE EGEE-2 NA4 Biomed Bioinformatics in CNRS Christophe Blanchet Institute of Biology and Chemistry.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

EGEE is a project funded by the European Union under contract IST Enabling bioinformatics applications to.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Practical using WMProxy advanced job submission.

Holding slide prior to starting show. Lessons Learned from the GECEM Portal David Walker Cardiff University

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

Stephen Burke – Sysman meeting - 22/4/2002 Partner Logo The Testbed – A User View Stephen Burke, PPARC/RAL.

Grid Execution Management for Legacy Code Architecture Exposing legacy applications as Grid services: the GEMLCA approach Centre.

Developing GRID Applications GRACE Project

RI EGI-TF 2010, Tutorial Managing an EGEE/EGI Virtual Organisation (VO) with EDGES bridged Desktop Resources Tutorial Robert Lovas, MTA SZTAKI.

SAM architecture EGEE 07 Service Availability Monitor for the LHC experiments Simone Campana, Alessandro Di Girolamo, Nicolò Magini, Patricia Mendez Lorenzo,

InSilicoLab – Grid Environment for Supporting Numerical Experiments in Chemistry Joanna Kocot, Daniel Harężlak, Klemens Noga, Mariusz Sterzel, Tomasz Szepieniec.

Jens' obligatory soap box Can't be a PMA without a SoapBox A random collection of Soapy things Nicosia, Jan 2009.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

The LGI Pilot job portal EGI Technical Forum 20 September 2011 Jan Just Keijser Willem van Engen Mark Somers.

Frascati, 2-3 July 2008 Slide 1 User Management compliance testing for G-POD HMA-T Phase 2 KO Meeting 2-3 July 2008, Frascati Andrew Woolf, STFC Rutherford.

Accessing the VI-SEEM infrastructure

GGF OGSA-WG, Data Use Cases Peter Kunszt Middleware Activity, Data Management Cluster EGEE is a project funded by the European.

OGSA Data Architecture Scenarios

Introduction to the SHIWA Simulation Platform EGI User Forum,

Presentation transcript:

Portals and Credentials David Groep Physics Data Processing group NIKHEF

Presentation 12 Outline Portals all around –EGEE TCG Portal working group –Dutch BiG Grid portals

The EGEE Portal WG Started in 2007 in order to … “propose "best-practice" rules for the access of portals to the grid. […] To do so, a portal responsible should […] then to be able to register this portal certificate to a VO allowed on the grid. Once the portal have been accepted into the concerned VO, it should be able to store and access data inside the VO area, and also to run job on site accepting this VO. […]” Lead by Christophe Blanchet with others Identified a set of 5 portal scenarios, ranging from simple queries to complex workflow execution Presentation 13

Example: Christophe’s portal BLAST searches on the grid Provide Biologists with an usual Web interface: Web portal online since 1998 –46 tools & 12 updated databases –+ 9,000,000 jobs & 5,000 jobs/day Ease the access to updated databases and algorithms. –Protein databases are stored on the grid storage as flat files, encrypted if needed. –Wrapping legacy bioinformatics applications –Transparent remote access through local file-system accesses Display results in graphical Web interface. Has to complete with ‘free’ portals in the genomics community Virtually anonymous access Presentation 14

SCIAGrid portal KNMI/SRON/SARA/Nikhef effort Processing Sciamachy data –Predefined workflow –Large input data sets –Access limited to identified researchers –Raw data is actually protected as well Portal controls access through GUI –User identify use username/password –NADC processing created the workflow –Upload output data to dedicated system Jobs submitted to the grid identify themselves as a Robot Presentation 15

A Robot? A Robot What? A Robot Certificate: ‘Automated Client’ (see the old OGF document) –Identified as such in the CN “Robot: ” plus name of a human responsible With private key held on a secured hardware device As per boiler-plate text from the UK, NL and IT CP/CPSs Presentation 16

Various types of portals Questions to ask Presentation 17 From: Christophe Blanchet and TCG Portal WG

Types of Portals More Questions Presentation 18 From: Date Kelsey, TCG Portal WG

Portal Classification Classify by auth method or function? BiG Grid tried function: 1.The Web User invokes functionality on the Portal where jobs submitted to the Grid use executable code that is provided by the Portal to the Grid as part of the job submission process. All parameters and input data are defined exclusively by the Portal and cannot be influenced by the user. 2.The Web User invokes functionality on the Portal where jobs submitted to the Grid use executable code that is provided by the Portal to the Grid as part of the job submission process. The Web User may only provide run-time parameter settings from an enumerable and limitative set, and may select data files from a enumerable repository of data files that are pre-vetted for use by the Portal. 3.The Web User invokes functionality on the Portal where jobs submitted to the Grid use executable code that is provided by the Portal to the Grid as part of the job submission process. The Web User may provide run-time parameter settings from an enumerable and limitative set, and may provide non-validated input data to the executable code. 4.The Web User invokes functionality on the Portal where jobs submitted to the Grid use executable code that is provided by the Web User. Whether this code is passed through unmodified by the Portal and is submitted to the Grid as-is, or whether this code is inspected and analysed on the Portal does not change the classification of this Portal Presentation 19

And set policies for each of these cases Common elements –Should fit in the JSPG “Security and Availability Policy” Presentation 110

Function 1 portals (rendering of pages) Presentation 111 for example: render latest forecast, update a picture)

Function 2 (like Presentation 112

Function 3 (like NL-SCIA-DC on Grid) Presentation 113

Function 4 (like Genius et al.) Presentation 114

The Document and implementation Based on this interim policy, BiG Grid allows registration of Robot certificates in its Vos Two portals with robot certs now in production –NL-SCIA-DC (KNMI, SRON) –eNMR (Bijvoet Centre, UU) Contributed to JSPG for improvements to policy, see Presentation 115

From here ‘gut feeling’ requires well-identified credentials for Function1 to Function3 portals A service/host cert does not fulfill these requirements! Robot certs, issued on hardware tokens are –Simple and cheap –NL gives them out ‘for free’, supported by VL-e and BiG Grid –see for documentations and software –Well secured – and protect against abusing the keypair off the portal machine somewhere else –Middleware cannot verify ‘source of origin’ in a reliable way in a system that supports delegation (binding to a source address does not survive first delegation) Presentation 116

Wards Globally Available Robot Certs Robot certificate support needed ‘globally’ to enable compliant portals … … do you support them already? Presentation 117