FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Satellite Database Federations on GEO Grid Portal Naotaka YAMAMOTO AIST Taiwan Mar. 12,

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

Introduction of Grid Security

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Eduserv Athens Federations David Orrell Eduserv Athens Technical Architect.

The National Grid Service and OGSA-DAI Mike Mineter

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

Sensor Asia Development Progress HONDA Kiyoshi Asian Institute of Technology / Mie University Aadit Shrestha, Rassarin Ch., NGUYEN Duy Hung Asian Institute.

Toward Production Level Operation of Authentication System for High Performance Computing Infrastructure in Japan Eisaku Sakane and Kento Aida National.

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

Federation of Campus PKI and Grid PKI for Academic GOC Management Conformable to APGrid PMA National Institute of Informatics, JAPAN Toshiyuki Kataoka,

Password?. Project CLASP: Common Login and Access rights across Services Plan

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

October 17, 2011 Sapporo Convention Center GEO Grid Workshop 1.

Towards Cloud Federations: what we have; what we want OGF 31, Taipei Cloud security session Jens Jensen Science and Technology Facilities Council Rutherford.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Sergey Belov, Tatiana Goloskokova, Vladimir Korenkov, Nikolay Kutovskiy, Danila Oleynik, Artem Petrosyan, Roman Semenov, Alexander Uzhinskiy LIT JINR The.

FIM-ig Federated Identity Management Interest Group.

Federated A(A(A))I Jens Jensen hepsysman, RAL,

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Belnet Federation Belnet – Loriau Nicolas Brussels – 12 th of June 2014.

2005 © SWITCH Perspectives of Integrating AAI with Grid in EGEE-2 Christoph Witzig Amsterdam, October 17, 2005.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

1 For understanding the earth - Concept and System to integrate Global Earth Observation data - The 4 th ADC meeting May 14 th, 2007 National.

Introduction of NAREGI-CA National Institute of Informatics JAPAN Toshiyuki Kataoka, July 19, 2006 APAN Grid-Middleware Workshop, Singapore.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

1 UPKI-Federation based on Shibboleth National Institute of Informatics Motonori Nakamura Toshiyuki Kataoka, Kyoto University Yasuo Okabe.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

1 Earth System Grid Center for Enabling Technologies ESG-CET Security January 7, 2016 Frank Siebenlist Rachana Ananthakrishnan Neill Miller ESG-CET All-Hands.

Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.

GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.

University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.

Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

Project Moonshot Daniel Kouřil EGI Technical Forum

Authentication and Authorisation for Research and Collaboration Michał Jankowski, Maciej Brzeźniak AARC General Meeting, Utrecht.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

1 Introduction of Grid Yoshio Tanaka, Naotaka Yamamoto AIST.

Virtual Organisations and the NGS Mike Jones Research Computing Services e-Science & “The Grid” for Bio/Health Informaticians, IT January 2008.

WLCG Update Hannah Short, CERN Computer Security.

AAI for a Collaborative Data Infrastructure

CheckIn: the AAI platform for EGI

ESA Single Sign On (SSO) and Federated Identity Management

Some data about the CBIC Federation

Community AAI with Check-In

FEUDAL Uros Stevanovic Federated User Credential Deployment Portal SA1

TeraGrid Identity Federation Testbed Update I2MM April 25, 2007

Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.

Presentation transcript:

FIM-related activities and issues being discussed in Japan 1.GEO Grid Yoshio Tanaka (AIST) 2.HPCI, GakuNin Eisaku Sakane, Kento Aida (NII)

Global Earth Observation (GEO) Grid Grid-based Infrastructure Provide data via OGC Standards Web2.0 based User Interface

3 TDRS Terra/ASTER ERSDIS/NASA APAN/TransPAC GEO Grid Cluster L0 Data GIS server WFSWCS Maps map server WMS Meta data catalogue/ metadata server CSW OGSA DAI GRAMGridFTP gateway server Storage (DEM) portal server GSI + VOMS GSI + VOMS Account DB account (GAMA) server VO DB VO (VOMS) server user login credential GET query exec username/password OpenID X.509 Certificate Current Grid-based Implementation of ASTER Data Services

4 Towards Cloud-based implementation GEO Grid is in operation supporting academic users, but there is a strong demand for make easy federation of satellite data for business use. Re-designing GEO Grid security GSI does not fit well with Web services and clouds. GSI is still not easy to install/configure, especially at the server side. Basic idea is to use OpenID + OAuth2.0 (OpenID Connect)

5 Issues being discussed related FIM LoA of OpenID providers Do we need a common guidelines/profiles for both IdP and AuthZ Services as IGTF did? The answer must be yes, but who and how do we do this? How do we connect to HPCI (High Performance Computing Infrastructure) which is based on GSI? Technically possible (e.g. SLCS/MICS), but not easy in policy level. What are the issues to be solved? I believe that these issues are described in the FIM document and look forward to keep in touch.

HPCI in Japan High Performance Computing Infrastructure (HPCI)  national project promoted by Ministry of Education, Culture, Sports, Science and Technology (MEXT) in Japan  distributed computing infrastructure for high performance computing “K computer”, supercomputers and high performance storage  first production level infrastructure for high performance computing in Japan Roadmap – Mar 2011basic design network, authentication, user management, shared storage, testbed for advanced software  Apr – Dec 2011 detailed design  Jan – Aug 2012test operation  Sep 2012 –production level operation

portal CA system shib. SP shared storage single sign-on apply certificate authentication network infrastructure computer resource shib. IdP shib. IdP shib. IdP shib. IdP shib. IdP shib. IdP HPCI acct. HPCI ID registration review proposals user management certificate repository HPCI Overview (at Sep. 2012) More resources will be connected after AICS, U. Tokyo NII HPCI Secretariat （ organized in 2011 ） acct. registration helpdesk computer resource computer resource AICS (K-computer) Supercomputer Centers in 9 Universities

Authentication The goal is enabling single sign-on computer resources and shared storage in HPCI. survey of existing software technologies and operation of grid infrastructures account management  centralized or distributed? user portal HPCI acct/password login to computers access to shared storage single sign-on % gsi-ssh host.univ.ac.jp (1)sign-on the portal with HPCI acct. (2) ssh login to computers without password

Shibboleth + GSI Shibboleth for account management of HPCI  HPCI account = account to sign-on HPCI  federation of HPCI accounts managed in distributed way using Shibboleth Supercomputer centers play the role of IdP. NII plays the role of SP that provides a certificate issuance. A user has a HPCI account in one supercomputer center. Grid Security Infrastructure (GSI) for single sign-on  de facto in grid communities  enabling single sign-on using PKI  creating proxy certificate and delegation  mapping “Distinguished Name (DN)” in a client certificate and a local account name (LN) in supercomputer centers

学認 GakuNin Academic Access Management Federation in Japan A federation for academic e-resources  universities who are users of academic e-resources  organizations like publishers, who are providers of such e-resources E Journal Issuance of certificate, e.g., server certificate Issuance of account, e.g., wireless LAN e-Learning On-campus system This federation is realized by Shibboleth.  35 IdPs and about 60 SPs in production level  about 60 IdPs in test

Issues Federation between GakuNin and HPCI  Can users of HPCI access academic services provided in Gakunin? HPCI users are not only academic but also industrial.  Some users of supercomputer may have two IDs for on-campus system and supercomputer. Currently, each ID is managed independently because a supercomputer center in a university provides resources to not only users belonging to same university. Should these be unified? Can these be unified? Credential translation between GeoGrid and HPCI  9 supercomputers & NII: Shibboleth + GSI  GeoGrid: OpenID connect We plan to evaluate a translation service provided by GakuNin, which translates Shibboleth credential to OpenID connect credential.