Case Study 2: User Registration for the Earth System Grid.

Slides:

Advertisements

Similar presentations

Lousy Introduction into SWITCHaai

Advertisements

Demonstrations at PRAGMA demos are nominated by WG chairs Did not call for demos. We will select the best demo(s) Criteria is under discussion. Notes.

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

National Center for Supercomputing Applications MyProxy and NVO or Web SSO for Grid Portals GlobusWorld 2006 Washington, DC, USA September 12, 2006 Mike.

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (

MyProxy Jim Basney Senior Research Scientist NCSA

Open Grid Computing Environments Marlon Pierce (IU) & Gopi Kandaswamy (RENCI)

Click to edit Master title style Page - 1 OneSky Teams Step-by-Step Online Corporate Communication Support 2006.

GT 4 Security Goals & Plans Sam Meder

VO Support and directions in OMII-UK Steven Newhouse, Director.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Using the Collaborative Tools in NEESgrid Charles Severance University of Michigan.

Earth System Curator Spanning the Gap Between Models and Datasets.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Digital Certificate Installation & User Guide For Class-2 Certificates.

iRequestManager for MediMizer X3

The Sports Authority Fundraising Sign-up Instructions.

Academic Technology Services The UCLA Grid Portal - Campus Grids and the UC Grid Joan Slottow and Prakashan Korambath Research Computing Technologies UCLA.

MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Data Grids: Globus vs SRB. Maturity SRB  Older code base  Widely accepted across multiple communities  Core components are tightly integrated Globus.

Grid Services at NERSC Shreyas Cholia Open Software and Programming Group, NERSC NERSC User Group Meeting September 17, 2007.

Virtual Observatory Single Sign-on U.S. National Virtual Observatory National Center for Supercomputing Applications Ray Plante, Bill Baker.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.

Internet Banking Standard and Standard-Hybrid Registration Intuit Financial Services University Internet Banking Certification Training.

High Performance Louisiana State University - LONI HPC Enablement Workshop – LaTech University,

ESP workshop, Sept 2003 the Earth System Grid data portal presented by Luca Cinquini (NCAR/SCD/VETS) Acknowledgments: ESG.

23:48:11Service Oriented Cyberinfrastructure Lab, Grid Portals Fugang Wang April 29

Computer Scoring Le Grand Concours 2011 and beyond.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

CBEO Portal Presentation 2/6/2008, 4:30pm EST SDSC Or link from

Neil Witheridge APAN29 Sydney February 2010 ARCS Authorisation Services Neil Witheridge Manager, ARCS Authorisation Services APAN29, Sydney, February 2010.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Scarlett Gibb NIH Office of Extramural Research Office of Electronic Research and Reports Management Interim Chief, eRA User Support, Training & Documentation.

All Hands Meeting 2005 BIRN Portal Architecture: Security Jana Nguyen

GO-ESSP Workshop, LLNL, Livermore, CA, Jun 19-21, 2006, Center for ATmosphere sciences and Earthquake Researches Construction of e-science Environment.

Web Portal Design Workshop, Boulder (CO), Jan 2003 Luca Cinquini (NCAR, ESG) The ESG and NCAR Web Portals Luca Cinquini NCAR, ESG Outline: 1.ESG Data Services.

The Earth System Grid (ESG) Computer Science and Technologies DOE SciDAC ESG Project Review Argonne National Laboratory, Illinois May 8-9, 2003.

The MyProxy Online Credential Repository Jim Basney NCSA

May 6, 2002Earth System Grid - Williams The Earth System Grid Presented by Dean N. Williams PI’s: Ian Foster (ANL); Don Middleton (NCAR); and Dean Williams.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Portal Update Plan Ashok Adiga (512)

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

National Computational Science National Center for Supercomputing Applications National Computational Science Integration of the MyProxy Online Credential.

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

Security Solutions Rachana Ananthakrishnan University of Chicago.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

National Energy Research Scientific Computing Center (NERSC) Visportal : interface to grid enabled NERC resources Cristina Siegerist NERSC Center Division,

Security Issues and Challenges in High Performance Grid Computing SASA SUBOTIC SASA SUBOTIC University of Pretoria.

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

Holding slide prior to starting show. Lessons Learned from the GECEM Portal David Walker Cardiff University

My Settings allows a user to manage their Business Banking personal information and preferences, including: Contact information Username and Password Security.

How to Register on Active Orders Trading Grid Company Registration

Flowserve Distributor Online Store & Portal

Flowserve Distributor Online Store & Portal

How to access the discussion page

OGCE Portal Applications for Grid Computing

Grid Computing Software Interface

Presentation transcript:

Case Study 2: User Registration for the Earth System Grid

VOiG June 2007The Globus Toolkit in Cyberinfrastructure2 The Earth System Grid

VOiG June 2007The Globus Toolkit in Cyberinfrastructure3 ESG Project Goals l Improve productivity/capability for the simulation and data management team (data producers). l Improve productivity/capability for the research community in analyzing and visualizing results (data consumers). l Enable broad multidisciplinary communities to access simulation results (end users). l The community needs an integrated cyberinfrastructure to enable smooth workflow for knowledge development: compute platforms, collaboration & collaboratories, data management, access, distribution, and analysis.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure4 The Challenge l ESG is a distributed system that genuinely requires Grid-style distributed authentication. l ESG is used by scientists who dont need to be bothered with certificates. l CHALLENGE: Provide Grid security for the system but do it in such a way that end users dont have to manage certificates themselves.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure5 Issues - Social l Ease of Use u ESG users shouldnt have to manage their own certificates. u Its too complicated, intrusive. u They dont do it well (securely). l Support u Certificate management generates a lot of user support work. l Use cases u Most ESG users are data readers, not writers. u Data producers and project funders want to know who the users are (registration), but access control among registered users is not a major requirement.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure6 Issues - Technical l Distributed System u ESG has four major data centers, each with its own security system. u Users should not have to keep track of four sets of credentials and know when to use each. u The ESG web portal needs users credentials to perform work on their behalf, so a secure mechanism for doing that is important. l Integration u ESG uses GridFTP, RLS, OpenDAPg, and GRAM to meet other system requirements, so GSI has to be supported.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure7 MyProxy l MyProxy is a remote service that stores user credentials. u Users can request proxies for local use on any system on the network. u Web Portals can request user proxies for use with back-end Grid services. l Grid administrators can pre- load credentials in the server for users to retrieve when needed. l Greatly simplifies certificate management!

VOiG June 2007The Globus Toolkit in Cyberinfrastructure8 Simple CA l A convenient method of setting up a certificate authority (CA). u The Certificate Authority can then be used to issue certificates for users and services that work with GSI and WS-Security. u Simple CA is intended for operators of small Grid testing environments and users who are not part of a larger Grid. l Most production Grids will not accept certificates that are not signed by a well-known CA, so the certificates generated by Simple CA will usually not be sufficient to gain access to production services.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure9 Scenario 1 - User Registration l The user fills out the registration web page, establishes an ID/password, and the information is stored in a database. l The administrator is sent .

VOiG June 2007The Globus Toolkit in Cyberinfrastructure10 Scenario 2 - Administrator Approval l Administrator visits the registration website and retrieves the registration data. l If the administrator approves the request, PURSE uses SimpleCA to generate a certificate and stores it in MyProxy. l The user is sent .

VOiG June 2007The Globus Toolkit in Cyberinfrastructure11 Scenario 3 - User Login l The user logs into the application website using the ID/password established during registration. l The application obtains a proxy using MyProxy. l The application uses the proxy to authenticate to Grid services.

VOiG June 2007The Globus Toolkit in Cyberinfrastructure12 Sample messages (a) confirmation step: message sent to user Date: Thu, 1 Jul :25: (MDT) From: To: Subject: ESG Registration The Earth System Grid (ESG) Portal received a request for a new user account that uses your address. Click on the link below to confirm your request (NOTE: you will not be able to login until you receive an from the portal administrator indicating your request has been approved): en=000000fd-7c62-605c-ffffdea0-766ad If you did not request this account, please inform us at esg- Thank you, ESG System Administrator (b) sent to CA operator for approval From: Date: July 1, :17:07 AM MDT To: Subject: ESG Registration A request has been made for user account on the ESG Portal. You may access the details of the request by clicking on the following link. RequestData.do?token=000000fd-2e0e-5d ac f64897be RequestData.do?token=000000fd-2e0e-5d ac f64897be Customizable

VOiG June 2007The Globus Toolkit in Cyberinfrastructure13 RA/CA Form Customizable

VOiG June 2007The Globus Toolkit in Cyberinfrastructure14 Results - ESG l Four data centers (LBNL, LLNL, NCAR, ORNL) l 700 registered users by May 2005, 2500 users in 2006, ~4000 now l Four major datasets are available, with associated code and metadata l Datasets added as they are produced l >200 journal articles published from analyses of data delivered by the ESG

VOiG June 2007The Globus Toolkit in Cyberinfrastructure15 Results - Science l ESG allows ~4000 people to work with climate model datasets. l PURSE is available from dev.Globus u Generic version for re-use u Includes portlet code developed by OGCE u Allows users to import existing credentials u Supported by dev.Globus PURSE incubator project, with funding from NSF (CDIGS, OGCE) u Used in ESG, NVO, SWEGrid l GAMA is available from SDSC. u Portlet implementation hosted by GridSphere u Allows sharing by multiple portal applications u Currently used by GEON and BIRN projects

VOiG June 2007The Globus Toolkit in Cyberinfrastructure16 A Few PURSE Lessons l It is possible (and desirable) to hide Grid security from users. u Online repositories are one way to do this. u Others options include online CAs (e.g., KCA and KX.509). l Requirements and use cases are important. u Need to know exactly what the community concerns are: what needs to be protected. u Need to clearly identify roles. l Generalizing to PURSE was not trivial. u New requirements (e.g., credential import) u Documentation and usability testing l Community support was essential. u Addition of JSR-168-compliant portlets by OGCE made a big difference in usability. u Broader community of supporters.