Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC

Overview Update on developments since last workshop Federated Identity for the Cloud – Use case from two contrasting scenarios Vision Summary – What is the vision for this community – What are the issues we face and challenges we wish to address Philip Kershaw

Update from Last Workshop Earth System Grid Federation (ESGF): – a software infrastructure deployed in the first instance to support CMIP5 CMIP5, a globally co-ordinated set of climate model experiments organised under the WCRP ESGF – Globally federated archive ~2.5Pb – 25k users worldwide (not just CMIP5) Security Architecture – Dual SSO methods supported: OpenID and MyProxyCA – SAML interfaces for attribute and authorisation queries ESGF now being deployed for other Earth science data – Earth observation and regional model data EGI – INSPIRE: – Project to enable access to ESGF resources via EGI – An inter-federation trust challenge Philip Kershaw

Federated Identity for Cloud: two contrasting scenarios CEMS (Climate and Environmental Monitoring from Space) – A UK facility for climate change and environmental science using satellite data and services. – Builds on ISIC (International Space Innovation Centre) public private partnership – A focal point for science, government and commercial user communities. – Data quality and integrity services and expertise – Data hosting and processing facilities FP7 funded project over three years Develop Federated cloud infrastructure: – An abstraction layer to manage resources over multiple cloud providers Platform as a Service solutions Virtual Infrastructure Networks Federated file system SLA negotiation Federated security Build on Open Source cloud solutions Philip Kershaw

CEMS Architecture Public and Commercial Cloud Infrastructure Hardware – data storage [NCEO and Commercial Data] and processing App 2 App 3 App N App 1 … Business and research user communities Data Access Quality Services Core Services Applications Cloud Management Services Data Processing

CEMS: Federated Identity Challenges Access control is needed to enforce: – Licence agreements – Project restrictions – pay-for services? Federate identity needed to bridge: – academic and commercial organisations Bridging independent domains: – How to manage trust? – Communication of levels of assurance – Middleware to bridge independent access control infrastructures Integration with off-the-shelf cloud infrastructure Philip Kershaw

CONTRAIL: Federated Identity Challenges Layered architecture: federation abstracts individual providers and their resources Single sign-on on two axes: external to federation and federation to provider Credential management challenge: Resources may be long lived (e.g. a VM) but dynamically provisioned – Virtual infrastructure networks may require dynamic creation of CAs Philip Kershaw

Climate Sciences: Vision Statement Project-oriented vs. ‘national’ federated identity management infrastructure – Projects require attributes scoped within the project’s domain covering multiple IdPs and possibly federations – Can IdPs be expected to support attributes needed for multiple projects? – Project-wide attribute authorities needed to manage project attributes – Challenging to leverage national infrastructure for international projects! Inter-federation and bridging technologies – Management of levels of assurance between independent domains – Provenance of credentials Policies and trust – The lack of clear policy statements can inhibit the ability to interoperate with other established systems. – Newer communities need to see the value of policies Cloud and virtualisation are creating new challenges – Dynamic provision of credentials for long lived resources Philip Kershaw