PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer Overview Umbrella Project  Pan-EU Authentication  Proposal handling (prototype)  Coaching  Remote experiment access  Remote data access  Publications  Indico (Integrated Digital Conference)  …

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer The Umbrella Concept User UOffice2UOffice1UOffice3 Fig.1

WP2 Face to Face Meeting, August 26/ , PSI H.J. Weyer User EUU Coaching Proposals More… WUO1 Central Part Local Part Shibboleth IdP User db Affiliation db EAA WUO2WUO3

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer IT Projects  Authentication (EU-unique (identification)  Proposal handling (thousands of proposals / year)  Coaching (support of novice users)  Remote experiment login (young scientists; Fedex-style experiments)  But more than authentication (e.g. fire wall, experiment standardization, component protocols …)  Remote data access (terabytes of data)  But more than authentication (e.g. data format, catalogues …) EuroFEL Umbrella prototype Next generation Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer  Confidentiality o High competition, especially structural biology o Time-window structured access to experiments and data  User friendliness o Part-time users, small teams, no guru  Flexible, diverse solutions o Responding to diverse requests  Facility friendliness o Limited resources o Prevent any ‘bypass’ solutions  Keep local as much as possible  Distributed actions o Users: manage their personal entries o Facilities: manage their authorizations Required Solution Characteristics Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer The Umbrella components, EAA Authentication, Requirements  User friendliness  Single sign on  Unique user identification on EU scale  Full autonomy for WUO’s  Dual EAA and WUO operation  No cross-facility information exchange  Users controls his/her personal info  Facilities control full info and authorization  No specific local software  Prevent ‘special’ databases AAA ≡ Authentication+Authorization+Accounting EAA ≡ European AAA WUO ≡ Web-based User Office (local) Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer The Umbrella components, EAA Authentication, Realization  Handshake: Shibboleth, SAML  Hybrid DB, federated + central  Split of user info into central and local  Central= minimum for ID  Local= full + authorization  2-level authentication:  soft: newsletter, proposal  hard: facility access  Curation  User: registration, mutation  WUO: role assignment Uname Passw Birthday Uname Passw Birthday Phone Smail … Registrations Facility Roles … Phone Smail … Registrations Facility Roles … Facility A B C Local Central AAA ≡ Authentication +Authorization +Accounting EAA ≡ European AAA WUO ≡ Web-based User Office (local) Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer EAA and WUO’s  WUO to EAA No automatic migration User see’s the EAA option on his local WUO and registers once on EAA May need to get a new Pan-EU user name (prevent multiple user names, nightmare for users!) But user can stay on WUO  EAA to WUO User decides where to go Login to new WUO: can pull his personal info stored at another WUO and push it to the new. Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer The Umbrella components, EUU Proposal handling Proposer info Time request … Beamline Sample Proposer info Time request … Beamline Sample Goal Method Results Prev. Work … Goal Method Results Prev. Work … General Local UUU ≡ Unified User Umbrella EUU ≡ EuroFEL UUU (prototype) WUO ≡ Web-based User Office (local)  EUU: export, modify, and submit  Local (facility-specific) and general (scientific) part  Flexibility and confidentiality  Export-type mechanism: up-to-date format  Work on formal agreement  Local WUOs stay fully autonomous  No specific local software Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer The Umbrella components EUU Coaching  Support of novice users FAQ (static) Coaching (dynamic)  Structured tool  Advice only  Responsibility always with user  Category tree  Experienced coaches needed Protected against excessive load But free to identify themselves Limited number of iterations  Coaches honored on peer basis  Interesting questions to FAQ db  Support of beamline managers Umbrella Project User Coordinator Coach 1Coach n… FAQ db

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer EuroFEL Authentication and Authorization (EAA) Interface to Central DB Central EAA Tool Interface to Affiliation DB Interface to WUO DB Parallel WUO And EAA Operation Adaption of WUO part User Update service Basic Communication Protocol Local WUO Update service WUO ≡ Web-Based User Office ( local) EAA ≡ EuroFEL Authentication EuroFEL Authentication

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer EuroFEL Unified User Umbrella (EUU) Communication protocol Interface to DUO WUO‘s Interface to Affiliation DB Interface to EAA Dialog With user Transfer Proposal to WUO Export proposal From WUO Unified User Umbrella and Coaching EuroFEL Coaching Interface to Affiliation DB Interface to Affiliation DB Interface to Affiliation DB Interface to SMIS WUO‘s WUO ≡ Web-Based User Office, existing local user office DUO ≡ WUO as developed at PSI SMIS ≡ WUO as developed at ESRF EAA ≡ EuroFEL Authentication

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer Proposed EUU/EAA Roadmap EAA (European Authentication and Authorization) Planning / DesignEUU (European User Umbrella)Prototype readyImplementation 0.5 FTE0.1 FTE EuroFEL / WP2 0.5 FTE

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer Status and Outlook (September 2010)  Architecture document + road map for prototype ready  Start development of 1 st - generation Umbrella prototype  Shibboleth  deadline March 31, 2011  Discussion 2 nd -generation Umbrella (remote functionalities)  ‘Actors’: o PaN-Data o EuroFEL o ESFRI-Cluster o HDRI Helmholtz  Tools: o GRID? o Specific development?  Type: o Facility-friendly + user-friendly o Two-level?  Slim, simple  Strong, full-beauty IT Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer Science-political issues Facilities  Limited manpower  (Ideally) no additional load  No central octopus  Open-heart operation  WUO and EAA parallel operation  no dependence on new system, in principle could go back  Cooperation and competition  No central storage of proposals  Minimum central storage of user info (only for unique ID)  No X-facility exchange of authorization info  No X-facility access to personal user info  Distributed responsibility?  Event logging and confidentiality  To GRID or not to GRID  how much to modify?  support from GRID community?  must it be GRID? Or other system, e.g. Cloud?  Umbrella for GRID ad Cloud? Umbrella Project

PaN-Data Meeting, October 4/5, 2010, Berlin Gen H.J. Weyer Science-political issues Users  Be friendly to IT-skilled users  Cope with occasional, few-times-per-year users  Cope with multi-facility users  No central octopus  Allow multi-level authentication (soft, hard)  No need for special software at user site  Few-month stands  Allow flexible definition of research teams, responsibility delegated to spokespersons  Time-windowed access to experiment data  PhD-Students and Postdocs  Quick registration of users  Foresee remote experiment access  Greenhorns  Coaching Umbrella Project