How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,

Slides:



Advertisements
Similar presentations
Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.
Advertisements

Grid Initiatives for e-Science virtual communities in Europe and Latin America GISELA Achievements & Legacy (A vision into the future)
Federated access to e-Infrastructures worldwide
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n A Standard-based.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
STAR net, Resources and VOs C. Vuerli, A. Costa, U. Becciani, P. Massimino, G. Castelli.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing
EGI-InSPIRE RI EGI-InSPIRE RI User Support in IGI: Related Tools and Services in Italy EGI Technical Forum
Widening the number of e-Infrastructure users with Science Gateways and Identity Federations Giuseppe Andronico INFN -
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.
Storing digital assets on Grid/EGI FedCloud with gLibrary Giuseppe La Rocca, INFN DARIAH ERIC.
Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.
Science gateway e risultati dei progetti Europei di e-Infrastructure Roberto Barbera Univ. di Catania & INFN Riunione CCR.
Tutorial on Science Gateways, Roma, Riccardo Rotondo Introduction on Science Gateway Understanding access and functionalities.
European Grid Initiative AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Tutorial on Science Gateways, Roma, Catania Science Gateway Framework Motivations, architecture, features Riccardo Rotondo.
Rome - 24 January Earth Server EU FP7-INFRA project Scalability for Big Data Roberto Barbera - University of Catania and INFN - Italy
Introduction to Distributed Computing Infrastructures and the Catania Science Gateway Framework Roberto Barbera Univ. of Catania.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
Storing digital assets on Grid/EGI FedCloud with gLibrary Giuseppe La Rocca, INFN DARIAH ERIC.
Utilizzo di portali per interfacciamento tra Grid e Cloud Workshop della Commissione Calcolo e Reti dell’INFN, May Laboratori Nazionali del.
Co-ordination & Harmonisation of Advanced e-Infrastructures Research Infrastructures – Grant Agreement n The CHAIN project and its worldwide interoperability.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Co-funded.
Co-ordination & Harmonisation of Advanced e-Infrastructures Research Infrastructures – Grant Agreement n The CHAIN Project Federico Ruggieri, INFN.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement n° The Sci-GaIA.
The Catania Grid Engine Mr. Riccardo Rotondo Consortium GARR, Rome, Italy
REST API to develop application for mobile devices Mario Torrisi Dipartimento di Fisica e Astronomia – Università degli Studi.
Stato degli Science Gateway di Catania Roberto Barbera Univ. of Catania and INFN Riunione tecnica sul portale general purpose.
The Catania Grid Engine and some implementations of the framework Diego Scardaci INFN The Catania Science Gateway Framework.
Visita al sito di Catania RECAS Attività correlate a RECAS condotte a Catania Roberto Barbera.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.
The eCSG Mobile App Mario Torrisi INFN – Division of Catania 24 June 2013 Webinar on the eCSG 1.
Co-ordination & Harmonisation of Advanced e-INfrastructures CHAIN Worldwide Interoperability Test Roberto Barbera – Univ. of Catania and INFN Diego Scardaci.
Co-ordination & Harmonisation of Advanced e-INfrastructures Technical program: advancement & issues Roberto Barbera University.
Il Data Engine basato su standard degli Science Gateway di Catania ed altri servizi di Data Management Roberto Barbera
DARIAH EU AAI consideration K. Skala, D. Davidović, Z. Šojat Lisbon, 22 May 2015.
Web and mobile access to digital repositories Mario Torrisi National Institute of Nuclear Physics – Division of
The Catania Science Gateway Success Stories Mr. Riccardo Rotondo Consortium GARR, Rome, Italy
The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy
A Data Engine for Grid Science Gateways Enabling Easy Transfers and Data Sharing Dr. Marco Fargetta (1), Mr. Riccardo Rotondo (2,*), Prof. Roberto Barbera.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Grant.
CHAIN PMB/TB Meeting - Trieste,
Operations Management Board 19th Dec. 2013
Giuseppina Inserra INFN Catania
Extending Authentication to Members of Social Networks
Identity Federations - Overview
Grid accounting system
EMI Interoperability Activities
CHAIN-REDS computing solutions for Virtual Research Communities CHAIN-REDS Workshop – 11 December 2013 Roberto Barbera – University of Catania and.
Wrap-up and future activities Roberto Barbera (roberto.
Q&A about Science Gateways
Elisa Ingrà – Consortium GARR
The SADE mini-project of the EGI DARIAH Competence Centre
Office 365 Identity Management
CHAIN Project: a summary Giuseppe Andronico, INFN
Grid Engine Riccardo Rotondo
Grid Engine Diego Scardaci (INFN – Catania)
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Presentation transcript:

How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague, 20 September 2012

Outline  The Catania Science Gateway framework  Considerations driving current activities:  The CHAIN Worldwide Interoperability Demo  «Social» and mobile access to Science Gateways  The Science Gateway market place  Summary and conclusions 2

The Catania Science Gateway model Science Gateway Science Gateway App. 1 App. 2 App. N Embedded Applications Administrator Power User Basic User Users from different organisations having different roles and privileges Standard-based (SAGA) middleware-independent Grid Engine Standard-based (SAGA) middleware-independent Grid Engine

Summary of standards adopted  Catania Science Gateway framework builds on consolidated and widely adopted standards:  The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards)JSR 168JSR 286  The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementationsOASISSecurity Assertion Markup Language ShibbolethSimpleSAMLphp  The Lightweight Direct Access Protocol, and its OpenLDAP implementationOpenLDAP  The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementationCryptographic Token Interface Standard  The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementationOpen Grid ForumSimple API for Grid ApplicationsJSAGA 4

AuthN & AuthZ Schema AuthorisationAuthorisation Science Gateway GrIDP (“catch-all”) GrIDP (“catch-all”) IDPCT (“catch- all”) IDPCT (“catch- all”) IDP_y LDAP Register to a Service 2. Sign in Authentication Social Networks’ Bridge IdP 5

Official Identity Federations currently supported by Catania Science Gateways 6 To be created soon

eduGAIN ( 7 Catania Science Gateways are also registered as Service Providers of eduGAIN

The Grid IDentity Pool (GrIDP) ( This is an “open” Identity Federation

Identity Federations’ discovery service The normal Authentication Procedure 9 «Open» Identity Provider

Identity Federations’ discovery service The “social” Authentication Procedure 10 For more information watch

Catania Science Gateways access workflow Compliant with the EGI.eu Portal and Traceability Policies 1. sign in 3. create a proxy from an eToken server with robot certificates User 6. get the results 4. execute action 3’/4’. track user Admin 5. get output The Grid 2”. authZ eToken server 2’. authN Identity Provider User Registry 11

The «lightweight» crypto-library 12

eTokenServer MyProxy Server ask/get VOMS AC attributes VOMS Server store long proxy (*) SSL encryption get results ask for a service list/create request execute a service get the results back retrieve serials/proxy (*) The eToken server working scenario 13

The Catania Grid Engine 14 Grid Engine Users Tracking DB Science GW Interface SAGA/JSAGA API Job Engine Data Engine Users Track & Monit. Science GW 1 Science GW 2 Science GW 3 Grid MWs Liferay Portlets eToken Server New ModifiedNewModified

First set of considerations - Interoperability  Interoperability is a property referring to the ability of diverse systems and organizations to work together (inter- operate). The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to system performance;  According to ISO/IEC (Information Technology Vocabulary, Fundamental Terms), interoperability is "The capability to communicate, execute programs, or transfer data among various functional units in a manner that requires the user to have little or no knowledge of the unique characteristics of those units". 15

The CHAIN Worldwide Interoperability Demo ( 16  To demonstrate that:  e-Infrastructures can be made interoperable to each other at user application level using standards  with the meaning of interoperability given in the previous slide;  VRC-specific applications can be submitted from anywhere and run everywhere

The CHAIN Worldwide Interoperability Demo - Requirements The user interface must be only web based 2. Users must be transparently authenticated & authorised on all e-Infrastructures without any additional human/machine intervention 3. There must be the smallest possible interaction with both site managers and e-Infrastructure operators 4. No modification whatsoever of the various middleware should be required to their developers (missing JSAGA adaptors should be created)

CHAIN Demo Contributors 18

CHAIN Demo Applications ( 19 general purpose applications

CHAIN Demo Status ( 20 See the demo in action at the CHAIN booth (no. 7 in the exhibition area) and learn how to run it yourself !

Second set of considerations – Social Networks  About 1 billion people have accounts on the existing Social Networks (many of the researchers we are targeting with e-Infrastructures are among them)  Web-based social networking accounts for more than 10-15% of the total time spent online in the whole world  Social Networks’ are by far the most used (liked) virtual environments in the world 21

Catania “social” Science Gateways ( 22

Catania “social” Science Gateways (agINFRA Science Gateway as Facebook app) 23 SSO possible through the Social Networks’ Bridge IdP

24 Catania “social” Science Gateways (Italian Soil Information System – WebGIS-based and Cloud-enabled)

Third set of considerations – Mobile Access 25  More than 25% of mobile phones in the world are smartphones and the number of people connected through mobile appliances increases every year  Social networking amounts to 91% of mobile internet access, compared to 79% on desktops, and it is expected that by 2014 mobile internet should take over desktop internet usage (*)  So, mobile access to “everything” is not any more an option; it is a must and e-Infrastructures shouldn’t/won’t be an exception (*)

The “mobile” Authentication Procedure (REST API independent of the Science Gateway) 26

Example #1: the new gLibrary architecture gLibrary REST API Metadata ServicesStorage Services AuthN/AuthZ Services StoragesDatabases Identity Federations eToken Service Grid Auth Service e-infrastructure resources Science Gateways Repo 1 Repo 2 Repo 3 Discovery Service Rest API

The mobile version of the INDICATE e-Culture Science Gateway – Browse contents

INDICATE Project Meeting The mobile version of the INDICATE e-Culture Science Gateway – Download contents

INDICATE Project Meeting First prototype The mobile version of the INDICATE e-Culture Science Gateway – Annotate contents

Example #2: KLIOS mobile (klios.ct.infn.it) 31 Knowledge Linking and sharIng in research dOmainS

Big challenges are in front of us…  Now that many users can potentially access and use Catania Science Gateways, a new training and communication strategy is needed as well as a portfolio of appealing applications to attract them 32

The Science Gateway market place Users/VRCs SG Dev. Science Gateway

Survey for VRCs to propose applications ( 34

Training for Science Gateway developers  New training material:  New training tools:  New training events:  

Catania Science Gateway application developers task force 36  Argentina: 1  Brazil: 1  China: 1  Colombia: 9  Ecuador: 2  Italy: ~10  Mexico: 6  South Africa: 1  Spain: 2  Uruguay: 1  Venezuela: 7

Uptake of Catania Science Gateways 37 Users from 184 Organisations in 43 Countries

Summary and conclusions  e-Infrastructures can be very beneficial platforms for many users, provided they are really «easy to use»  Catania Science Gateways, with support for Identity Federations, Social Networks and mobile access, are changing the way Grid infrastructures are used, hugely widening their potential user base, especially non-IT experts and the “citizen scientist”, yet keeping the required security  The adoption of standards (JSR 286, SAGA, SAML, etc.) represents a concrete investment towards sustainability and allows worldwide interoperability at user application level  By design, the components of Catania Science Gateways have maximum re-usability and, indeed, they have been already adopted in/by several projects (agINFRA, DECIDE, EarthServer, EUMEDGRID-Support, GISELA, INDICATE, etc.)  If you want to join the Science Gateway market place, please contact me at 38

Thank you ! 39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.