Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr.

Slides:

Advertisements

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Advertisements

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

Gateway Transition Issues TeraGrid 10, August 2-5, 2010.

User Services Transition To XD TG Quarterly Management Meeting, San Juan 12/7/2010 Amit & Sergiu.

User Introduction to the TeraGrid 2007 SDSC NCAR TACC UC/ANL NCSA ORNL PU IU PSC.

TG09 Gateway Face to Face Please make yourself comfortable at the front of the room! Nancy Wilkins-Diehr TeraGrid Area Director for Science Gateways

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

(e)Science-Driven, Production- Quality, Distributed Grid and Cloud Data Infrastructure for the Transformative, Disruptive, Revolutionary, Next-Generation.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

Core Services I & II David Hart Area Director, UFP/CS TeraGrid Quarterly Meeting December 2008.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Jon Siwek Von Welch Nancy Wilkins-Diehr.

Science Gateways Objectives aka Nancy’s Brave New Gateway World Quarterly Meeting, December 6-7, 2007.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GIG Software Integration: Area Overview TeraGrid Annual Project Review April, 2008.

TeraGrid Information Services December 1, 2006 JP Navarro GIG Software Integration.

GIG Software Integration Project Plan, PY4-PY5 Lee Liming Mary McIlvain John-Paul Navarro.

TeraGrid Information Services John-Paul “JP” Navarro TeraGrid Grid Infrastructure Group “GIG” Area Co-Director for Software Integration and Information.

SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.

Progress on TeraGrid Stability for the LEAD project.

TeraGrid Information Services JP Navarro, Lee Liming University of Chicago TeraGrid Architecture Meeting September 20, 2007.

National Center for Supercomputing Applications The Computational Chemistry Grid: Production Cyberinfrastructure for Computational Chemistry PI: John Connolly.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.

CTSS 4 Strategy and Status. General Character of CTSSv4 To meet project milestones, CTSS changes must accelerate in the coming years. Process –Process.

TeraGrid VO Support and Plans for AAA Testbed Dane Skow, Deputy Director TeraGrid University of Chicago / Argonne National Laboratory Internet2 Member.

GRAM5 - A sustainable, scalable, reliable GRAM service Stuart Martin - UC/ANL.

1 PY4 Project Report Summary of incomplete PY4 IPP items.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Kelly Gaither Visualization Area Report. Efforts in 2008 Focused on providing production visualization capabilities (software and hardware) Focused on.

Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.

TeraGrid Quarterly Meeting Dec 5 - 7, 2006 Data, Visualization and Scheduling (DVS) Update Kelly Gaither, DVS Area Director.

TeraGrid Privacy Policy: What is it and why are we doing it… Von Welch TeraGrid Quarterly Meeting March 6, 2008.

TeraGrid CTSS Plans and Status Dane Skow for Lee Liming and JP Navarro OSG Consortium Meeting 22 August, 2006.

Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

TeraGrid Extension Gateway Activities Nancy Wilkins-Diehr TeraGrid Quarterly, September 24-25, 2009 The Extension Proposal!

TeraGrid NOS Turnover Jeff Koerner Q meeting December 8, 2010.

TeraGrid Quarterly Meeting Arlington, VA Sep 6-7, 2007 NCSA RP Status Report.

1 NSF/TeraGrid Science Advisory Board Meeting July 19-20, San Diego, CA Brief TeraGrid Overview and Expectations of Science Advisory Board John Towns TeraGrid.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

© 2006 The University of Chicago Team Science, Team Scholarship Tom Barton Chad Kainz.

NOS Report Jeff Koerner Feb 10 TG Roundtable. Security-wg In Q a total of 11 user accounts and one login node were compromised. The Security team.

User-Facing Projects Update David Hart, SDSC April 23, 2009.

Education, Outreach and Training (EOT) and External Relations (ER) Scott Lathrop Area Director for EOT Extension Year Plans.

2005 GRIDS Community Workshop1 Learning From Cyberinfrastructure Initiatives Grid Research Integration Development & Support

Data, Visualization and Scheduling (DVS) TeraGrid Annual Meeting, April 2008 Kelly Gaither, GIG Area Director DVS.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

NCSA RP Update John Towns. NCSA Resource updates Cobalt –CXFS update Lincoln –production since mid-March –final configuration 192 compute nodes – Dell.

Education, Outreach and Training (EOT) Scott Lathrop Area Director for EOT February 2009.

TeraGrid User Portal Migration Project Summery Jeff Koerner Director of Operations TeraGrid GIG Matt Heinzel Director TeraGrid GIG September 2009.

Gateway Security Summit, January 28-30, 2008 Welcome to the Gateway Security Summit Nancy Wilkins-Diehr Science Gateways Area Director.

TeraGrid QA/INCA Turnover Jeff Koerner Q meeting December 8, 2010.

Quality Assurance (QA) Working Group Update July 1, 2010 Kate Ericson (SDSC) Shava Smallen (SDSC)

CTSS Rollout update Mike Showerman JP Navarro April

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009.

TeraGrid 08 The Third Annual TeraGrid Conference Las Vegas, NV June 9–13, 2008 Tom Scavo, Jim Basney, Terry Fleury, Von Welch.

Software Integration Highlights CY2008 Lee Liming, JP Navarro GIG Area Directors for Software Integration University of Chicago, Argonne National Laboratory.

Visualization Update June 18, 2009 Kelly Gaither, GIG Area Director DV.

TG ’08, June 9-13, State of TeraGrid John Towns Co-Chair, TeraGrid Forum Director, Persistent Infrastructure National Center for Supercomputing.

Common User Environments - Update Shawn T. Brown, PSC CUE Working Group Lead TG Quartely 1.

TeraGrid’s Process for Meeting User Needs. Jay Boisseau, Texas Advanced Computing Center Dennis Gannon, Indiana University Ralph Roskies, University of.

Quarterly Meeting Spring 2007 NSTG: Some Notes of Interest Adapting Neutron Science community codes for TeraGrid use and deployment. (Lynch, Chen) –Geared.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

TeraGrid Software Integration: Area Overview (detailed in 2007 Annual Report Section 3) Lee Liming, JP Navarro TeraGrid Annual Project Review April, 2008.

TeraGrid Accounting System Progress and Plans David Hart July 26, 2007.

TeraGrid 08 Tom Scavo, Jim Basney , Terry Fleury, Von Welch

A Grid Authorization Model for Science Gateways

Presentation transcript:

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr

Gateway Objectives for PY4 and 5 TeraGrid integration will be straightforward for new and existing gateway developers There will be a set of easy to discover general services provided by and for Gateways The targeted support program will be well- organized We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users There will be a funded cross-directorate gateway program at the NSF Presented December, 2007

We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users A unique identifier for each end gateway user per community account must exist in TGCDB Gateways will need to transmit and TGCDB will need to receive this additional identifier through any job submission mechanism Attribute-based authentication in production and easy to use Presented December, 2007

How will we meet those goals? Attribute-based authentication –In our case, GridShib for Globus –Fantastic documentation and assistance Thanks Jim Basney, Tom Scavo, Terry Fleury – =Science_Gateway_Credential_with_Attributeshttp:// =Science_Gateway_Credential_with_Attributes

How have we been moving toward those goals in 2008? Q108 –GridShib SAML Tools released for gateways with documentation –Successfully tested VOMS/SAML for OSG/TG interop –GridShib for Globus Toolkit released for RPs Q208 –TeraGrid 08 Tutorial, poster, BoF, demo for gateways at working group meeting –GridShib SAML integrated into SimpleGrid Q308 –Provided a testing mechanism for Science Gateways to verify they are including attributes correctly ( –Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team –Published GridShib configuration file for TG RPs Q408 –Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs –Engage with additional Science Gateways to incorporate attributes into their job submissions –Update GT GRAM Audit capabilities to support recording of gateway job attributes

How will this be made available at RP sites? science-gateway CTSS kit, which includes commsh –NCSA-developed, PSC-enhanced tool to restrict community accounts – GridShib for Globus Toolkit –NCSA-developed tool to collect, process, store and log attributes Future TG-specific efforts will store these in the TGCDB – Kit name for information services lookup at –science-gateway.teragrid.org Installation instructions – registration/README.install

Who’s expressed interest in deploying the gateway kit in PY4? ResourceSGW Support IU BigRedX IU Quarry LONI QueenBeeX NCAR Frost NCSA AbeX NCSA CobaltX NCSA MercuryX NICS Kraken ORNL NSTGX PSC BigBenX PSC PopleX Purdue CondorX Purdue SteeleX SDSC DTFX TACC LoneStarX TACC MaverickX TACC RangerX UC/ANL DTFX UC/ANL VisX Results of survey conducted by Lee Liming and team, sent to tg-leads 8/13/08

Who’s expressed interest in testing the gateway kit in PY4? ResourceSGW Support TACC LoneStarX NCSA MercuryX This talk is to remind the TeraGrid team of the higher level goals and the importance of the work and generate interest in testing so we can meet our goals!

Ambitious, but achievable goal By September, 2009 all jobs submitted by community accounts will include attributes with unique user identifiers to be stored in the TGCDB Next steps –RP testing through Feb 2009 –Globus Toolkit released Feb 2009 –Capability Kit V2 released Mar 2009 –Production installations of Capability Kit V2 –6-month gateway transition – March through August News postings, education process, log analysis to identify who still needs to make the switch, lots of support –Big party in September!

What would we like to happen next? More RPs for testing –What does testing mean? (identify a node, install Capability Kit V1, work one-on-one with NCSA to test) –What’s the impact on a site? (admin needed to install and test GT GridShib for GT) –What’s the impact on Globus performance? (negligible) –Real focus on this through February More gateways for testing –GISolve, nanoHUB and SimpleGrid have done some tests already Nancy, Stu can identify gateways –Real focus on this, increasing over the summer Where do you sign up? – (RPs) or –Help is available!

Community Account Usage by Site in 2008 Over 2M CPU hours used by community accounts in 2008

Quarterly Meeting Attribute-based Access for Science Gateways Jan-Mar –Released GridShib SAML Tools v with documentation for gateways Added support for tracking community user attributes (username, IP address, address, and authentication timestamp) –Tested VOMS-SAML compatibility with Steve Purdue All discovered issues resolved in GridShib SAML Tools v0.3.2 release –Prepared GridShib for Globus Toolkit v0.6.0 for RP deployment Added support for parsing and logging community user attributes Added support for blacklisting users based on IP and Science Gateway Identity as requested by Security-WG Tested against CTSS4

Quarterly Meeting Attribute-based Access for Science Gateways Apr-Jun Accomplishments –Presented GridShib TeraGrid work at GlobusWorld 2008 (Oakland) –Participated in TeraGrid 08 conference Contributed to Building Science Gateways tutorial Presented a digital poster Organized a BoF –GridShib SAML Tools v0.4.1 integrated into SimpleGrid –Initiated process to integrate GridShib for GT into CTSS –Work to store community user attributes in TGCDB for counting gateway users –Released GridShib SAML Tools v with documentation for gateways Modified as needed for GridShib-SimpleGrid integration –Submitted abstract for UK eScience All Hands workshop on Information Assurance ( - accepted Jul 8http://

Imaginary October quarterly, October, 08 Gateway User Count Jul-Sep 2008 Accomplishments –Provided a testing mechanisms for Science Gateways to verify they are including attributes correctly –Prepared GridShib software for CTSS Gateway Capability Kit GridShib SAML Tools v GridShib for GT v –Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team –Published GridShib configuration file for TG RPs –Basney and Shelmire presented “TeraGrid Science Gateways: Scaling TeraGrid Access” at the UK e-Science All Hands Meeting

Gateway User Count Oct-Dec 2008 Plans –Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs –Engage with additional Science Gateways to incorporate attributes into their job submissions –Update GT GRAM Audit capabilities to support recording of gateway job attributes This is the next step in the end-to-end gateway user count goal Imaginary October quarterly, October, 08