Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy

Published byBrent Mosley Modified over 8 years ago

Similar presentations

Presentation on theme: "The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy"— Presentation transcript:

1 The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy riccardo.rotondo@garr.it.

2 Outline Introduction The Catania Science Gateway framework: o Architecture o Authentication and Authorisation Schema o Access workflow o The Catania Grid Engine OGF35, Delft (NL), 18 Jun 20122

3 The eResearch2020 report (http://www.eresearch2020.eu/eResearch%20Brochure%20EN.pdf) Some barriers in the adoption of Grids: o Changes on Grids means changes on applications o Time required to adapt usual workflows o Lack of structure to support anonymous access o Download and installation of applications o Interface o Slow to get to compared to other resources o Difficult to use in the beginning o Time spent to get the application compiled and running OGF35, Delft (NL), 18 Jun 20123

4 Using Grids is not straightforward  OGF35, Delft (NL), 18 Jun 20124 Users have to cope with complex security procedures, execution scripts, job description languages, command line based interfaces and lack of standards. This makes the learning curve very steep and keeps non IT-experts away.

5 Another consideration… OGF35, Delft (NL), 18 Jun 20125 There is a huge number of non IT-experts out there who do not belong to any constituted Virtual Research Community. How can we attract them ? VRCs # of users

6 The evolution leap in web browser OGF35, Delft (NL), 18 Jun 20126 evolution leap 6

7 Grid Interface Evolution The way users access Grid resources has continuously evolved towards simplicity and transparency: Command Line o Globus and gLite CLI o Used by the enthusiastic and early adopter scientists GUI applications o gEclipse, Grid2Win o Good to expand the communities but difficult to maintain Web Interface o GENIUS, P-GRADE o Easier for new users but monolithic Science Gateways OGF35, Delft (NL), 18 Jun 20127 “robot” certificate s on “e-tokens”

8 Community-driven web portals have started to integrate Grid Tools and Applications OGF35, Delft (NL), 18 Jun 20128 “A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community.” Teragrid/XSEDE

9 Our Reference Model OGF35, Delft (NL), 18 Jun 20129....... Science Gateway Science Gateway App. 1 App. 2 App. N Embedded Applications Administrator Power User Basic User Users from different organisations having different roles and privileges Standard-based (SAGA) middleware-independent Grid Engine Standard-based (SAGA) middleware-independent Grid Engine

10 Authentication & Authorisation 10OGF35, Delft (NL), 18 Jun 2012

11 Identity Federationsh https://refeds.org) OGF35, Delft (NL), 18 Jun 201211 An Identity Federation consists of “[…] the agreements, standards, and technologies that make identity and entitlements portable across autonomous domains.” Burton Group

12 Identity Federations in the world (https://refeds.org) OGF35, Delft (NL), 18 Jun 201212

13 Identity Federation (IF) In the web technology arena many approaches are available to federate authentication A standard provided by OASIS defines the Security Assertion Markup Language (SAML) Several tools are available, e.g.: o Shibboleth o SimpleSAMLphp Organisations can rely on traditional tools to manage users: o LDAP, CAS, plain text, etc. Free and Open Source OGF35, Delft (NL), 18 Jun 201213

14 Enabling Grid to Federations Grid services are starting to be integrated in community-dedicated web portals; The distributed/cross-domain nature of Grid requires strong security mechanisms Users struggle to comply with complex security rules: o Get & manage digital certificates, create proxy, update credentials and so on Some institutions want to maintain the control of their own users’ authentication OGF35, Delft (NL), 18 Jun 201214

15 Federated Grid Science Gateway OGF35, Delft (NL), 18 Jun 201215 AuthorisationAuthorisation Science Gateway GrIDP (“catch-all”) GrIDP (“catch-all”) IDPCT (“catch- all”) IDPCT (“catch- all”) IDP_y LDAP......... 1. Register to a Service 2. Sign in Authentication

16 Federated Grid User OGF35, Delft (NL), 18 Jun 201216 Science Gateway

17 Identity provided federated OGF35, Delft (NL), 18 Jun 201217 { idp1, idp2, … idpN } { idp1, idp2, … idPN } { idp1, idp2, … idpN }

18 Federated Grid User OGF35, Delft (NL), 18 Jun 201218 Science Gateway

19 Number of users in … OGF35, Delft (NL), 18 Jun 201219

20 Why Social Federation Federated identities are only a subset of potential users o Users can work in non-federated institutions o IDP can be not included in supported federations Mash-up Grid and social tools could be useful for many users and special applications o Outreach of science organizations to broader communities o “Citizen scientist” to government services o Freely accessible repositories (e.g. of cultural heritage) where one wants to profile visitors o E-collaboration using social facilities/tools in the same page user performs e-research Grid-based activities OGF35, Delft (NL), 18 Jun 201220

21 Social Grid Authentication Social services are grouped in a special IDP o Included in our “catch-all” federation GrIDP Users have the same account even they access with different credentials, either social or federated o Each account can register a list of user emails and these are used for identification OGF35, Delft (NL), 18 Jun 201221

22 Federated Grid User OGF35, Delft (NL), 18 Jun 201222 Science Gateway

23 The Social Networks’ Bridge Identity Provider (https://idpsocial.ct.infn.it) OGF35, Delft (NL), 18 Jun 201223 For more information watch the video www.youtube.com/watch?v=w6wfuGUwVVU

24 Authorisation (1/2) Technically a social IDP has same security mechanisms of other IDP but user identity are not generally verified Social user requires a stronger control on the authorisation o A preliminary identity control is requested Users from Social Networks can not automatically access resources o An authorisation request is mandatory The authorisations process does not use SAML A central server maintains authorisation assertions o An OpenLDAP server is used OGF35, Delft (NL), 18 Jun 201224

25 Authorisation (2/2) To be authorised, users have to provide verifiable information o E.g., an e-mail address of an official organisation Name and e-mail available in institutional pages o Users registered in a federation don’t need to specify an official mail. o Users can own both federated and social credentials enabled for authorisation. Information is verified by the portal administrators who decide to accept/reject the request OGF35, Delft (NL), 18 Jun 201225

26 Federation supported by DECIDE Science Gateway OGF35, Delft (NL), 18 Jun 201226

27 Federation supported by the INDICATE Science Gateway OGF35, Delft (NL), 18 Jun 201227

28 The GrIDP Identity Provider (1/2) 4 Identity Providers are available in GrIDP: A “catch-all” IdP created at Catania; The maat-G (enterprise) IdP; INFN-AAI IdP (all INFN researchers and associates); An idp that enables Social Networks credentials. OGF35, Delft (NL), 18 Jun 2012 28

29 The GrIDP Identity Provider (2/2) OGF35, Delft (NL), 18 Jun 2012 29

30 Register to GISELA Science Gateway 30 OGF35, Delft (NL), 18 Jun 2012

31 Access GISELA SG with IDEM credentials 31 OGF35, Delft (NL), 18 Jun 2012

32 Accessing with GRIDP credentials 32 OGF35, Delft (NL), 18 Jun 2012

33 The Social Networks’ Bridge Identity Provider (https://idpsocial.ct.infn.it) OGF35, Delft (NL), 18 Jun 201233 For more information watch the video www.youtube.com/watch?v=w6wfuGUwVVU

34 Current Status 16 Liferay-based Science Gateways (hosted in 2 servers) are currently powered by Shibboleth at INFN Catania; 7 Federations supported; 4 instances are registered as official IDEM Service Provider; 4 Identity Providers are available in GrIDP. 34 OGF35, Delft (NL), 18 Jun 2012

35 Portal Framework 35OGF35, Delft (NL), 18 Jun 2012

36 Liferay (www.liferay.com) Highly-configurable, scalable, open source portal framework; Compatible with JSR 168/286 standards and based on modern web 2.0 technologies; Liferay services planned to be used: o Portal; o CMS & WCM; o Collaboration and “social” software 36 OGF35, Delft (NL), 18 Jun 2012

37 Grid Access enable: Portlets as bricks Portlets can interact with the Grid e-Infrastructure Different approaches are available: o Execute the Command Line behind the portal; o Using API where available: Must be in Java or other languages supported by Liferay; o Call REST services from Javascript code in the browser; Additional layers between Liferay and the Grid can be necessary for some services; Each portlet can follow its own communication method. 37 OGF35, Delft (NL), 18 Jun 2012

38 Mixing portlet as well as OGF35, Delft (NL), 18 Jun 201238 Sc. Gtwy E Sc. Gtwy DSc. Gtwy CSc. Gtwy B Sc. Gtwy A Standards Simplicity Easiness of use Re-usability

39 Interaction with Grid Services 39OGF35, Delft (NL), 18 Jun 2012

40 How to interact with GRID A Simple API for Grid Applications (SAGA): o The OGF (Open Grid Forum) Standard; o JSAGA: a Java implementation of SAGA; A generic Grid Engine for Science Gateways based on SAGA; o Grid Engine based on JSAGA; o EGI Portal Policy & Grid Security Traceability; Grid Engine usage example. OGF35, Delft (NL), 18 Jun 2012 40

41 A Simple API for Grid Applications (SAGA) SAGA is an API that provides the basic functionality required to build distributed applications, tools and frameworks; It is independent of the details of the underlying infrastructure (e.g., the middleware); SAGA is an OGF specification: http://www.gridforum.org/documents/GFD.90.pdf http://www.gridforum.org/documents/GFD.90.pdf Several Implementations are available: o A C++ and a Java implementation developed at the Louisiana State University / CCT and Vrije Universiteit Amsterdam (http://apidoc.saga.cct.lsu.edu );http://apidoc.saga.cct.lsu.edu o A Java implementation developed at CCIN2P3 (http://grid.in2p3.fr/jsaga/);http://grid.in2p3.fr/jsaga/ o A Python implementation based on those above. OGF35, Delft (NL), 18 Jun 2012 41

42 The Catania Grid Engine An additional layer interposed between the Portal Framework and the GRID in other to make applications access directly to GRID Services. It’s based on two essential components: o The Job Engine o The Data Engine OGF35, Delft (NL), 18 Jun 201242

43 Job Engine Not only a collection of API for job submission; A complete layer able to make portlets, and so applications, to access all GRID services need for the execution: o Thread pool responsible for the submission; o User Tracking Database; o Permanent checking of the job status; o Output automatically retrived by the Science Gateway; o Easy interface for Job Managment OGF35, Delft (NL), 18 Jun 201243

44 Data Engine Make interfaces simple for non expert users o CLI-based Grid storage interface is not straightforward Grid transactions require user certificates Complexity of current protocols to manage grid storage elements o Very little or no support for access through modern browsers or others web-based applications OGF35, Delft (NL), 18 Jun 201244

45 Summary of standards adopted The framework for Science Gateways developed at Catania is fully web-based and adopts official worldwide standards and protocols, through their most common implementations These are: o The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards)JSR 168JSR 286 o The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementationsOASISSecurity Assertion Markup LanguageShibbolethSimpleSAMLphp o The Lightweight Direct Access Protocol, and its OpenLDAP implementationOpenLDAP o The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementationCryptographic Token Interface Standard o The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementationOpen Grid ForumSimple API for Grid ApplicationsJSAGA 45 OGF35, Delft (NL), 18 Jun 2012

46 Current Status 16 Liferay-based Science Gateways (hosted in 2 servers) are currently powered by Shibboleth at INFN Catania; 7 Federations supported; 4 instances are registered as official IDEM Service Provider; 4 Identity Providers are available in GrIDP. 46 OGF35, Delft (NL), 18 Jun 2012

47 References https://gridp.ct.infn.it/ OGF35, Delft (NL), 18 Jun 201247

48 Credits & Acknowledgments Valeria Ardizzone (GARR); Roberto Barbera (UNICT & INFN) Riccardo Bruno (COMETA); Antonio Calanducci (COMETA); Marco Fargetta (COMETA) Elisa Ingrà (GARR); Giuseppe La Rocca (INFN) Salvatore Monforte (INFN); Fabrizio Pistagna (INFN); Rita Ricceri (INFN); Diego Scardaci (INFN); 48 Credits Acknowledgments Vincenzo Ciaschini (INFN); Enrico Fasanelli (INFN); Maria Laura Mantovani (GARR); Barbara Monticini (GARR); Simona Venuti (GARR) OGF35, Delft (NL), 18 Jun 2012

49 Thank you for your kind attention OGF35, Delft (NL), 18 Jun 201249

Download ppt "The Catania Science Gateway framework Mr. Riccardo Rotondo Consortium GARR, Rome, Italy"

Similar presentations

Www.gisela-grid.eu Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.

Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
Federated access to e-Infrastructures worldwide

Federated access to e-Infrastructures worldwide
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo

Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
1 The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) GRID Science Gateway Riccardo Rotondo

1 The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) GRID Science Gateway Riccardo Rotondo
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n. 306819 A Standard-based.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n A Standard-based.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
STAR net, Resources and VOs C. Vuerli, A. Costa, U. Becciani, P. Massimino, G. Castelli.

STAR net, Resources and VOs C. Vuerli, A. Costa, U. Becciani, P. Massimino, G. Castelli.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 User Support in IGI: Related Tools and Services in Italy EGI Technical Forum 2011 19-23.

EGI-InSPIRE RI EGI-InSPIRE RI User Support in IGI: Related Tools and Services in Italy EGI Technical Forum
Widening the number of e-Infrastructure users with Science Gateways and Identity Federations Giuseppe Andronico INFN -

Widening the number of e-Infrastructure users with Science Gateways and Identity Federations Giuseppe Andronico INFN -
EGI Technical Forum Amsterdam, 16 September 2010 Sylvain Reynaud.

EGI Technical Forum Amsterdam, 16 September 2010 Sylvain Reynaud.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Similar presentations

Ads by Google