Presentation is loading. Please wait.

Presentation is loading. Please wait.

UABgrid Identity Infrastructure John-Paul Robinson, David Shealy, UAB, IT Infrastructure Services Educause.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "UABgrid Identity Infrastructure John-Paul Robinson, David Shealy, UAB, IT Infrastructure Services Educause."— Presentation transcript:

1 UABgrid Identity Infrastructure John-Paul Robinson, jpr@uab.edujpr@uab.edu David Shealy, dls@uab.edudls@uab.edu UAB, IT Infrastructure Services Educause Southeast Regional Conference June 3, 2008

2 Educause Copyright Statement Copyright John-Paul Robinson and David Shealy 2008. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the authors.

3 June 3, 2008Educause Southeast Regional Conference3 Overview Understanding Collaboration Identity Services and the Grid UABgrid IdM Solution System Walk Through Next Steps Conclusions

4 June 3, 2008Educause Southeast Regional Conference4 The Challenge of Collaboration Research Group Google University IT Collaborator Compute Center

5 June 3, 2008Educause Southeast Regional Conference5 Common Steps to Collaboration Mailing list -- where ever its easiest Wiki – easy on your local server Add blogs, shared bookmarks, and other social networking tools Find compute resources to crunch the numbers Enjoy the autonomy and control of self directed collaboration and a low infrastructure burden

6 June 3, 2008Educause Southeast Regional Conference6 Challenges to Collaboration Deal with the hassle of maintaining accounts and permissions across tools? Accept the limitations of a single function applications? Choose an applications that does many things poorly? Use someone's portal but loose authority over your portlet needs? Who do you call when you need help? Who do you trust?

7 June 3, 2008Educause Southeast Regional Conference7 UABgrid Technology Backdrop UAB adopted Campus IdM in mid-1990's & joined Internet2 in late 1990's NMI-Testbed Participation and EPSCoR funding (2001-2004) Began construction of campus grid with Computer & Information Sciences (CIS) and Engineering (ENG), UABgrid Ongoing collaboration on regional grid, SURAgrid NSF project to integrate NMI middleware tools and open source web applications (2003-2005) Acquire dark fiber leases for connection to national fiber networks Launch UABgrid Pilot September 2007

8 June 3, 2008Educause Southeast Regional Conference Traditional IT Stack IT Business and Administrative Applications Infrastructure Services Networking Applications exclusively managed by IT Infrastructure services exclusively serve IT application needs Network exists to extend access to application

9 June 3, 2008Educause Southeast Regional Conference Extend Networking from Stack IT Business and Administrative Applications Infrastructure Services Networking

10 June 3, 2008Educause Southeast Regional Conference Supported Networking Stack IT Business and Administrative Applications Infrastructure Services Networking Research Applications End-User Applications

11 June 3, 2008Educause Southeast Regional Conference Infrastructure Next in Stack IT Business and Administrative Applications Infrastructure Services Networking

12 June 3, 2008Educause Southeast Regional Conference Extend Infrastructure Stack IT Business and Administrative Applications Infrastructure Services Networking

13 June 3, 2008Educause Southeast Regional Conference Supported Infrastructure Stack IT Business and Administrative Applications Infrastructure Services Networking Research Applications End-User Applications

14 June 3, 2008Educause Southeast Regional Conference14 National Cyberinfrastructure A Continuum of Identity lower assurance – facilitates collaboration higher assurance – facilitates trust Authorization Policies Informed by Identity Attributes Pools of Execution Resources A Common Data Framework Reliability and Performance Monitoring Maximized Network Bandwidth

15 June 3, 2008Educause Southeast Regional Conference15 National Cyberinfrastructure Grid: Interconnected Infrastructure Visualizing a Grid Site Resources Site Resources Linked via Shared Cyberinfrastructure

16 June 3, 2008Educause Southeast Regional Conference16 Cyberinfrastructure IdM Exec Data Net Info UABgrid Application 1 Application 4 Application 3 Application 2 Common Grid Interfaces

17 June 3, 2008Educause Southeast Regional Conference17 Cyberinfrastructure IdM Exec Data Net Info UABgrid Application 1 ResearchUser AdminEducation Grid Infrastructure Supports Multiple Application Domains

18 June 3, 2008Educause Southeast Regional Conference18 Cyberinfrastructure IdM Exec Data Net Info UABgrid Research Applications UsersStats FilesProcesses GroupsComm UABgrid is Building Services for Research Collaborations

19 June 3, 2008Educause Southeast Regional Conference19 Cyberinfrastructure IdM Exec Data Net Info UABgrid Research Application Services UsersStats FilesProcesses GroupsComm Statistical Genetics “R” caBIG Collaboration Tools Future Initiatives UABgrid is a Research Collaboration Platform

20 June 3, 2008Educause Southeast Regional Conference20 Interconnects and coordinates resources across administrative domains Uses standard, open, and general purpose interfaces and protocols Allows resource combination to deliver high quality services built on the core utility Understanding the Grid The “grid” is the Fabric of Inter-connected Resources

21 June 3, 2008Educause Southeast Regional Conference21 Supporting Collaboration Provide infrastructure that is flexible Offer self-managed services Provide portable identities Support integration across domains Respect autonomy Empower the researcher Contribute components to infrastructure IT strength in middleware services HPC Centers strength in computational services

22 June 3, 2008Educause Southeast Regional Conference22 Philosophy of Identity Identity is a natural continuum Different applications can enlist different technologies (Shibboleth, Certificates, OpenID, etc.) Different technologies support different levels of trust Systems need consistent identity Identity is pervasive Identity is a leading integration point

23 June 3, 2008Educause Southeast Regional Conference23 Solving the Attribute Puzzle

24 June 3, 2008Educause Southeast Regional Conference UABgrid Identity Solution Identity & Attribute Management Web Application Attribute Store Head Node Identity & Attribute Release Web Applications Clusters UABgrid IdM Attributes to Web Apps with Shibboleth Attributes to Non-web Apps with GridShib User Accesses Services Directly User Identity from Institution IdM (via InCommon not legacy feeds)

25 June 3, 2008Educause Southeast Regional Conference25 Pilot Collaboration Applications Mailing Lists: Sympa Wiki's: MediaWiki and Confluence Project management: Trac + Subversion Blogs: Wordpress User certificate management: PHPki Grid meta-scheduling: GridWay Grid facing computational resources: Globus

26 June 3, 2008Educause Southeast Regional Conference26 Confluence Login Walk-Through Confluence is a commercial wiki product from Atlassian Atlassian Demo for UABgrid Collaboration Environment http://wiki.uabgrid.uab.edu/confluence Confluence Highlights proprietary software integration wiki for collaborations that require distinct access and content management roles for members Login Highlights System Boundaries

27 Confluence Wiki Login Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

28 Select Session Identity Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

29 Select UAB Identity Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

30 UAB Authentication Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

31 UAB Attributes to UABgrid Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

32 Collaboration Attributes to Wiki Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

33 User Logged In at Wiki Confluence :: UABgrid Login :: UAB InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

34 Select ProtectNetwork Identity Confluence :: UABgrid Login :: PN InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

35 ProtectNetwork Authentication Confluence :: UABgrid Login :: PN InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

36 ProtectNetwork Attributes Confluence :: UABgrid Login :: PN InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

37 Different User Logged In at Wiki Confluence :: UABgrid Login :: PN InCommon (authn + shib) :: UABgrid (collab attributes) :: Confluence

38 Globus Identity Use Example

39 Ultimate Goal: Any Application in Collaboration UABgrid IdM

40 June 3, 2008Educause Southeast Regional Conference40 Current State Basic group management and collaboration tools in place Building infrastructure to support expansion of resources and users Attribute exchange with web applications is working, Globus attribute consumption needed Good cross-section of users and projects for pilot

41 June 3, 2008Educause Southeast Regional Conference41 Attribute Service Development Pre-configured VM image Combines multiple services and avoids duplicating integration effort Shibboleth, GridShib, and VO/group management (Sympa) Grew out of the NSF project as encapsulation of the system concepts myVocs box is shared infrastructure component to simplify development and maintenance of UABgrid infrastructure

42 June 3, 2008Educause Southeast Regional Conference42 UABgrid User Communities UABgrid Development Team http://dev.uabgrid.uab.edu SSG Biostatistics “R” Workflow to Grid Migration http://projects.uabgrid.uab.edu/r-group ASA + UAB Grid Resource Exploration http://projects.uabgrid.uab.edu/uabgrid-asa SURAgrid Accounting Working Group http://projects.uabgrid.uab.edu/sg-accounting CIS Collaborative Computing Lab http://projects.uabgrid.uab.edu/cclprojects Viral Bioinformatics Resource Center http://vbrc.org

43 June 3, 2008Educause Southeast Regional Conference43 UABgrid Identity Services Next Steps Improved Attribute & Group Management Grouper supports generic group management, Signet an option for permissions. Improved Login Identity provider selections, roaming preferences OpenID Support Asserting is easy. Consuming not so hard but will require updates to registration service Shibboleth 2.0 and GridShib 0.6 Support Regular Release Cycle for myVocs box

44 June 3, 2008Educause Southeast Regional Conference44 Engaged in Broader Community caBIG – GAARDS authn/z infrastructure http://www.cagrid.org/mwiki/index.php?title=GAARDS:Main SWITCH http://www.switch.ch/aai D-Grid http://epic.awi.de/Publications/Gie2007a.pdf TeraGrid http://grid.ncsa.uiuc.edu/presentations/tg-nov06.ppt UABgrid http://www.uab.edu/it/CyberInfrastructure/Cyberinfrastructure_v2_4.pdf

45 June 3, 2008Educause Southeast Regional Conference45 Conclusions Collaborators need to be able to operate autonomously on a reliable infrastructure Centralized IT services can contribute significantly to collaborations by exposing rich, user-controlled resource interfaces Shibboleth-based identity services allow users to define and manage their trust boundaries in a distributed environment Grid is an effective model for infrastructure development

46 June 3, 2008Educause Southeast Regional Conference46 Acknowledgments Office of the Vice President for Information Technology at the University of Alabama at Birmingham (UAB) UABgrid Collaborative Development Initiative with Department of Computer and Information Sciences (CIS) and Mechanical Engineering (ENG) at UAB "NMI Enabled Open Source Collaboration Tools for Virtual Organizations" NFSANI-0330543ANI-0330543

47 June 3, 2008Educause Southeast Regional Conference47 References Shibboleth  http://shibboleth.internet2.edu http://shibboleth.internet2.edu  Demo http://shibboleth.internet2.edu/demo/shib_demo.html GridShib  http://gridshib.globus.org/ http://gridshib.globus.org/ InCommon  http://www.incommonfederation.org/ http://www.incommonfederation.org/

Download ppt "UABgrid Identity Infrastructure John-Paul Robinson, David Shealy, UAB, IT Infrastructure Services Educause."

Similar presentations

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.

Student, Faculty, and Staff Data Availability and Protection What’s the Back-Up Plan? (for academic computing) Sponsored by.
The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.

The Internet2 NET+ Services Program Jerry Grochow Interim Vice President CSG January, 2012.
Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.

Andrea Eastman-Mullins Information & Technology Coordinator University of North Carolina, Office of the President Teaching and Learning with Technology.
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.

2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.
Copyright Statement © Jason Rhode and Carol Scheidenhelm. 2006. This work is the intellectual property of the authors. Permission is granted for this material.

Copyright Statement © Jason Rhode and Carol Scheidenhelm This work is the intellectual property of the authors. Permission is granted for this material.
Copyright Dong Chen, 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Dong Chen, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, 2004. This work is the intellectual property of the.

Learning Management Systems Camp June 2004 Barry R Ribbeck UT HSC Houston Copyright, Barry Ribbeck, This work is the intellectual property of the.
You’ve Built The Pieces, Now Integrate Your Enterprise! Mid-Atlantic Regional Conference January 17, 2003 Patty Gertz, Princeton University

You’ve Built The Pieces, Now Integrate Your Enterprise! Mid-Atlantic Regional Conference January 17, 2003 Patty Gertz, Princeton University
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Rice’s 3-in-1 Wiki February 22, 2008 Copyright Carlyn Foshee Chatfield, 2008. This work is the intellectual property of the author. Permission is granted.

Rice’s 3-in-1 Wiki February 22, 2008 Copyright Carlyn Foshee Chatfield, This work is the intellectual property of the author. Permission is granted.
Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.

Sharing MU's SharePoint Experience 2005 Midwest Regional Conference Innovative Use of Technology: Getting IT Done Wednesday, March 23, 2005.
Lynette Olson, Assessment & Effectiveness Director & Gary Langer, Associate Vice Chancellor, Office of the Chancellor, Minnesota State Colleges and Universities.

Lynette Olson, Assessment & Effectiveness Director & Gary Langer, Associate Vice Chancellor, Office of the Chancellor, Minnesota State Colleges and Universities.
Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine 2004. This work is the.

Moving Your Paperwork Online University of California, Irvine presents PayQuest Copyright UC,Irvine This work is the.
Constructing Campus Grids Experiences adapting myVocs to UABgrid John-Paul Robinson High Performance Computing Services Office of the Vice President for.

Constructing Campus Grids Experiences adapting myVocs to UABgrid John-Paul Robinson High Performance Computing Services Office of the Vice President for.
3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

3 Nov 2003 A. Vandenberg © Second NMI Integration Testbed Workshop on Experiences in Middleware Deployment, Anaheim, CA 1 Shibboleth Pilot Local Authentication.

Similar presentations

Ads by Google