Presentation is loading. Please wait.

Presentation is loading. Please wait.

Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community.

Published byKory Houston Modified over 9 years ago

Similar presentations

Presentation on theme: "Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community."— Presentation transcript:

1 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community

2 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 2 PaNdata Partners Alba, Spanish National Sychrotron Facility Diamond UK Synchrotron facility European Synchrotron Radiation Facility (ESRF) Deutsches Elektronen Synchrotron (DESY) Institut Laue–Langevin (ILL) Max IV Laboratury Lund ISIS STFC Neutron source HZB, Helmholtz Zentrum Berlin Paul Scherrer Institut (PSI), hosting SINQ and SLS Soleil, French National Synchrotron Facility

3 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 3 CRISP IT Partners European Synchrotron Radiation Facility (ESRF) Deutsches Elektronen Synchrotron (DESY) European Organisation for Nuclear Research (CERN) European Spallation Source (ESS) GSI Helmholtz Centre for Heavy Ion Research (GSI) Institut Laue–Langevin (ILL) European X-ray Free Electron Laser (XFEL) Paul Scherrer Institut (PSI)

4 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 4 The user community I  Photon facilities Synchrotrons and Free Electron Lasers (FELs) Light of highest brightness About 15 synchrotrons in EU (ESRF + national)  FELs, even 10 3 to 10 6 times brighter SLAC/Stanford, DESY/Hamburg, FEL/Spring-8/Japan, PSI/Villigen Membrane proteins; microscopic movies of chemical reactions  Neutron facilities Complementary Similar user community  Small teams, visit for Few hours (structural biology) to Few weeks (superconductivity, nano investigations)

5 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 5  In EU >> 30’000 visiting users /y Organised by local user offices Large overbooking (≥3:1), low chance to be accepted Important to minimize administrative load  On-site visits Short duration In part spontaneous (keep that attraction) Part-time users  Decentralized structure (compare e.g. to CERN) Manifold research fields Many data sources facilities National character of facilities, report to own governments  Zoo of research areas Archaeology, chemistry, materials + analytical sciences, life sciences Physics is minority Linking element is common use of large facilities (not science field) ! The user community II

6 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 6 What are the IT requests?  Huge datasets Novel 2D detectors, quantum leap in data quality, but also data volumes Multi-image techniques (tomography, lens-less imaging) Molecular movies at FELs ‘Petabyte’ ‘normal’ unity; time over for ‘hard-disk in the trouser pocket’  Trans-facility experiments Single Sign On (SSO) Standardize proposal procedures on EU scale  Remote data access Analyze data remotely at facility Combine datasets taken at different facilities Clouds (commercial, community-based) Respect confidentiality restrictions  Remote experiment access Basic: passive online access to measured data Advanced: active control  PR Issues Improve corporate identity Improve public lobbying

7 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 7  Incorporate confidentiality aspects High competition, especially structural biology Time-window-structured access to experiments and data  Rely on existing local user office structure Great experience DIY (Do It Yourself) operation  Users: manage their personal entries  User offices: supervising; manage authorizations  Base system on professional authentication standard Shibboleth, federated Single-Sign-On System (SAML), widely used Special photon / neutron user federation Only one identity provider Supervising by local User Offices  Concept Unique user identification on EU scale Hybrid information storage No possibility for cross-facility information pull Multi-level identification (maximum autonomy to facilities) Waterproof but slim data protection system Umbrella as Prototype

8 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 8  Facilities Keep existing administration structures as much as possible o Proposal workflow o Guest house / restaurant, access badges, stock room, … During implementation parallel operation o smooth transition o No time-zero  Users DIY (Do It Yourself) operation o Users: manage their personal entries o User offices: supervising; manage authorizations  Collaborations Self organization of data access via collaborations Principal investigator / main proposer controls who is allowed to access data  Applications Multi-level trust applications define level Lowest level: Google-type handshake Higher level: authentication at facility user offices, no external ?? Operation concept Bottom-up: Delegation and direct feedback

9 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 9 The Umbrella Concept User UOffice2UOffice1UOffice3 Fig.1

10 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 10 Hybrid concept (central and federated) Answer to conflicting requests:  Efficient technology  Confidentiality  Consequent distinction of authentication and authorisation User infoProposal Modules Central (common) part Local facility part o Modules with general, scientific info o Detailed info o Roles at facilities o Identification o Registration for central serv. Affiliation info o Department o Postal address Central phone o Proposer info o Roles at facilities o Facility specific city code (e.g. for EU reimbur- sement 10

11 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 11  Embargo vs. post-embargo period Here only embargo (most critical, confidentiality)  Standard access rights rule No chance for manual central authorization 1‘000s of experiments, 10‘000s of users  Identity by Umbrella Unique, EU-wide user authentication Allows trans-facility actions, Single Sign On  Keep Role of proposal as organizing element Who participates in experiment, has access right to data Principal investigator / main proposer Remote data access, concept proposed 11

12 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 12 Pjxx User3 User4 User1 User2 User5 PpA1 Data1 PpA1 User1 User3 User5 PpB1 User1 User3 User5 PpB2 User1 User2 PpC1 User3 User4 User5 Pjyy User2 Pjzz User4 User5 PpA1 DataN …. PpB1 Data1 PpB1 DataN …. PpB2 Data1 PpB2 DataN …. PpC1 Data1 PpC1 DataN …. Facility A Facility B Facility C Users User Level Projects Project Level ProposalsExperiments / Data Facility Level User3 User1 User3 User5

13 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 13  Umbrella Plus  Proposal-based user administration  Linking via Umbrella to local WUOs: includes full user services  Remote file access, remote experiment access + …  Non-proposal-based user administration  HEP-type operation (very long-term proposals)  Small facilities (e.g. university labs, …)  May have need for user db, but not for the rest  Umbrella + stripped-down version of a WUO oCore user db oShibboleth communication oGreen / red lamp at the output  Umbrella Bio  Currently 2 decoupled user review/access schemes  Combine Umbrella + BioStruct Bridging 13

14 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 14 Umbrella and BioStruct 14 WUO3WUO2 WUO1 Central BioStruct User Office User c) BioStruct with Umbrella Central Umbrella WUOS1 Facility Web-based User Offices Other BioStruct services WUOS2 WUO3WUO2WUO1 b) BioStruct as present present Facility Web-based User Offices Central BioStruct User Office User Other BioStruct services WUO3WUO2WUO1 User a) Standard Facility Web-based User Offices

15 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 15  Goal and duration  Test of the system by future users  February 1 – March 31  Central Applications  Prototype of central web site  EAA: registration, mutation  Alfresco, Indico, Issue tracker, Wiki  Federated applications  Umbrella + WUO clone versions  Participants  Facilities o DESY oDiamond (iCAT service, Moonshot?) oESRF oPSI  ‘Friendly’ users o ~30, all over EU oExternal expert users (ESUO, ETH, BioStruct, ??) oLocal facility experts (DESY) Friendly user phase 15

16 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 16  till January, 31: Umbrella preparation  Definition of active participants  Definition of elements to offer to users  Definition of web portal  Documentation  Final developments  from February 1, Friendly user phase  Contact of users  Umbrella + WUO test versions (DESY, PSI, ESRF, Diamond)  from May 31  Workshop with all participants  Concluding feedback document  Implementation of feedback  Legal work (trust issues, MoUs, …)  from September 1, Ready for implementation Umbrella road map 16

17 Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 17  Clear demands at large photon / neutron facilities Unique user ID Remote data and experiment access Need for user and facility friendliness Very large number of visiting scientists: Need slim and efficient system  Limited excitement on management (and user?) side Resources Confidentiality Scientific competition  Overlapping IT communities, bridging Large facilities and universities (educational sector) Large facilities and university labs Different communities  Umbrella as prototype Common web portal Slim solution, no top down organization, self service elements Build on existing infrastructure, clear topology, avoid parallel worlds Conclusion 17

Download ppt "Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community."

Similar presentations

4th workshop, federated identity systems, Nymegen June 21/22, 2012Heinz J Weyer, PSI 1 1 Federated Identity and the Photon / Neutron Community.

4th workshop, federated identity systems, Nymegen June 21/22, 2012Heinz J Weyer, PSI 1 1 Federated Identity and the Photon / Neutron Community.
Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.

Digital Certificate Operation in a Complex Environment Matthew J. Dovey Oxford University Computing Services.
Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.

Duke Enterprise CMS CGS Meeting 5/7/2004 Cheryl Crupi Senior Manager, Duke OIT Office of Web Services.
Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC 2014 20 May 2014 Dublin.

Federated Identity Management for Researchers – A quick overview from GÉANT BoF TNC May 2014 Dublin.
Slide: 1 Welcome to the workshop ESRFUP-WP7 User Single Entry Point.

Slide: 1 Welcome to the workshop ESRFUP-WP7 User Single Entry Point.
Introduction on WP7/WP9 Dominique PORTE 29/05/2008 Menu What is WP7? What is WP9? Goal of the brainstorming Introduction on WP7/WP9.

Introduction on WP7/WP9 Dominique PORTE 29/05/2008 Menu What is WP7? What is WP9? Goal of the brainstorming Introduction on WP7/WP9.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Marketing strategies ELI Beamlines and HiLASE Michael Vích, Lenka Scholzová 20. 5. 2014 Sofia, Bulgaria.

Marketing strategies ELI Beamlines and HiLASE Michael Vích, Lenka Scholzová Sofia, Bulgaria.
Decentralised and Remote Access to Confidential Data in the ESS (ESSnet DARA) Overview and State of the Art Maurice Brandt Destatis FIRST EUROPEAN DATA.

Decentralised and Remote Access to Confidential Data in the ESS (ESSnet DARA) Overview and State of the Art Maurice Brandt Destatis FIRST EUROPEAN DATA.
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
“NATIONAL CHAMBER OF PRIVATE BAILIFF OFFICERS ” in the new era of the online execution SIAIP INTRODUCTION 16 th of December 2014.

“NATIONAL CHAMBER OF PRIVATE BAILIFF OFFICERS ” in the new era of the online execution SIAIP INTRODUCTION 16 th of December 2014.
State supporting science and technology challenge. Measures for modern scientific landscape. By Lyudmila Ogorodova Deputy Minister, Ministry of Education.

State supporting science and technology challenge. Measures for modern scientific landscape. By Lyudmila Ogorodova Deputy Minister, Ministry of Education.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
PaN-data WP4 - Users Gordon Brown STFC-e-Science Alun Ashton DLS Bill Pulford DLS.

PaN-data WP4 - Users Gordon Brown STFC-e-Science Alun Ashton DLS Bill Pulford DLS.
Umbrella PaN-data ODI Kickoff meeting, STFC November 3/4, 2011Heinz J Weyer, PSI 1 1 PaN-data ODI WP3 User AAA Service (Umbrella System)

Umbrella PaN-data ODI Kickoff meeting, STFC November 3/4, 2011Heinz J Weyer, PSI 1 1 PaN-data ODI WP3 User AAA Service (Umbrella System)
ESUO Meeting 4.-5.10.2012 ALBA Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.

ESUO Meeting ALBA Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.
EPOS Preparatory phase Torild van Eck (ORFEUS) Call INFRA-2010-2.2.1 Deadline: December 3, 2009 Funding: between 3 and 6 MEuro Duration: max 4 year.

EPOS Preparatory phase Torild van Eck (ORFEUS) Call INFRA Deadline: December 3, 2009 Funding: between 3 and 6 MEuro Duration: max 4 year.
Service Management for CERN GS & IT. Page 2 Service Management: WHAT Our Goals:  One Service Desk for CERN (one number to ring, one place to go, 24/7.

Service Management for CERN GS & IT. Page 2 Service Management: WHAT Our Goals:  One Service Desk for CERN (one number to ring, one place to go, 24/7.
NMI3 Meeting 4.12.2012 Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.

NMI3 Meeting Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.

Similar presentations

Ads by Google