Download presentation
Presentation is loading. Please wait.
Published byLillian Wright Modified over 9 years ago
1
OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland r.sinnott@nesc.gla.ac.uk
2
OGF22 25 th February 2008 Shibboleth Scenario Service provider Shib Frontend 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ ? What sites + attributes to accept (trust)? What attributes to send? Only see/use what allowed to? uid Log-in once and roam
3
OGF22 25 th February 2008 Centralised Shibboleth Scenario Service provider 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ VO wide authZ
4
OGF22 25 th February 2008 VOMS
5
OGF22 25 th February 2008 VOMS
6
OGF22 25 th February 2008 VOTES Virtual Organisations for Trials and Epidemiological Studies 3 year (£2.8M) MRC funded project started October 2005 Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study Recruitment of potentially eligible participants Data collection during the study Study administration and coordination –Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial »Direct links with UK Biobank, Generation Scotland Scottish Family Health Study
7
OGF22 25 th February 2008 VOTES Distributed Data Framework Service
8
OGF22 25 th February 2008 Existing Demonstration (pushing attributes in SAML)
9
OGF22 25 th February 2008
10
OGF22 25 th February 2008
11
OGF22 25 th February 2008
12
OGF22 25 th February 2008
13
OGF22 25 th February 2008
14
OGF22 25 th February 2008
15
OGF22 25 th February 2008
16
OGF22 25 th February 2008 VOMS’ing
17
OGF22 25 th February 2008 The Scenario (1) A VOTES diabetes service is deployed on a GT4 infrastructure (2) A user runs “voms-proxy-init” to generate a proxy certificate including VOMS credentials (3) and tries to invoke the protected stored procedure (4) The PEP passes the user information (including proxy certificate) to the VOMS PIP (5) VOMS PIP validates the credentials and passes back the VOMS Fully Qualified Attribute Name (FQAN) within the subject attributes. (6) The PEP calls the PERMIS PDP pushing the request information and credentials (7) The PERMIS PDP according to the policy decides if this user with certain attributes is authorized to access the service. (8) If successful the stored procedure is invoked, the federated query run and returned results joined and returned to the end user
18
OGF22 25 th February 2008
19
OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Unuccessful Nurse Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml
20
OGF22 25 th February 2008
21
OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Successful Doctor Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml
22
OGF22 25 th February 2008 The Scenario with Permis (VPMan) (1) The client attempts to invoke the PERMIS protected Geronimo service. The PEP extracts the users DN and identifies that it needs attributes from a VOMS server (2) The PEP, via a Subject PIP, pulls back the relevant attributes from VOMS server (3)and passes them to the PDP (4) The permis PDP makes the decision (5) and if ok, submit job using via GridSAM to appropriate Grid Resource
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.