Presentation is loading. Please wait.

Presentation is loading. Please wait.

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

Similar presentations


Presentation on theme: "OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland"— Presentation transcript:

1 OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland r.sinnott@nesc.gla.ac.uk

2 OGF22 25 th February 2008 Shibboleth Scenario Service provider Shib Frontend 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ ? What sites + attributes to accept (trust)? What attributes to send? Only see/use what allowed to? uid Log-in once and roam

3 OGF22 25 th February 2008 Centralised Shibboleth Scenario Service provider 5. Pass authentication info and attributes to authZ function Grid Portal 6. Make final AuthZ decision Grid Application Identity Provider Home Institution W.A.Y.F. Federation User 1. User points browser at Grid resource/portal 2. Shibboleth redirects user to W.A.Y.F. service 3.User selects their home institution 4. Home site authenticates user and pushes attributes to the service provider AuthN LDAP AuthZ VO wide authZ

4 OGF22 25 th February 2008 VOMS

5 OGF22 25 th February 2008 VOMS

6 OGF22 25 th February 2008 VOTES Virtual Organisations for Trials and Epidemiological Studies 3 year (£2.8M) MRC funded project started October 2005 Plans to develop framework for producing Grid infrastructures to address key components of clinical trial/observational study  Recruitment of potentially eligible participants  Data collection during the study  Study administration and coordination –Involves Glasgow, Oxford, Leicester/Nottingham, Manchester, Imperial »Direct links with UK Biobank, Generation Scotland Scottish Family Health Study

7 OGF22 25 th February 2008 VOTES Distributed Data Framework Service

8 OGF22 25 th February 2008 Existing Demonstration (pushing attributes in SAML)

9 OGF22 25 th February 2008

10 OGF22 25 th February 2008

11 OGF22 25 th February 2008

12 OGF22 25 th February 2008

13 OGF22 25 th February 2008

14 OGF22 25 th February 2008

15 OGF22 25 th February 2008

16 OGF22 25 th February 2008 VOMS’ing

17 OGF22 25 th February 2008 The Scenario (1) A VOTES diabetes service is deployed on a GT4 infrastructure (2) A user runs “voms-proxy-init” to generate a proxy certificate including VOMS credentials (3) and tries to invoke the protected stored procedure (4) The PEP passes the user information (including proxy certificate) to the VOMS PIP (5) VOMS PIP validates the credentials and passes back the VOMS Fully Qualified Attribute Name (FQAN) within the subject attributes. (6) The PEP calls the PERMIS PDP pushing the request information and credentials (7) The PERMIS PDP according to the policy decides if this user with certain attributes is authorized to access the service. (8) If successful the stored procedure is invoked, the federated query run and returned results joined and returned to the end user

18 OGF22 25 th February 2008

19 OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Unuccessful Nurse Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml

20 OGF22 25 th February 2008

21 OGF22 25 th February 2008 Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse role Authorisation of Nurse Client Unsuccessful Nurse role Authorisation of Doctor Client Successful Nurse Interaction Successful Doctor Interaction => java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSNurseClient security-configRichard.xml =>java -classpath./build/stubs/classes/:$CLASSPATH org/globus/clients/DataFederationProxy/SecureGSDoctorClient security-configRichard.xml

22 OGF22 25 th February 2008 The Scenario with Permis (VPMan) (1) The client attempts to invoke the PERMIS protected Geronimo service. The PEP extracts the users DN and identifies that it needs attributes from a VOMS server (2) The PEP, via a Subject PIP, pulls back the relevant attributes from VOMS server (3)and passes them to the PDP (4) The permis PDP makes the decision (5) and if ok, submit job using via GridSAM to appropriate Grid Resource


Download ppt "OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland"

Similar presentations


Ads by Google