Presentation is loading. Please wait.

Presentation is loading. Please wait.

February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow.

Published byRachel Holmes Modified over 9 years ago

Similar presentations

Presentation on theme: "February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow."— Presentation transcript:

1 February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow

2 February 1999T. Haupt, DATORR meeting2 Gateway Objectives To provide infrastructure supporting development of problem solving environments –create user space –define problem –identify resources To provide seamless and secure access to remote resources –allocate resources –monitor resources Ken Flurchick, http://www.osc.edu/~kenf/Gateway

3 February 1999T. Haupt, DATORR meeting3 Services User Modules Back-End Resources Front-End Back-end services comprise Tier 3. Tier 1 is a high-level front-end for visual programming Distributed object-based, scalable, and reusable Web server and Object broker Middleware forms Tier 2 Three-Tier Architecture

4 Services User Modules Data Flow Front-End Standard Interfaces OO Front-End Task Specification Metacomputing Services DATORR Back-End Resources

5 February 1999T. Haupt, DATORR meeting5 Architecture of Gateway Globus DOM/XML

6 February 1999T. Haupt, DATORR meeting6 CORBA Based Middle-Tier Mesh of WebFlow Servers implemented as CORBA objects. Each server provides specific services and serves as a container for user’s modules Front End Gatekeeper: Authentication Authorization

7 February 1999T. Haupt, DATORR meeting7 Middle-Tier

8 SECIOP Security Model Front End Applet https authentication & authorization Gatekeeper delegation Stakeholders HPCC resources GSSAPI Layer 1: secure Web Layer 2: secure CORBA Layer 3: Secure access to resources Policies defined by resource owners

9 February 1999T. Haupt, DATORR meeting9 Distributed Objects are less secure can play both client and server –in client/server you trust the server, but not clients evolve continually –objects delegate parts of its implementation to the other objects (also dynamically composed at runtime). Because of subclassing, the implementation of an object may change over time interaction are not well defined –because of encapsulation, you cannot understand all the interactions between objects are polymorphic (ideal for Trojan horses!) can scale without limit –how do you manage access right to millions of servers? are very dynamic

10 CORBA security is built into ORB Secure Communications Authentication ClientUser EncryptionAuditAuthorization Server Encryption Credentials Object Adapter

11 Authentication A principal is authenticated once by ORB and given a set of credentials, including one or more roles, privileges, and an authenticated ID. An authenticated ID is automatically propagated by a secure ORB; it’s part of the caller context PrincipalCredentials Current ClientServer set_credentialsget_attributes authenticate

12 February 1999T. Haupt, DATORR meeting12 Privilege Delegation No delegation –The intermediary uses its own credentials Simple delegation –The intermediary impersonate the client Composite delegation –The intermediary uses both Client TargetClientTargetClientTargetClient Target Object IIOP

13 CORBA access model Based on a trusted ORB model: you must trust that your ORB will enforce the access policy on the server resource The ORB determines: if this client on - behalf of this principal - can do this operation on this object Server uses Access Control Lists (ACL) to control user access PrincipalRoleRightsOperation

14 February 1999T. Haupt, DATORR meeting14 Mary Thompson, http://www-itg.lbl.gov/security/Akenti/DOE2000/sld014.htm

15 February 1999T. Haupt, DATORR meeting15 User 1User 2 Application 1 Application 2 App 2App 1 WebFlow Server WebFlow server is given by a hierarchy of containers and components WebFlow server hosts users and services Each user maintains a number of applications composed of custom modules and common services WebFlow Services

16 Initialization of a session Portal Page Secure Web Server Mutual authentication start AKENTI Credentials Globus Cert. Front End Applet WebFlow Server User Context Netscape’s ORB ORBacus ORB IIOP

17 February 1999T. Haupt, DATORR meeting17 Building an application Applet Application Context Netscape ORBORBacus ORB IIOP List of servers List of modules List of events List of methods E M Add module Attach Event localremote Adapter LLM

18 February 1999T. Haupt, DATORR meeting18 Event binding addEventListener rmEventListener fireEvent(E,M) method M Event SourceEvent TargetAdapter Event ORB binding table DIIDSI

19 February 1999T. Haupt, DATORR meeting19 WebFlow over Globus In order to run WebFlow over Globus there must be at least one WebFlow node capable of executing Globus commands, such as globusrun Jobs that require computational power of massively parallel computers are directed to the Globus domain, while others can be launched on much more modest platforms, such as the user’s desktop or even a laptop running Windows NT. Bridge between WebFlow and Globus

20 February 1999T. Haupt, DATORR meeting20 Gateway Components Front End (Java Applets) –many different “plug-ins” implementing WebFlow API Middle Tier (CORBA) Back End modules (anything from JBDC to HPF) –JavaBeans model –Proxy Modules Access to remote HPCC resources

Download ppt "February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow."

Similar presentations

GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Distributed Systems Architectures Slide 1 1 Chapter 9 Distributed Systems Architectures.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Gateway System (new generation WebFlow) NPAC Syracuse University.

Gateway System (new generation WebFlow) NPAC Syracuse University.
Introduction to Java 2 Enterprise Edition About myself –Neutrinos, Cancer Research, IT Applications Today’s topic: J2EE –Context –Advantages –Components.

Introduction to Java 2 Enterprise Edition About myself –Neutrinos, Cancer Research, IT Applications Today’s topic: J2EE –Context –Advantages –Components.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Some of these slides were excerpted from: Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey A. Hoffer.

Some of these slides were excerpted from: Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey A. Hoffer.
Distributed Systems Architectures

Distributed Systems Architectures
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
The Architecture of Transaction Processing Systems

The Architecture of Transaction Processing Systems
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.

12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.
Globus Computing Infrustructure Software Globus Toolkit 11-2.

Globus Computing Infrustructure Software Globus Toolkit 11-2.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.

Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.

Similar presentations

Ads by Google