Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,

Published byOctavia Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,"— Presentation transcript:

1 How to integrate EGI portals with Identity Federations Roberto Barbera (roberto.barbera@ct.infn.it) Univ. of Catania and INFN EGI Technical Forum – Prague, 20 September 2012

2 Outline  The Catania Science Gateway framework  Considerations driving current activities:  The CHAIN Worldwide Interoperability Demo  «Social» and mobile access to Science Gateways  The Science Gateway market place  Summary and conclusions 2

3 The Catania Science Gateway model 3....... Science Gateway Science Gateway App. 1 App. 2 App. N Embedded Applications Administrator Power User Basic User Users from different organisations having different roles and privileges Standard-based (SAGA) middleware-independent Grid Engine Standard-based (SAGA) middleware-independent Grid Engine

4 Summary of standards adopted  Catania Science Gateway framework builds on consolidated and widely adopted standards:  The JSR 168 and JSR 286 standards (also known as "portlet 1.0" and "portlet 2.0" standards)JSR 168JSR 286  The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth and SimpleSAMLphp implementationsOASISSecurity Assertion Markup Language ShibbolethSimpleSAMLphp  The Lightweight Direct Access Protocol, and its OpenLDAP implementationOpenLDAP  The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementationCryptographic Token Interface Standard  The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementationOpen Grid ForumSimple API for Grid ApplicationsJSAGA 4

5 AuthN & AuthZ Schema AuthorisationAuthorisation Science Gateway GrIDP (“catch-all”) GrIDP (“catch-all”) IDPCT (“catch- all”) IDPCT (“catch- all”) IDP_y LDAP......... 1. Register to a Service 2. Sign in Authentication Social Networks’ Bridge IdP 5

6 Official Identity Federations currently supported by Catania Science Gateways 6 To be created soon

7 eduGAIN (www.edugain.org) 7 Catania Science Gateways are also registered as Service Providers of eduGAIN

8 The Grid IDentity Pool (GrIDP) (http://gridp.ct.infn.it) This is an “open” Identity Federation

9 Identity Federations’ discovery service The normal Authentication Procedure 9 «Open» Identity Provider http://idp.ct.infn.it

10 Identity Federations’ discovery service The “social” Authentication Procedure 10 https://idpsocial.ct.infn.it For more information watch www.youtube.com/watch?v=w6wfuGUwVVU

11 Catania Science Gateways access workflow Compliant with the EGI.eu Portal and Traceability Policies 1. sign in 3. create a proxy from an eToken server with robot certificates User 6. get the results 4. execute action 3’/4’. track user Admin 5. get output The Grid 2”. authZ eToken server 2’. authN Identity Provider User Registry 11

12 The «lightweight» crypto-library 12

13 eTokenServer MyProxy Server ask/get VOMS AC attributes VOMS Server store long proxy (*) SSL encryption get results ask for a service list/create request execute a service get the results back retrieve serials/proxy (*) The eToken server working scenario 13

14 The Catania Grid Engine 14 Grid Engine Users Tracking DB Science GW Interface SAGA/JSAGA API Job Engine Data Engine Users Track & Monit. Science GW 1 Science GW 2 Science GW 3 Grid MWs Liferay Portlets eToken Server New ModifiedNewModified

15 First set of considerations - Interoperability  Interoperability is a property referring to the ability of diverse systems and organizations to work together (inter- operate). The term is often used in a technical systems engineering sense, or alternatively in a broad sense, taking into account social, political, and organizational factors that impact system to system performance;  According to ISO/IEC 2382-01 (Information Technology Vocabulary, Fundamental Terms), interoperability is "The capability to communicate, execute programs, or transfer data among various functional units in a manner that requires the user to have little or no knowledge of the unique characteristics of those units". 15

16 The CHAIN Worldwide Interoperability Demo (http://science-gateway.chain-project.eu) 16  To demonstrate that:  e-Infrastructures can be made interoperable to each other at user application level using standards  with the meaning of interoperability given in the previous slide;  VRC-specific applications can be submitted from anywhere and run everywhere

17 The CHAIN Worldwide Interoperability Demo - Requirements 17 1. The user interface must be only web based 2. Users must be transparently authenticated & authorised on all e-Infrastructures without any additional human/machine intervention 3. There must be the smallest possible interaction with both site managers and e-Infrastructure operators 4. No modification whatsoever of the various middleware should be required to their developers (missing JSAGA adaptors should be created)

18 CHAIN Demo Contributors 18

19 CHAIN Demo Applications (http://science-gateway.chain-project.eu/general-overview) 19 general purpose applications

20 CHAIN Demo Status (http://science-gateway.chain-project.eu/demo-status) 20 See the demo in action at the CHAIN booth (no. 7 in the exhibition area) and learn how to run it yourself !

21 Second set of considerations – Social Networks  About 1 billion people have accounts on the existing Social Networks (many of the researchers we are targeting with e-Infrastructures are among them)  Web-based social networking accounts for more than 10-15% of the total time spent online in the whole world  Social Networks’ are by far the most used (liked) virtual environments in the world 21

22 Catania “social” Science Gateways (http://www.facebook.com/pages/Catania-Science-Gateways/220075701389624) 22

23 Catania “social” Science Gateways (agINFRA Science Gateway as Facebook app) 23 SSO possible through the Social Networks’ Bridge IdP

24 24 Catania “social” Science Gateways (Italian Soil Information System – WebGIS-based and Cloud-enabled)

25 Third set of considerations – Mobile Access 25  More than 25% of mobile phones in the world are smartphones and the number of people connected through mobile appliances increases every year  Social networking amounts to 91% of mobile internet access, compared to 79% on desktops, and it is expected that by 2014 mobile internet should take over desktop internet usage (*)  So, mobile access to “everything” is not any more an option; it is a must and e-Infrastructures shouldn’t/won’t be an exception (*) http://www.biztechday.com/mobile-stats-2011-91-use-mobile-phones-to-socialize

26 The “mobile” Authentication Procedure (REST API independent of the Science Gateway) 26

27 Example #1: the new gLibrary architecture gLibrary REST API Metadata ServicesStorage Services AuthN/AuthZ Services StoragesDatabases Identity Federations eToken Service Grid Auth Service e-infrastructure resources Science Gateways Repo 1 Repo 2 Repo 3 Discovery Service Rest API

28 The mobile version of the INDICATE e-Culture Science Gateway – Browse contents

29 INDICATE Project Meeting The mobile version of the INDICATE e-Culture Science Gateway – Download contents

30 INDICATE Project Meeting First prototype The mobile version of the INDICATE e-Culture Science Gateway – Annotate contents

31 Example #2: KLIOS mobile (klios.ct.infn.it) 31 Knowledge Linking and sharIng in research dOmainS

32 Big challenges are in front of us…  Now that many users can potentially access and use Catania Science Gateways, a new training and communication strategy is needed as well as a portfolio of appealing applications to attract them 32

33 The Science Gateway market place 33 1. 2. 3. 4. 5. Users/VRCs SG Dev. Science Gateway

34 Survey for VRCs to propose applications (http://applications.epikh.eu/survey4sciencegateways) 34

35 Training for Science Gateway developers  New training material:  New training tools:  New training events:  http://agenda.ct.infn.it/conferenceDisplay.py?confId=608 http://agenda.ct.infn.it/conferenceDisplay.py?confId=608  http://agenda.ct.infn.it/conferenceDisplay.py?confId=784 http://agenda.ct.infn.it/conferenceDisplay.py?confId=784 35

36 Catania Science Gateway application developers task force 36  Argentina: 1  Brazil: 1  China: 1  Colombia: 9  Ecuador: 2  Italy: ~10  Mexico: 6  South Africa: 1  Spain: 2  Uruguay: 1  Venezuela: 7

37 Uptake of Catania Science Gateways 37 Users from 184 Organisations in 43 Countries

38 Summary and conclusions  e-Infrastructures can be very beneficial platforms for many users, provided they are really «easy to use»  Catania Science Gateways, with support for Identity Federations, Social Networks and mobile access, are changing the way Grid infrastructures are used, hugely widening their potential user base, especially non-IT experts and the “citizen scientist”, yet keeping the required security  The adoption of standards (JSR 286, SAGA, SAML, etc.) represents a concrete investment towards sustainability and allows worldwide interoperability at user application level  By design, the components of Catania Science Gateways have maximum re-usability and, indeed, they have been already adopted in/by several projects (agINFRA, DECIDE, EarthServer, EUMEDGRID-Support, GISELA, INDICATE, etc.)  If you want to join the Science Gateway market place, please contact me at sg-licence@ct.infn.itsg-licence@ct.infn.it 38

39 Thank you ! 39

Download ppt "How to integrate EGI portals with Identity Federations Roberto Barbera Univ. of Catania and INFN EGI Technical Forum – Prague,"

Similar presentations

Www.gisela-grid.eu Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.

Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.
Www.gisela-grid.eu Grid Initiatives for e-Science virtual communities in Europe and Latin America GISELA Achievements & Legacy (A vision into the future)

Grid Initiatives for e-Science virtual communities in Europe and Latin America GISELA Achievements & Legacy (A vision into the future)
Federated access to e-Infrastructures worldwide

Federated access to e-Infrastructures worldwide
Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo

Introduction on Science Gateway Understanding access and functionalities Catania, 09/06/2014Riccardo Rotondo
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo

Catania Science Gateway Framework Motivations, architecture, features Catania, 09/06/2014Riccardo Rotondo
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n. 306819 A Standard-based.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures – Proposal n A Standard-based.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.

1.The portal sends, under the user approval, user’s attribute retrieved from IDP to CA bridge 2.CA bridge module requests to a CA-online a certificate.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.

GILDA testbed GILDA Certification Authority GILDA Certification Authority User Support and Training Services in IGI IGI Site Administrators IGI Users IGI.
STAR net, Resources and VOs C. Vuerli, A. Costa, U. Becciani, P. Massimino, G. Castelli.

STAR net, Resources and VOs C. Vuerli, A. Costa, U. Becciani, P. Massimino, G. Castelli.
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.

ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
Https://aarc-project.eu Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing

Development of e-Science Application Portal on GAP WeiLong Ueng Academia Sinica Grid Computing
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 User Support in IGI: Related Tools and Services in Italy EGI Technical Forum 2011 19-23.

EGI-InSPIRE RI EGI-InSPIRE RI User Support in IGI: Related Tools and Services in Italy EGI Technical Forum

Similar presentations

Ads by Google