Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr.

Published byRoberta Wilkerson Modified over 9 years ago

Similar presentations

Presentation on theme: "Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr."— Presentation transcript:

1 Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr

2 Gateway Objectives for PY4 and 5 TeraGrid integration will be straightforward for new and existing gateway developers There will be a set of easy to discover general services provided by and for Gateways The targeted support program will be well- organized We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users There will be a funded cross-directorate gateway program at the NSF Presented December, 2007

3 We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users A unique identifier for each end gateway user per community account must exist in TGCDB Gateways will need to transmit and TGCDB will need to receive this additional identifier through any job submission mechanism Attribute-based authentication in production and easy to use Presented December, 2007

4 How will we meet those goals? Attribute-based authentication –In our case, GridShib for Globus –Fantastic documentation and assistance Thanks Jim Basney, Tom Scavo, Terry Fleury –http://www.teragridforum.org/mediawiki/index.php?title =Science_Gateway_Credential_with_Attributeshttp://www.teragridforum.org/mediawiki/index.php?title =Science_Gateway_Credential_with_Attributes

5 How have we been moving toward those goals in 2008? Q108 –GridShib SAML Tools released for gateways with documentation –Successfully tested VOMS/SAML for OSG/TG interop –GridShib for Globus Toolkit released for RPs Q208 –TeraGrid 08 Tutorial, poster, BoF, demo for gateways at working group meeting –GridShib SAML integrated into SimpleGrid Q308 –Provided a testing mechanism for Science Gateways to verify they are including attributes correctly (http://gstest.ncsa.uiuc.edu/) –Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team –Published GridShib configuration file for TG RPs Q408 –Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs –Engage with additional Science Gateways to incorporate attributes into their job submissions –Update GT GRAM Audit capabilities to support recording of gateway job attributes

6 How will this be made available at RP sites? science-gateway CTSS kit, which includes commsh –NCSA-developed, PSC-enhanced tool to restrict community accounts –http://security.ncsa.uiuc.edu/research/commaccts/docs/howto.php GridShib for Globus Toolkit –NCSA-developed tool to collect, process, store and log attributes Future TG-specific efforts will store these in the TGCDB –http://gridshib.globus.org/http://gridshib.globus.org/ Kit name for information services lookup at http://info.teragrid.org –science-gateway.teragrid.org Installation instructions –http://software.teragrid.org/pacman/ctss4/ctss-science-gateway- registration/README.install

7 Who’s expressed interest in deploying the gateway kit in PY4? ResourceSGW Support IU BigRedX IU Quarry LONI QueenBeeX NCAR Frost NCSA AbeX NCSA CobaltX NCSA MercuryX NICS Kraken ORNL NSTGX PSC BigBenX PSC PopleX Purdue CondorX Purdue SteeleX SDSC DTFX TACC LoneStarX TACC MaverickX TACC RangerX UC/ANL DTFX UC/ANL VisX Results of survey conducted by Lee Liming and team, sent to tg-leads 8/13/08

8 Who’s expressed interest in testing the gateway kit in PY4? ResourceSGW Support TACC LoneStarX NCSA MercuryX This talk is to remind the TeraGrid team of the higher level goals and the importance of the work and generate interest in testing so we can meet our goals!

9 Ambitious, but achievable goal By September, 2009 all jobs submitted by community accounts will include attributes with unique user identifiers to be stored in the TGCDB Next steps –RP testing through Feb 2009 –Globus Toolkit 4.0.9 released Feb 2009 –Capability Kit V2 released Mar 2009 –Production installations of Capability Kit V2 –6-month gateway transition – March through August News postings, education process, log analysis to identify who still needs to make the switch, lots of support –Big party in September!

10 What would we like to happen next? More RPs for testing –What does testing mean? (identify a node, install Capability Kit V1, work one-on-one with NCSA to test) –What’s the impact on a site? (admin needed to install and test GT 4.0.8 + GridShib for GT) –What’s the impact on Globus performance? (negligible) –Real focus on this through February More gateways for testing –GISolve, nanoHUB and SimpleGrid have done some tests already Nancy, Stu can identify gateways –Real focus on this, increasing over the summer Where do you sign up? –Email jbasney@ncsa.uiuc.edu (RPs) or wilkinsn@sdsc.edu (gateways)jbasney@ncsa.uiuc.eduwilkinsn@sdsc.edu –Help is available!

11 Community Account Usage by Site in 2008 Over 2M CPU hours used by community accounts in 2008

12 Quarterly Meeting Attribute-based Access for Science Gateways Jan-Mar –Released GridShib SAML Tools v0.3.0-0.3.2 with documentation for gateways http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes Added support for tracking community user attributes (username, IP address, email address, and authentication timestamp) –Tested VOMS-SAML compatibility with Steve Clark @ Purdue All discovered issues resolved in GridShib SAML Tools v0.3.2 release –Prepared GridShib for Globus Toolkit v0.6.0 for RP deployment Added support for parsing and logging community user attributes Added support for blacklisting users based on IP and Science Gateway Identity as requested by Security-WG Tested against CTSS4

13 Quarterly Meeting Attribute-based Access for Science Gateways Apr-Jun Accomplishments –Presented GridShib TeraGrid work at GlobusWorld 2008 (Oakland) http://grid.ncsa.uiuc.edu/presentations/globusworld-trscavo-20080514.pdf http://grid.ncsa.uiuc.edu/presentations/globusworld-trscavo-20080514.pdf –Participated in TeraGrid 08 conference Contributed to Building Science Gateways tutorial http://www.collab-ogce.org/ogce/images/1/12/OGCE-TG08Tutorial_Part4.ppt Presented a digital poster http://grid.ncsa.uiuc.edu/presentations/tg08-poster-ncsa-srd.ppt Organized a BoF http://grid.ncsa.uiuc.edu/presentations/tg08-bof-ncsa-srd.ppt –GridShib SAML Tools v0.4.1 integrated into SimpleGrid 0.6.2 –Initiated process to integrate GridShib for GT into CTSS4 http://www.teragridforum.org/mediawiki/index.php?title=CTSS_4_Science_Gateway_Capability http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes_Status http://bugzilla.globus.org/globus/show_bug.cgi?id=6167 http://www.teragridforum.org/mediawiki/index.php?title=CTSS_4_Science_Gateway_Capability http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes_Status http://bugzilla.globus.org/globus/show_bug.cgi?id=6167 –Work to store community user attributes in TGCDB for counting gateway users –Released GridShib SAML Tools v0.4.0-0.5.0 with documentation for gateways http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes Modified as needed for GridShib-SimpleGrid integration –Submitted abstract for UK eScience All Hands workshop on Information Assurance (http://www.allhands.org.uk/2008/programme/workshop4.cfm) - accepted Jul 8http://www.allhands.org.uk/2008/programme/workshop4.cfm

14 Imaginary October quarterly, October, 08 Gateway User Count Jul-Sep 2008 Accomplishments –Provided a testing mechanisms for Science Gateways to verify they are including attributes correctly http://gstest.ncsa.uiuc.edu/ –Prepared GridShib software for CTSS Gateway Capability Kit http://www.teragridforum.org/mediawiki/index.php?title=CTSS_4_Science_Gateway_Capability GridShib SAML Tools v0.5.0 http://www.globus.org/mail_archive/gridshib-user/2008/09/msg00009.html GridShib for GT v0.6.1 http://www.globus.org/mail_archive/gridshib-user/2008/09/msg00022.html –Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team http://docs.google.com/Doc?id=ddj3qnj2_2045xgs5g7h https://repo.teragrid.org/head/gig-si/software/source/globus/gridshib/docs/ConfigGS4GT4CTSS4.html –Published GridShib configuration file for TG RPs http://info.teragrid.org/gateways/trusted_authorities_entity_map.txt –Basney and Shelmire presented “TeraGrid Science Gateways: Scaling TeraGrid Access” at the UK e-Science All Hands Meeting http://www.ncsa.uiuc.edu/~jbasney/ahm2008.pdf http://www.ncsa.uiuc.edu/~jbasney/teragrid-gateways-ahm08.ppt

15 Gateway User Count Oct-Dec 2008 Plans –Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs –Engage with additional Science Gateways to incorporate attributes into their job submissions –Update GT GRAM Audit capabilities to support recording of gateway job attributes This is the next step in the end-to-end gateway user count goal Imaginary October quarterly, October, 08

Download ppt "Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr."

Similar presentations

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management

Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.
Gateway Transition Issues TeraGrid 10, August 2-5, 2010.

Gateway Transition Issues TeraGrid 10, August 2-5, 2010.
User Services Transition To XD TG Quarterly Management Meeting, San Juan 12/7/2010 Amit & Sergiu.

User Services Transition To XD TG Quarterly Management Meeting, San Juan 12/7/2010 Amit & Sergiu.
User Introduction to the TeraGrid 2007 SDSC NCAR TACC UC/ANL NCSA ORNL PU IU PSC.

User Introduction to the TeraGrid 2007 SDSC NCAR TACC UC/ANL NCSA ORNL PU IU PSC.
TG09 Gateway Face to Face Please make yourself comfortable at the front of the room! Nancy Wilkins-Diehr TeraGrid Area Director for Science Gateways

TG09 Gateway Face to Face Please make yourself comfortable at the front of the room! Nancy Wilkins-Diehr TeraGrid Area Director for Science Gateways
GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch
(e)Science-Driven, Production- Quality, Distributed Grid and Cloud Data Infrastructure for the Transformative, Disruptive, Revolutionary, Next-Generation.

(e)Science-Driven, Production- Quality, Distributed Grid and Cloud Data Infrastructure for the Transformative, Disruptive, Revolutionary, Next-Generation.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Core Services I & II David Hart Area Director, UFP/CS TeraGrid Quarterly Meeting December 2008.

Core Services I & II David Hart Area Director, UFP/CS TeraGrid Quarterly Meeting December 2008.
Network, Operations and Security Area Tony Rimovsky NOS Area Director

Network, Operations and Security Area Tony Rimovsky NOS Area Director
Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Jon Siwek Von Welch Nancy Wilkins-Diehr.

Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Jon Siwek Von Welch Nancy Wilkins-Diehr.
Science Gateways Objectives aka Nancy’s Brave New Gateway World Quarterly Meeting, December 6-7, 2007.

Science Gateways Objectives aka Nancy’s Brave New Gateway World Quarterly Meeting, December 6-7, 2007.
TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.
GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch

GridShib: Grid-Shibboleth Integration (Identity Federation and Grids) April 11, 2005 Von Welch
GIG Software Integration: Area Overview TeraGrid Annual Project Review April, 2008.

GIG Software Integration: Area Overview TeraGrid Annual Project Review April, 2008.
TeraGrid Information Services December 1, 2006 JP Navarro GIG Software Integration.

TeraGrid Information Services December 1, 2006 JP Navarro GIG Software Integration.
GIG Software Integration Project Plan, PY4-PY5 Lee Liming Mary McIlvain John-Paul Navarro.

GIG Software Integration Project Plan, PY4-PY5 Lee Liming Mary McIlvain John-Paul Navarro.
TeraGrid Information Services John-Paul “JP” Navarro TeraGrid Grid Infrastructure Group “GIG” Area Co-Director for Software Integration and Information.

TeraGrid Information Services John-Paul “JP” Navarro TeraGrid Grid Infrastructure Group “GIG” Area Co-Director for Software Integration and Information.
SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.

SC06 – Powerful Beyond Imagination Tampa, FL Nov 14, 2006 Scaling TeraGrid Access: A Roadmap (Testbed) for Federated Identity Management for a Large Cyberinfrastructure.

Similar presentations

Ads by Google