...

Science Gateway

by user

on
82

views

Report

Comments

Transcript

Science Gateway
Introduction
on Science Gateway
Understanding access and
functionalities
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Outline
 What is a Science Gateway ?
 The Catania Science Gateway Framework
 General Architecture
 Authentication, Authorisation and Roles
 Catania Grid Engine
 Roles
 Use Case:
 The DECIDE Science Gateway
 The GARR Science Gateway
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Reference Model
Scientific
Application
E-Collaboration
Science
Gateway
Social
Application
Standard Services
GRID
Local Cluster
Users of different
Institutions
members of GARR
and/or
international
CLOUD
partners involved
in European
Projects of the
Riccardo Rotondo
Consortium
Tutorial on Science Gateways, Roma, 03.06.2013
Reference Model
Scientific
Application
E-Collaboration
Science
Gateway
Social
Application
Standard-based (SAGA)
middleware-independent
Grid Engine
Users of different
Institutions
members of GARR
and/or
international
partners involved
in European
Projects of the
Riccardo Rotondo
Consortium
Tutorial on Science Gateways, Roma, 03.06.2013
Requirements
 Authentication and Autorisation

SAML, LDAP
 Application middleware indipendent



jSAGA, SAGA
Standard
Standard
Adoption
Java Technology

168/286
 JSR
Reusability
Web
Technology
 Simplicity

Web CMS
 Wiki,
Blog, Messages
Board,
Vconf, access
Adobe Connect
Easy
usage
and
 Portal Framework
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Terena Identity Federations
http://www.terena.org/about/terena-membersmap.html
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Federated Identity Management (FIdM)
 In the web technology arena many approaches
are available to federate authentication
 A standard provided by OASIS defines the
Security Assertion Markup Language (SAML)
 Several tools are available, e.g.:
 Shibboleth
 SimpleSAMLphp
 Organisations can rely on traditional tools to
manage users:
 LDAP, CAS, plain text, etc.
 Free and Open Source
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Enabling SGs to FIdM
 Access to e-Infrastructure services requires
authentication.
 The distributed/cross-domain nature of
resources requires, in some case, strong
security mechanisms
 SGs willing to provide easy access to these
services
 Some institutions want to maintain the control
of their own users’ authentication
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
So a federation is made of…
 A collection of Identity Providers that follows a
defined set of rules and policy.
 Identity providers (IdPs) are responsible for
authenticating a closed group of users (i.e. of
the same organisation)
 Each IdPs regulate access to a set of Service
Providers (i.e. mail server of the mentioned
organisation)
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Federated User
Science
Gateway
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Social User
Science
Gateway
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Authorisation request
 The first time users access the Science
Gateway their IdP authenticates them
 LDAP server connected to the Service Provider
(SP) cannot authorise the users
 SP leads users automatically to the registration
form
 A part from them data, users can request for a
specific role
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Authorisation request
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Authorisation Managment
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Registration
 Users not belonging to any of the enabled
federation can register to the catch all Identity
Provider of the GrIDP federation
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Integrated Services
JSR 168/286
JSR 168/286
JSR 168/286
JSR 168/286
Catania Science Gateway Framework
GRID
CLOUD
Local
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Cluster
Catania Science Gateway Framework
Catania Science Gateway Framework
Grid Engine
Data On Grid
Services
Cloud Services
JSAGA
Adaptors
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Usage Workflow
eTokenServer
1. Sign in
5. Grid
Submission
GRID
2. Grid
Request
6. Getting
Results
5.
Tracking
User
Tracking
DB
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Access
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Applications accessing grid services
 12 applications developed among 5 different
countries and 3 continents (Europe, Latin
America and Asia);
 4 scientific domains:




Life Science;
Mathematic & Computer Science;
High Energy Physics;
Cultural Heritage.
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Job Submission
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Job Submission
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace – Active Job List
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace - Done Job List
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace – MyJobsMap
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
My Data
Sharing features
among users will
soon be added
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Roles & Privileges
 Surfing a Science Gateway changes according
different roles
 Mapping between Liferay roles and LDAP group
 Similar mapping available on grid (i.e. voms
roles)
 Liferay allows administrator to fully customize
users experience assigning different roles to
each components (pages, wikis, plugins, data)
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Facebook Integration
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
References
 GARR Science Gateway: https://sgw.garr.it
 GARR Science Gateway Facebook Community
Page:
https://www.facebook.com/GarrScienceGatewayCo
mmunity
 Training Material: https://gilda.ct.infn.it/wikimain
 Catania Science Gateways: http://www.cataniascience-gateways.it
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Questions ?
Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013
Fly UP