Post on 20-May-2015
description
Tutorial on Science Gateways, Roma, 03.06.2013
Riccardo Rotondo
Introduction on Science Gateway Understanding access and functionalities
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Outline § What is a Science Gateway ?
§ The Catania Science Gateway Framework § General Architecture
§ Authentication, Authorisation and Roles
§ Catania Grid Engine
§ Roles
§ Use Case: § The DECIDE Science Gateway
§ The GARR Science Gateway
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Reference Model
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Science G
ateway
Scientific Application E-Collaboration
Social Application
Standard Services
Users of different Institutions
members of GARR and/or
international partners involved
in European Projects of the
Consortium
GRID
CLOUD Local Cluster
Reference Model
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Science G
ateway
Scientific Application E-Collaboration
Social Application
Users of different Institutions
members of GARR and/or
international partners involved
in European Projects of the
Consortium
Standard-based (SAGA) middleware-independent
Grid Engine
Requirements § Authentication and Autorisation
§ SAML, LDAP
§ Application middleware indipendent § jSAGA, SAGA
§ Standard Java Technology § JSR 168/286
§ Web Technology § Web CMS
§ Wiki, Blog, Messages Board, Vconf, Adobe Connect
§ Portal Framework
§ Standard Adoption § Reusability § Simplicity § Easy usage and access
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Terena Identity Federations
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
http://ww
w.terena.org/about/terena-m
embers-
map.htm
l
Federated Identity Management (FIdM)
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
§ In the web technology arena many approaches are available to federate authentication
§ A standard provided by OASIS defines the Security Assertion Markup Language (SAML)
§ Several tools are available, e.g.: § Shibboleth § SimpleSAMLphp
§ Organisations can rely on traditional tools to manage users: § LDAP, CAS, plain text, etc.
§ Free and Open Source
Enabling SGs to FIdM
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
§ Access to e-Infrastructure services requires authentication.
§ The distributed/cross-domain nature of resources requires, in some case, strong security mechanisms
§ SGs willing to provide easy access to these services
§ Some institutions want to maintain the control of their own users’ authentication
So a federation is made of…
§ A collection of Identity Providers that follows a defined set of rules and policy.
§ Identity providers (IdPs) are responsible for authenticating a closed group of users (i.e. of the same organisation)
§ Each IdPs regulate access to a set of Service Providers (i.e. mail server of the mentioned organisation)
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Federated User
Science Gateway
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Social User
Science Gateway
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Authorisation request
§ The first time users access the Science Gateway their IdP authenticates them
§ LDAP server connected to the Service Provider (SP) cannot authorise the users
§ SP leads users automatically to the registration form
§ A part from them data, users can request for a specific role
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Authorisation request
Authorisation Managment
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Registration
§ Users not belonging to any of the enabled federation can register to the catch all Identity Provider of the GrIDP federation
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo
Integrated Services
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
GRID CLOUD
JSR 168/286 JSR 168/286
JSR 168/286
JSR 168/286
Catania Science Gateway Framework
Local Cluster
Catania Science Gateway Framework
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Catania Science Gateway Framework
Grid Engine Data On Grid Services
Cloud Services
JSAGA Adaptors
Usage Workflow
Riccardo Rotondo
1. Sign in GRID
eTokenServer
User Tracking DB
5. Grid Submission
5. Tracking
6. Getting Results
Tutorial on Science Gateways, Roma, 03.06.2013
2. Grid Request
Access
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Applications accessing grid services
Riccardo Rotondo
§ 12 applications developed among 5 different countries and 3 continents (Europe, Latin America and Asia);
§ 4 scientific domains: § Life Science; § Mathematic & Computer Science; § High Energy Physics; § Cultural Heritage.
Tutorial on Science Gateways, Roma, 03.06.2013
Job Submission
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Job Submission
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace – Active Job List
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace - Done Job List
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
My Workspace – MyJobsMap
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
My Data
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Sharing features among users will soon be added
Roles & Privileges
§ Surfing a Science Gateway changes according different roles
§ Mapping between Liferay roles and LDAP group § Similar mapping available on grid (i.e. voms
roles) § Liferay allows administrator to fully customize
users experience assigning different roles to each components (pages, wikis, plugins, data)
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Facebook Integration
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
References § GARR Science Gateway: https://sgw.garr.it § GARR Science Gateway Facebook Community
Page: https://www.facebook.com/GarrScienceGatewayCommunity
§ Training Material: https://gilda.ct.infn.it/wikimain § Catania Science Gateways:
http://www.catania-science-gateways.it
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013
Questions ?
Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013