July 18, 2012

Campus Bridging Security Challenges from “Panel: Security for Science Gateways and Campus Bridging”

Craig Stewart (stewart@iu.edu)Executive Director, Pervasive Technology Institute, Indiana University and XSEDE Campus Bridging Manager

Campus Bridging• In early 2009 National Science Foundation’s (NSF) Advisory Committee for

Cyberinfrastructure (ACCI) charged six different task forces: one of those was called Campus Bridging.

• Cyberinfrastructure consists of computational systems, data and information management, advanced instruments, visualization environments, and people, all linked together by software and advanced networks to improve scholarly productivity and enable knowledge breakthroughs and discoveries not otherwise possible.

• The goal of campus bridging is to enable virtual proximity:– the seamlessly integrated use among a scientist or engineer’s personal

cyberinfrastructure; cyberinfrastructure on the scientist’s campus; cyberinfrastructure at other campuses; and cyberinfrastructure at the regional, national, and international levels; as if they were proximate to the scientist.

– When working within the context of a Virtual Organization (VO), the goal of campus bridging is to make the ‘virtual’ aspect of the organization irrelevant (or helpful) to the work of the VO.

2

Challenges regarding campus bridging• It’s not a specific thing. You can’t point to a ‘campus bridge’

the way you can a supercomputer• There is no such thing as a ‘campus bridger’ the way there is a

Campus Champion. • It may make sense to talk about a ‘bridged resource’ • It’s more a mindset toward a particular form of technical

interoperability and usability than it is a specific thing• The hardest thing about campus bridging: explaining a set of

use cases that affects several types of XSEDE activities as campus bridging

• The second hardest thing: getting colleagues to abandon the idea that groups interested in campus bridging are XSEDE Service Provider wannabees.

3

InCommon authentication

– Need for education, information– 3rd party providers (for people at small institutions

and international partners)?– 2 factor authentication?

4

Shared Virtual Compute Facilities• SVCF – virtual cluster independent of XSEDE

– Can we provide tools that will create authentication screens that look and work like XSEDE login

– Doing this requires supporting multiple authentication mechanisms

– Remember: not everyone one wants to have an XSEDE label on their organization!

• SVCF – accepting jobs from XSEDE– Requires ability for SVCFs to accept jobs (and trust) XSEDE– Requires ability for XSEDE to trust SVCFs– Requires trouble ticket exchange and security notification / response

processes– This sort of SVCF may be a type of entity that one could meaningfully

call a ‘bridged resource.’

5

Data security

• Provenance of non-sensitive data• Sensitive data!

6

Please cite as:

Stewart, C.A. Campus Bridging Security Challenge (From Basney, J., R. Butler, D. Fraser, S. Marru, and C.A. Stewart. "Panel: Security for Science Gateways and Campus Bridging"). 2012. Presentation. Presented at: XSEDE12 (Chicago, IL, 16-20 Jul 2012). http://hdl.handle.net/2022/14713

All slides (except where explicitly noted) are copyright 2012 by the Trustees of Indiana University, and this content is released under the Creative Commons Attribution 3.0 Unported license (http://creativecommons.org/licenses/by/3.0/)

Thanks• Campus Champions – whose input has already shaped Campus Bridging activities greatly.• All XSEDE staff• Guy Almes, Von Welch, Patrick Dreher, Jim Pepin, Dave Jent, Stan Ahalt, Bill Barnett,

Therese Miller, Malinda Lingwall, Maria Morris• Gabrielle Allen, Jennifer Schopf, Ed Seidel, all of the NSF program officers involved in the

campus bridging task force activities• All of the IU Research Technologies and Pervasive Technology Institute staff who have

contributed to this entire 2+ year process• Special thanks to CASC members who have participated in one of n information gathering

exercises (where n is large)• NSF for funding support (Awards 040777, 1059812, 0948142, 1002526, 0829462; this

material and ongoing work supported by Award 1053575)• Funding support provided by Lilly Endowment and the Indiana University Pervasive

Technology Institute• Any opinions presented here are those of the presenter or collective opinions of members

of the Task Force on Campus Bridging and do not necessarily represent the opinions of the National Science Foundation or any other funding agencies

8