Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case Study 2: User Registration for the Earth System Grid.

Similar presentations

Presentation on theme: "Case Study 2: User Registration for the Earth System Grid."— Presentation transcript:

1 Case Study 2: User Registration for the Earth System Grid

2 VOiG June 2007The Globus Toolkit in Cyberinfrastructure2 The Earth System Grid

3 VOiG June 2007The Globus Toolkit in Cyberinfrastructure3 ESG Project Goals l Improve productivity/capability for the simulation and data management team (data producers). l Improve productivity/capability for the research community in analyzing and visualizing results (data consumers). l Enable broad multidisciplinary communities to access simulation results (end users). l The community needs an integrated cyberinfrastructure to enable smooth workflow for knowledge development: compute platforms, collaboration & collaboratories, data management, access, distribution, and analysis.

4 VOiG June 2007The Globus Toolkit in Cyberinfrastructure4 The Challenge l ESG is a distributed system that genuinely requires Grid-style distributed authentication. l ESG is used by scientists who dont need to be bothered with certificates. l CHALLENGE: Provide Grid security for the system but do it in such a way that end users dont have to manage certificates themselves.

5 VOiG June 2007The Globus Toolkit in Cyberinfrastructure5 Issues - Social l Ease of Use u ESG users shouldnt have to manage their own certificates. u Its too complicated, intrusive. u They dont do it well (securely). l Support u Certificate management generates a lot of user support work. l Use cases u Most ESG users are data readers, not writers. u Data producers and project funders want to know who the users are (registration), but access control among registered users is not a major requirement.

6 VOiG June 2007The Globus Toolkit in Cyberinfrastructure6 Issues - Technical l Distributed System u ESG has four major data centers, each with its own security system. u Users should not have to keep track of four sets of credentials and know when to use each. u The ESG web portal needs users credentials to perform work on their behalf, so a secure mechanism for doing that is important. l Integration u ESG uses GridFTP, RLS, OpenDAPg, and GRAM to meet other system requirements, so GSI has to be supported.

7 VOiG June 2007The Globus Toolkit in Cyberinfrastructure7 MyProxy l MyProxy is a remote service that stores user credentials. u Users can request proxies for local use on any system on the network. u Web Portals can request user proxies for use with back-end Grid services. l Grid administrators can pre- load credentials in the server for users to retrieve when needed. l Greatly simplifies certificate management!

8 VOiG June 2007The Globus Toolkit in Cyberinfrastructure8 Simple CA l A convenient method of setting up a certificate authority (CA). u The Certificate Authority can then be used to issue certificates for users and services that work with GSI and WS-Security. u Simple CA is intended for operators of small Grid testing environments and users who are not part of a larger Grid. l Most production Grids will not accept certificates that are not signed by a well-known CA, so the certificates generated by Simple CA will usually not be sufficient to gain access to production services.

9 VOiG June 2007The Globus Toolkit in Cyberinfrastructure9 Scenario 1 - User Registration l The user fills out the registration web page, establishes an ID/password, and the information is stored in a database. l The administrator is sent email.

10 VOiG June 2007The Globus Toolkit in Cyberinfrastructure10 Scenario 2 - Administrator Approval l Administrator visits the registration website and retrieves the registration data. l If the administrator approves the request, PURSE uses SimpleCA to generate a certificate and stores it in MyProxy. l The user is sent email.

11 VOiG June 2007The Globus Toolkit in Cyberinfrastructure11 Scenario 3 - User Login l The user logs into the application website using the ID/password established during registration. l The application obtains a proxy using MyProxy. l The application uses the proxy to authenticate to Grid services.

12 VOiG June 2007The Globus Toolkit in Cyberinfrastructure12 Sample email messages (a) Email confirmation step: message sent to user Date: Thu, 1 Jul 2004 14:25:47 -0600 (MDT) From: To: Subject: ESG Registration The Earth System Grid (ESG) Portal received a request for a new user account that uses your email address. Click on the link below to confirm your request (NOTE: you will not be able to login until you receive an email from the portal administrator indicating your request has been approved): en=000000fd-7c62-605c-ffffdea0-766ad9819840 If you did not request this account, please inform us at esg- Thank you, ESG System Administrator (b) Email sent to CA operator for approval From: Date: July 1, 2004 12:17:07 AM MDT To: Subject: ESG Registration A request has been made for user account on the ESG Portal. You may access the details of the request by clicking on the following link. 8387f64897be 8387f64897be Customizable

13 VOiG June 2007The Globus Toolkit in Cyberinfrastructure13 RA/CA Form Customizable

14 VOiG June 2007The Globus Toolkit in Cyberinfrastructure14 Results - ESG l Four data centers (LBNL, LLNL, NCAR, ORNL) l 700 registered users by May 2005, 2500 users in 2006, ~4000 now l Four major datasets are available, with associated code and metadata l Datasets added as they are produced l >200 journal articles published 2005-2006 from analyses of data delivered by the ESG

15 VOiG June 2007The Globus Toolkit in Cyberinfrastructure15 Results - Science l ESG allows ~4000 people to work with climate model datasets. l PURSE is available from dev.Globus u Generic version for re-use u Includes portlet code developed by OGCE u Allows users to import existing credentials u Supported by dev.Globus PURSE incubator project, with funding from NSF (CDIGS, OGCE) u Used in ESG, NVO, SWEGrid l GAMA is available from SDSC. u Portlet implementation hosted by GridSphere u Allows sharing by multiple portal applications u Currently used by GEON and BIRN projects

16 VOiG June 2007The Globus Toolkit in Cyberinfrastructure16 A Few PURSE Lessons l It is possible (and desirable) to hide Grid security from users. u Online repositories are one way to do this. u Others options include online CAs (e.g., KCA and KX.509). l Requirements and use cases are important. u Need to know exactly what the community concerns are: what needs to be protected. u Need to clearly identify roles. l Generalizing to PURSE was not trivial. u New requirements (e.g., credential import) u Documentation and usability testing l Community support was essential. u Addition of JSR-168-compliant portlets by OGCE made a big difference in usability. u Broader community of supporters.

Download ppt "Case Study 2: User Registration for the Earth System Grid."

Similar presentations

Ads by Google