Presentation is loading. Please wait.

Presentation is loading. Please wait.

DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.

Similar presentations

Presentation on theme: "DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University."— Presentation transcript:

1 DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University of Glasgow NeSC Review 11 th October 2004

2 Overview The team Review goals of DyVOSE project Brief summary of technical approach Outline achievements thus far Plans for the future

3 Project Participants Dynamic Virtual Organisations in e-Science Education (DyVOSE) team Principal Investigators Dr Richard Sinnott (NeSC Glasgow) Prof David Chadwick (Salford) Developers Dr John Watt (NeSC Glasgow) Dr Sassa Otenko (Salford) Mr Tuan Anh Nguyen (Salford) Other Key People Involved Dr David Berry (NeSC Edinburgh) Dr Sandy Shaw (EDINA)

4 Dynamic Virtual Organisations for e-Science Education (DyVOSE) project Two year project started 1 st May 2004 funded by JISC Exploring advanced authorisation infrastructures for security in context of education University of Salford provide authorisation software (PERMIS) and security expertise Applied in Grid Computing module part of advanced MSc at the University of Glasgow –Will provide insight into rolling out authorisation infrastructures/Grid to the masses –Exploration of current state of the art in authorisation infrastructures –Second phase of work will involve NeSC Edinburgh/EDINA –Extensions to the existing PERMIS infrastructure to provide dynamic delegation of authority and recognition of authority DyVOSE Overview

5 Phase 1 Looking at applying existing PERMIS technology to establish static Privilege Management Infrastructure at GU DyVOSE Workplan ScotGrid Authorisation decisions Authorisation checks PERMIS based authorisation Education VOpolicies GU Condor pool Other (known!) Grid resources

6 Phase 1 Deliverables D1.1 Design of Educational Case Studies D1.2 Installation of Software Infrastructure for Static Delegation Based PMI D1.3 Detailed Design for Dynamic Delegation and Recognition of Authority Development of course material Including 20 lectures, 10 tutorials, 3 problem sets, 1 (large ~30hr) programming assignment To be taught by –Richard Sinnott –Colin Perkins –John Watt –one lecture by Seamus Ross (National Digital Curation Centre) DyVOSE Phase 1

7 Module Outline Week 1Lecture 1Introduction to Grid Computing Lecture 2Scalability and Heterogeneity Aspects of Grid Week 2Tutorial 1Discussion of Seminal Grid Papers Lecture 3Open Standards and Architectures Lecture 4Implementations of the Grid Architecture Week 3Lecture 5Resource Discovery/Information Services Lecture 6Web and Grid Services Tutorial 2GT3 Lab work Week 4Lecture 7Grid Security Concepts Lecture 8Virtual Organizations Lecture 9Security in Practice Week 5Tutorial 3Lab work investigating Grid Security implementations Lecture 10Job Scheduling and Management - Theory Lecture 11Job Scheduling and Management - Practice Week 6Tutorial 4Discussion of Job Scheduling Papers Lecture 12Workflow Management Tutorial 5Q&A on Programming Assignment Taught today

8 Module Outline …ctd Week 7Lecture 13Data Access, Integration and Management Lecture 14Data Provenance and Curation* Tutorial 6Discussion of Data Management/Provenance Week 8Lecture 15Data Transfer Lecture 16Peer-to-Peer Communication Tutorial 7Discussion of Networking Papers Week 9Lecture 17Tools for Collaboration Tutorial 8Discussion on the Future of Grid Computing Lecture 18The Future of Grid Computing Week 10Lecture 19Sample Applications Lecture 20Review of Major Concepts Tutorial 9Q & A * Given by Seamus Ross (DCC at Glasgow)

9 Current PERMIS based PMI approach PERMIS allows to Define roles for who can do what on what Policy = { Role x Target x Action } –Can user X invoke service Y and access or change data Z? »Policies created with PERMIS PolicyEditor (output is XML file)

10 PERMIS based Authorisation

11 PERMIS based Authorisation...ctd PERMIS Privilege Allocator then used to associate roles with specific users Signed policies are stored as attribute certificates in LDAP server Exploiting the GGF AuthZ specification Generic way to authorise access to Grid services using SAML callouts –Based on GT3.3 – PERMIS »Grid service (WSDD) has policy information associated with it »DN of clients, target and actions checked when attempts made to invoke services BRIDGES and DyVOSE only projects exploiting this API right now (Von Welch at AHM 2004)

12 Phase 2 D2.1 Report on Practical Experiences and Best Practices in Static Delegation Based PMI D2.2 Software implementing Dynamic Delegation and Authority Recognition in PERMIS Phase 3 D3.1 User Manuals and Administrator Guides on Using and Setting up and Managing Dynamic Delegation Infrastructures D3.2 Report on Practical Experiences in Using Dynamic Delegation Infrastructures as Part of e-Science Education D 3.3 NMI release of PERMIS that supports dynamic Delegation and Recognition of Authority DyVOSE Phase 2 and 3

13 DyVOSE Phase 2/3 ScotGrid PERMIS based Authorisation checks/decisions Glasgow Education VO policies Condor pool Edinburgh Education VO policies Shibboleth Blue Dwarf GlasgowEdinburgh Dynamically established VO resources/users Delegated VO policies

14 Majority of lecture materials completed First lecture had over 50 students Clear demand for Grid education/teaching materials!!! Assignment/case study defined exploring authorisation infrastructure (and GT3.3/Condor) Infrastructure established in NeSC Glasgow training laboratory Initial design of dynamic PMI complete Input to wider UK security requirements document (Being drafted by Howard Chivers) Work Progress

15 Wrestling with GT3.3 and PERMIS integration Some delays due to version issues with GT3.3 Basic authorisation complete but more complex authorisation aspects being investigated Complexity of assignment issues? Continued feedback on PERMIS tools Policy editor refinements –Numerous discussions/meetings with Salford team on sorting out PERMIS-GT3.3 issues Building on experiences of MSc of Anthony Stell (NeSC ETF Grid engineer) comparing different authorisation infrastructures Work Progress …ctd

16 Achievements Web site established Poster at JISC meeting in Brighton Poster at AHM 2004 in Nottingham Course materials nearing completion Provided to EGEE training team

17 Future plans Attendance at JISC Shibboleth training course Feed experiences into wider Grid community (ETF AAA work) Continued input to wider security requirements/scenario documents (and to STF?) Applying experiences in other projects (VOTES) Course materials to be presented at e-Science Education workshop at NeSC 1-2 November Conduit for information from JISC Core Middleware projects and wider UK e-Science activities

18 Questions?

Download ppt "DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University."

Similar presentations

Ads by Google