We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAbigail Boyle
Modified over 3 years ago
VO Support and directions in OMII-UK Steven Newhouse, Director
© 2 Our Mission… OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its international collaborators Promote the use of good-quality open-source software Reduce the risk of moving to new e-infrastructure world Recognise distinct user communities: by domain and function
© 3 Primary Concerns Standards driven Need to interoperate Recognise distinct requirements End-user Developer Service Provider Need to federate across multiple containers Provide infrastructures that are usable
© 4 OMII-UK Job Authorisation OMII 1.x: Application execution from GRIA Defined model enforced by PBAC PBAC: Process Based Application Control User registration & account (quota) creation Resource allocation for compute and data Data in Application execution Data out. Application needs to be installed on the machine
© 5 PBAC: Process Based Access Control Specify server side workflow Need to have performed Action Z on Service A before Action Y on Service B Check authorisation policy rather than interaction state State interaction captured within a conversation Authorisation action is related to a particular conversation Client interaction is planned & context dependent
© 6 OMII-UK Job Authorisation OMII 2.x: GridSAM GridSAM: Job Submission and Job Monitoring Uses JSDL to define the job Various back end environments DRMConnector Service specific Authorisation gridmap like Connector specific Authorisation
© 7 Within OMII 3.x Within a web service hosting environment Tomcat, Axis, WSS4J (WS-Security) Primarily Authentication through WS-Security Digital Signature on a signed message Signature MUST be signed by a certificate from a known CA Authentication data available to the service Outgoing message signed
© 8 Need to do better… An Authorisation policy that can be applied across consistently across all services Within a hosting environment A network of hosting environments (e.g. VO) A solution that can be reused: Apply policy for portlet access Service specific policies: Data tables within a database Queues or processor/memory limits within a job Standards driven
© 9 Current Prototype PERMIS: Generate Attribute Certs & Policy Authz Service: SAML 1.1 Assertion port type WS Request/ Response WS Container AXIS Handlers TestService OMIIAuthz OpenSAML LDAP PERMIS Management GUIs PEP = Policy Enforcement Point Due April 07 - OMII 3.4.0
© 10 But what is a VO? About roles, responsibilities and relationships Binding: Contractual Non-Binding: Best-effort End-users: Dynamic & flexible policy around their needs Resource Providers: Focus on users or VOs or real organisations? Usability: Critical need for tooling and integration into software
© 11 OMII-UK Users Applied Technology Specialists e-Infrastructure e-Researchers (domain & generic) Providers
© 12 Emerging Need: Dynamic Service Authorisation On job creation create a job specific policy Stevens job – he can manipulate & delete it But, the administrator can also delete it. But Steven may also want to allow June to be able to manipulate the job Provide an interface to manipulate policies Fine grained dynamic delegation
© 13 Other gaps in AAA… The third A – Accounting Looking at RUS & UR options Account (quota) solution from GRIA Applying for an account (e.g. GAMA, PURSe) The silent A – Audit Attribute Management VOMS Standards?
© 14 Summary Mange authorisation policies across services Accounting (use against quota) is important Pick up on existing standards & tools Authorisation infrastructure User registration & account generation Think about the stakeholders in the system OMII-UK currently a non-GSI world But out-of bound use through MyProxy Emerging need for dynamic policies & VOs
© 15 Where next… For further information, project lists, etc: Web: www.omii.ac.ukwww.omii.ac.uk Downloads: OMII 3.2.0 released last week. Calls: Portlets & GridAPIs For further questions, support issues, etc: Mail: email@example.com@omii.ac.uk For me: Mail: firstname.lastname@example.org@omii.ac.uk
Standards driven AAA for Job Management within the OMII-UK distribution Steven Newhouse Director, OMII-UK
OMII-UK Steven Newhouse, Director. © 2 OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its.
GT 4 Security Goals & Plans Sam Meder
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
1 OMII Release 1 Steven Newhouse, Peter Henderson Stephen Crouch & Karen Ng Presented by Mike Mineter for the NGS Induction Course
The National Grid Service and OGSA-DAI Mike Mineter
Supporting the UK e-Science community and their international collaborators Steven Newhouse.
User requirements for and concerns about a European e-Infrastructure Steven Newhouse, Director.
Software from Science for Science Steven Newhouse, Director.
Delivering User Needs: A middleware perspective Steven Newhouse Director.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
15th January, NGS for e-Social Science Stephen Pickles Technical Director, NGS Workshop on Missing e-Infrastructure Manchester, 15 th January, 2007.
Lousy Introduction into SWITCHaai
MyProxy Jim Basney Senior Research Scientist NCSA
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
VOMS & SAML Valerio Venturi MWSG /6/07. EU project: RIO31844-OMII-EUROPE OMII-Europe OMII-Europe is an EU-funded project which has been established.
Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
A PERMIS-based Authorization Solution between Portlets and Back-end Web Services Hao Yin 1, Sofia Brenes-Barahona 2, Donald F. McMullen * 2, Marlon Pierce.
COMP3019 Coursework: Introduction to GridSAM Steve Crouch School of Electronics and Computer Science.
© 2017 SlidePlayer.com Inc. All rights reserved.