We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAbigail Boyle
Modified over 2 years ago
VO Support and directions in OMII-UK Steven Newhouse, Director
© 2 Our Mission… OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its international collaborators Promote the use of good-quality open-source software Reduce the risk of moving to new e-infrastructure world Recognise distinct user communities: by domain and function
© 3 Primary Concerns Standards driven Need to interoperate Recognise distinct requirements End-user Developer Service Provider Need to federate across multiple containers Provide infrastructures that are usable
© 4 OMII-UK Job Authorisation OMII 1.x: Application execution from GRIA Defined model enforced by PBAC PBAC: Process Based Application Control User registration & account (quota) creation Resource allocation for compute and data Data in Application execution Data out. Application needs to be installed on the machine
© 5 PBAC: Process Based Access Control Specify server side workflow Need to have performed Action Z on Service A before Action Y on Service B Check authorisation policy rather than interaction state State interaction captured within a conversation Authorisation action is related to a particular conversation Client interaction is planned & context dependent
© 6 OMII-UK Job Authorisation OMII 2.x: GridSAM GridSAM: Job Submission and Job Monitoring Uses JSDL to define the job Various back end environments DRMConnector Service specific Authorisation gridmap like Connector specific Authorisation
© 7 Within OMII 3.x Within a web service hosting environment Tomcat, Axis, WSS4J (WS-Security) Primarily Authentication through WS-Security Digital Signature on a signed message Signature MUST be signed by a certificate from a known CA Authentication data available to the service Outgoing message signed
© 8 Need to do better… An Authorisation policy that can be applied across consistently across all services Within a hosting environment A network of hosting environments (e.g. VO) A solution that can be reused: Apply policy for portlet access Service specific policies: Data tables within a database Queues or processor/memory limits within a job Standards driven
© 9 Current Prototype PERMIS: Generate Attribute Certs & Policy Authz Service: SAML 1.1 Assertion port type WS Request/ Response WS Container AXIS Handlers TestService OMIIAuthz OpenSAML LDAP PERMIS Management GUIs PEP = Policy Enforcement Point Due April 07 - OMII 3.4.0
© 10 But what is a VO? About roles, responsibilities and relationships Binding: Contractual Non-Binding: Best-effort End-users: Dynamic & flexible policy around their needs Resource Providers: Focus on users or VOs or real organisations? Usability: Critical need for tooling and integration into software
© 11 OMII-UK Users Applied Technology Specialists e-Infrastructure e-Researchers (domain & generic) Providers
© 12 Emerging Need: Dynamic Service Authorisation On job creation create a job specific policy Stevens job – he can manipulate & delete it But, the administrator can also delete it. But Steven may also want to allow June to be able to manipulate the job Provide an interface to manipulate policies Fine grained dynamic delegation
© 13 Other gaps in AAA… The third A – Accounting Looking at RUS & UR options Account (quota) solution from GRIA Applying for an account (e.g. GAMA, PURSe) The silent A – Audit Attribute Management VOMS Standards?
© 14 Summary Mange authorisation policies across services Accounting (use against quota) is important Pick up on existing standards & tools Authorisation infrastructure User registration & account generation Think about the stakeholders in the system OMII-UK currently a non-GSI world But out-of bound use through MyProxy Emerging need for dynamic policies & VOs
© 15 Where next… For further information, project lists, etc: Web: Downloads: OMII released last week. Calls: Portlets & GridAPIs For further questions, support issues, etc: Mail: For me: Mail:
OMII-UK Steven Newhouse, Director. © 2 OMII-UK aims to provide software and support to enable a sustained future for the UK e-Science community and its.
GT 4 Security Goals & Plans Sam Meder
Using VO based federation model for dynamic resource provisioning or VO devirtualised TF-EMC2 – 8-9 September 2005, Barcelona Yuri Demchenko Advanced Internet.
Supporting the UK e-Science community and their international collaborators Steven Newhouse.
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
Joint Information Systems Committee 01/04/2014 | | Slide 1 Connecting People to Resources The JISC Access Management Strategy Nicole Harris Programme Manager.
NIST PKI workshop Mary Thompson Srilekha Mudumbai Abdelilah Essiari Willie Chin Lawrence Berkeley National Laboratory Authorization Policy in a PKI Environment.
Infrastructure Systems: The Globus Toolkit BRIITE Meeting - Nov 2-4, Nov 2005, Salk Institute, La Jolla, CA Frank Siebenlist (Globus Alliance.
Grid Security Alvaro Arenas e-Science Centre, RAL, UK CoreGRID Summer School 2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability AAI and Grids Christoph.
Grid middleware services in CoreGRID Norbert Meyer Poznań Supercomputing and Networking Center
Building Portals to access Grid Middleware National Technical University of Athens Konstantinos Dolkas, On behalf of Andreas Menychtas.
AHM 2006 September 2006 DyVOSE Project: Experiences in Applying Advanced Authorisation Infrastructures John Watt (
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
0 Tech Day VI Reston, Virginia 19 April 2006 IEEE Computer Society Identity Federation in Cancer Biomedical Informatics Grid (caBIG TM ) A Federated Identity.
RMS and Scheduling for Future Generation Grids Ramin Yahyapour University Dortmund Leader CoreGRID Institute on Resource Management and Scheduling CoreGRID.
Joint Information Systems Committee 01/04/2014 | slide 1 Support e-Research at JISC Access Management and Security Joint Information Systems CommitteeSupporting.
Grid Deployment & Operations: EGEE, LCG and GridPP Jeremy Coles GridPP Production Manager UK&I Operations Manager for EGEE 20 th September.
Web: OMII-UK: progressing from adopting open specifications to sustainable open development by fostering Asia-Pacific.
2010 FutureGrid User Advisory Meeting Architecture Roadmap Long term vision 10:00-10:45, Monday, August 2, 2010 Pittsburgh, PA Gregor von Laszewski Representing.
Designing a Java-based Grid Scheduler using Commodity Services Patrick Wendel Arnold Fung Moustafa Ghanem Yike Guo Discovery NetInforSense Department of.
Access Grid Update Robert Olson Argonne National Laboratory SURA/ViDe 5 th Annual Digital Video Workshop.
INFSO-SSA International Collaboration to Extend and Advance Grid Education OGF User Forum Boston, USA, 23 th – xx th February 2008 tInfrastructure.
Research and NeSC Applications Prof Richard Sinnott Technical Director National e-Science Centre 26 th October 2006.
Grid Interoperability Through Standards Dr. Alistair Dunlop Project Manager.
ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.
Accounting & Settlement The Way Forward. Accounting & Settlement Page 1 Restatement of A&S objectives Background Work streams commissioned by.
DyVOSE Status Report Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director Technical Bioinformatics Research Centre University.
Interoperability and Usability of Grid Infrastructures Alistair Dunlop Achim Streit University of SouthamptonForschungszentrum Jülich.
© 2016 SlidePlayer.com Inc. All rights reserved.