Presentation on theme: "Spatial Data e-Infrastructure UK e-Science ALL HANDS MEETING 2008 8-11 September, Edinburgh, UK Higgins, C., Koutroumpas, M., Sinnott, R.O., Watt, J.,"— Presentation transcript:
Spatial Data e-Infrastructure UK e-Science ALL HANDS MEETING 2008 8-11 September, Edinburgh, UK Higgins, C., Koutroumpas, M., Sinnott, R.O., Watt, J., Docherty, T., Hume, A.C.,Turner, A.G.D., Rawnsley, D firstname.lastname@example.org
Aiming to demonstrate how access to GI on Grid may be achieved: Shibboleth WS-Security GSI OGC Web Services Partners: EDINA, NeSC, NCeSS, MIMAS, EPCC Main deliverable is a number of demonstrators Part of the JISC Grid OGC Collision Programme SEcurE access to GEOspatial services
Lots of users, eg, ~30000 students registered for our Ordnance Survey service. Need to be able to scale: –SOA comprised mainly of OGC Web Services –high load; dont want to restrict services and cant afford to buy endless hardware (that sits unused most of the time) Supporting eResearch. Grid characteristics and goals (Technical Strategy OGF 2007-2010): –infrastructure virtualisation –resource pooling and sharing –self monitoring/improvement –dynamic resource provisioning –highest Quality of Service Security technology arguably more advanced in some aspects Why interested in Grid?
the relevant base collection of technologies, policies and institutional arrangements that facilitate the availability of and access to spatial data. The SDI provides a basis for spatial data discovery, evaluation, and application for users and providers within all levels of government, the commercial sector, the non-profit sector, academia, and by citizens in general. (Global SDI Cookbook, 2004) Spatial Data Infrastructures
e-Social Science exemplar Refactored as Web Processing Service
Security Portlets simplifying Access to and Management of Grid Portals (SPAM-GP) OMII-UK funded NeSC (Glasgow) project Family of JSR-168 compliant portlets Virtual Organisations (VO) have requirements to limit access to subsets of Identity Providers Released attributes are used to configure the portal Securing the eSocSci exemplar #1
Finer grained authorisation at the service providers with local policies being implemented Not simply delegating complete access control to a remote portal Attribute Certificates stored with the portal and pulled MyProxy used to carry identity Globus Toolkit and PERMIS used to extract identity, pull the ACs and make AuthZ decision GT4 service forwards approved queries Securing the eSocSci exemplar #2
Reach consensus on whether this, or similar approaches, are production strength From the data centres perspective From the NGS perspective Can the approach be extended to the entire GeoLinking Service and other more complex workflow scenarios? Security conclusions
Brokered a Memorandum of Understanding between OGC and the OGF. Common objectives: Transparent - the users do not have to be aware of the exact data and computing resources they are using or the details about doing so, Interoperable - the data and computing resources can come from different sites, and Scalable - the same user model can service small computing tasks that can be done locally, as well as large computing tasks that require massive remote platforms Focus of attention will continue to be the OGC Web Processing Service for a while Wider implications of SEE-GEO
End Questions? Chris Higgins (EDINA, University of Edinburgh) email@example.com
Your consent to our cookies if you continue to use this website.