Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer TOC Photon Facilities and Authentication  The environment  General boundary conditions.

Published byHector Griffith Modified over 8 years ago

Similar presentations

Presentation on theme: "EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer TOC Photon Facilities and Authentication  The environment  General boundary conditions."— Presentation transcript:

1 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer TOC Photon Facilities and Authentication  The environment  General boundary conditions  IT requests and characteristics  Umbrella concept  Authentication and authorization  Coaching  Roadmap  Status and Outlook

2 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer The environment Photon Facilities and Authentication  Photon facilities Synchrotrons and Free Electron Lasers (FELs) Produce light of highest brightness Typical range from infra-red to Xrays Size hundreds of meters  Wide range of research areas  in EU about 30’000 visiting scientists/year  small teams, visit for Few hours (structural biology) to Few weeks (superconductivity, nano investigations)  About 15 synchrotrons in EU ESRF Grenoble National facilities (DESY, PSI, …)  Neutron facilities Complementary Similar user community  FELs, 10 3 to 10 6 times brighter SLAC/Stanford, DESY/Hamburg, PSI/Villigen Membrane proteins; microscopic movies of chemical reactions

3 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Photon Facilities and Authentication EuroFEL is one of 44 pan- European research infra- structures listed in the ESFRI roadmap The European FEL Landscape

4 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer General boundary conditions Photon Facilities and Authentication  In EU in the order of several 10’000 user visits / year Large overbooking (≥3:1) Large administrative load  On-site visits Short duration In part spontaneous (keep that bonus)  Decentralized structure (compare to CERN) Various research fields Various facilities  National facilities Report to national governments  ‘Part-time’ users E.g. structural biology: 10% of time  Research teams Patchwork In general low IT background  User at facilities produce excellent results 2009 Nobel prizes in chemistry

5 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer More boundary conditions Photon Facilities and Authentication  Totally impossible to develop any new tool in one step  Totally impossible to migrate to any new system in one step; → parallel realization  → Develop a prototype by EuroFEL, implement at other facilities later  Base on Federated Single-Sign-On System by Shibboleth (SAML), widely used in the academic world; expertise at SWITCH  Introduce photon/neutron community as new domain  Only one identity provider + one new fedaration - universities + facilities  EU-unique user identification

6 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Role of Facility Partners Photon Facilities and Authentication  are national institutes  are eager to preserve their autonomy  are competing for the best users  see user data and proposals as “theirs”  have strong reservations against central data storage in general  and will never agree to central proposal storage!

7 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer  Confidentiality o High competition, especially structural biology o Time-window structured access to experiments and data  User friendliness o Part-time users, small teams, no guru  Flexible, diverse solutions o Responding to diverse requests  Facility friendliness o Limited resources o Prevent any ‘bypass’ solutions  Keep local as much as possible  Distributed actions o Users: manage their personal entries o Facilities: manage their authorizations Required Solution Characteristics Photon Facilities and Authentication

8 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer IT Projects  Authentication (EU-unique (identification)  Proposal handling (thousands of proposals / year)  Coaching (support of novice users)  Remote experiment login (young scientists; Fedex-style experiments)  But more than authentication (e.g. fire wall, experiment standardization, component protocols …)  Remote data access (terabytes of data)  But more than authentication (e.g. data format, catalogues …) Photon Facilities and Authentication EuroFEL Umbrella prototype Next generation

9 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Photon Facilities and Authentication The Central / Local Issue  Central: Unique EU-wide identification  Central: Common access portal  Central: Update of user info on one place  Facility-local: proposal storage  Facility-local: local authorization issues  Facility-local: storage of experimental data

10 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer The Umbrella Concept User UOffice2UOffice1UOffice3 Fig.1

11 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer The Umbrella components I, EAA Authentication Photon Facilities and Authentication  Single sign on  Unique user identification on EU scale  Dual EAA and local-WUO operation  Local WUOs stay fully autonomous  No cross-facility information exchange  User controls his/her personal info  Authorization info = local  No specific local software  Flexible (two-level: soft, hard)  Prevent ‘special’ databases Uname Passw Email Birthday Uname Passw Email Birthday Phone Smail … Registrations Facility Roles … Phone Smail … Registrations Facility Roles … Fac A B C Local Central AAA ≡ Authentication+Authorization+Accounting EAA ≡ European AAA

12 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer The Umbrella components II, EUU Proposal handling Photon Facilities and Authentication  EUU: export, modify it and submit  Local (facility-specific) and general (scientific) part  Flexibility and confidentiality  Export-type mechanism: up-to-date format  Work on formal agreement  Local WUOs stay fully autonomous  No specific local software UUU ≡ Unified User Umbrella EUU ≡ EuroFEL UUU = prototype Proposer info Time request … Beamline Sample Proposer info Time request … Beamline Sample Goal Method Results Prev. Work … Goal Method Results Prev. Work … General Local

13 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer The Umbrella components III Coaching Photon Facilities and Authentication  Support of novice users via FAQ (static) and Coaching (dynamic)  Coaches give only advice, responsibility is always fully with the user  On entry a question category tree is offered to the user  Experienced coaches needed o Must be protected against excessive load o They are, however, free to identify themselves o Limited number of iterations  Coaches are honored on a peer basis, like proposal referees  Interesting question can be added to the FAQ, if the questioner agrees

14 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer User AAAAAA AAAAAA A AAAAAA A A A A uthentication A uthorization A ccounting A uthentication A uthorization A ccounting A uthentication Separate Single Sign On Common User Access Control UOffice2 UOffice1 UOffice3 A uthorization A ccounting A uthorization A ccounting

15 WP2 Face to Face Meeting, August 26/27 2010, PSI H.J. Weyer User EUU Coaching Ref. Database Proposals EuroFEL branded WUO1 Central Part Local Part Shibboleth IdP User db Affiliation db Facility neutral EAA WUO2WUO3 A A A A A A

16 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer EuroFEL Authentication and Authorization (EAA) Interface to Central DB Central EAA Tool Interface to Affiliation DB Interface to WUO DB Parallel WUO And EAA Operation Adaption of WUO part User Update service Authentication and Authorization Basic Communication Protocol Local WUO Update service WUO ≡ Web-Based User Office, existing local user office EAA ≡ EuroFEL Authentication

17 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer EuroFEL Unified User Umbrella (EUU) Communication protocol Interface to DUO WUO‘s Interface to Affiliation DB Interface to EAA Dialog With user Transfer Proposal to WUO Export proposal From WUO Unified User Umbrella and Coaching EuroFEL Coaching Interface to Affiliation DB Interface to Affiliation DB Interface to Affiliation DB Interface to SMIS WUO‘s WUO ≡ Web-Based User Office, existing local user office DUO ≡ WUO as developed at PSI SMIS ≡ WUO as developed at ESRF EAA ≡ EuroFEL Authentication

18 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Proposed EUU/EAA Roadmap 1.06.10 EAA (European Authentication and Authorization) 1.10.10 1.01.111.04.11 1.04.12 1.04.13 Planning / DesignEUU (European User Umbrella)Prototype readyImplementation 0.5 FTE0.1 FTE EuroFEL / WP2 0.5 FTE

19 EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Status and Outlook (September 2010)  Architecture document + road map for prototype ready  Start development of 1 st - generation Umbrella prototype  Shibboleth  deadline March 31, 2011  Discussion 2 nd -generation Umbrella (remote functionalities)  ‘Actors’: o PaN-Data o EuroFEL o ESFRI-Cluster o HDRI Helmholtz  Tools: o GRID? o Specific development?  Type: o Facility-friendly + user-friendly o Two-level?  Slim, simple  Strong, full-beauty IT Photon Facilities and Authentication

Download ppt "EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer TOC Photon Facilities and Authentication  The environment  General boundary conditions."

Similar presentations

4th workshop, federated identity systems, Nymegen June 21/22, 2012Heinz J Weyer, PSI 1 1 Federated Identity and the Photon / Neutron Community.

4th workshop, federated identity systems, Nymegen June 21/22, 2012Heinz J Weyer, PSI 1 1 Federated Identity and the Photon / Neutron Community.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Slide: 1 Welcome to the workshop ESRFUP-WP7 User Single Entry Point.

Slide: 1 Welcome to the workshop ESRFUP-WP7 User Single Entry Point.
Introduction on WP7/WP9 Dominique PORTE 29/05/2008 Menu What is WP7? What is WP9? Goal of the brainstorming Introduction on WP7/WP9.

Introduction on WP7/WP9 Dominique PORTE 29/05/2008 Menu What is WP7? What is WP9? Goal of the brainstorming Introduction on WP7/WP9.
1 Project overview Presented at the Euforia KoM 21-24 January, 2008 Marcin Płóciennik, PSNC, Poland.

1 Project overview Presented at the Euforia KoM January, 2008 Marcin Płóciennik, PSNC, Poland.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Chapter 19: Network Management Business Data Communications, 4e.

Chapter 19: Network Management Business Data Communications, 4e.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park

June 1, 2001 Enterprise Directory Service at College Park David Henry Office of Information Technology University of Maryland College Park
Office of Science U.S. Department of Energy U.S. Department of Energy’s Office of Science Dr. Raymond L. Orbach Under Secretary for Science U.S. Department.

Office of Science U.S. Department of Energy U.S. Department of Energy’s Office of Science Dr. Raymond L. Orbach Under Secretary for Science U.S. Department.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
FIM-ig Federated Identity Management Interest Group.

FIM-ig Federated Identity Management Interest Group.
Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.

Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.
Vireo: The TDL Solution to Electronic Thesis and Dissertation Submission and Management Brought to you by the Texas Digital Library

Vireo: The TDL Solution to Electronic Thesis and Dissertation Submission and Management Brought to you by the Texas Digital Library
Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community.

Umbrella Federated Identity Management Workshop, Taipei, February 27, 2012Heinz J Weyer, PSI 1 1 Umbrella for Photon / Neutron Community.
Umbrella PaN-data ODI Kickoff meeting, STFC November 3/4, 2011Heinz J Weyer, PSI 1 1 PaN-data ODI WP3 User AAA Service (Umbrella System)

Umbrella PaN-data ODI Kickoff meeting, STFC November 3/4, 2011Heinz J Weyer, PSI 1 1 PaN-data ODI WP3 User AAA Service (Umbrella System)
ESUO Meeting 4.-5.10.2012 ALBA Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.

ESUO Meeting ALBA Umbrella AAI for Photon / Neutron Community M van Daalen 1 Mirjam van Daalen, Heinz Weyer, Björn Abt.
Jan Hatje, DESY CSS ITER March 2009: Alarm System, Authorization, Remote Management XFEL The European X-Ray Laser Project X-Ray Free-Electron.

Jan Hatje, DESY CSS ITER March 2009: Alarm System, Authorization, Remote Management XFEL The European X-Ray Laser Project X-Ray Free-Electron.
AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

AAI-enabled VO Platform “VO without Tears” Christoph Witzig EGI TF, Amsterdam, Sept 15, 2010.

Similar presentations

Ads by Google