Digital Object Architecture

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

FIBRE-BR Meeting GENI I&M Marcelo Pinheiro. Agenda GENI Overview GENI User groups GENI I&M Use Cases GENI I&M Services.

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

CNRI Handle System and its Applications

SWITCHaai Team Federated Identity Management.

Functional Model Workstream 1: Functional Element Development.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

Sponsored by the National Science Foundation PlanetLab and PLFED Spiral 2 Year-end Project Review Princeton University PI: Larry Peterson Staff: Andy Bavier,

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Software Architecture Framework for Ubiquitous Computing Divya ChanneGowda Athrey Joshi.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

Federation Strategy Robert Ricci GENI-FIRE Workshop September 2015.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

GEC3www.geni.net1 GENI Spiral 1 Control Frameworks Global Environment for Network Innovations Aaron Falk Clearing.

Sponsored by the National Science Foundation 1 March 15, 2011 GENI I&M Update: Gathering, Transferring and Sharing MD Goals Architecture Overview –Process.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Sponsored by the National Science Foundation GENI Registry Services, a.k.a. Digital Object Registry Spiral 2 Year-end Project Review CNRI PI: Larry Lannom.

GEC5 Security Summary Stephen Schwab Cobham Analytical Services July 21, 2009.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Institute For Digital Research and Education Implementation of the UCLA Grid Using the Globus Toolkit Grid Center’s 2005 Community Workshop University.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Sponsored by the National Science Foundation Cluster D Working Meetings GENI Engineering Conference 5 Seattle, WA July ,

Presented by Scientific Annotation Middleware Software infrastructure to support rich scientific records and the processes that produce them Jens Schwidder.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Measurement Data Workspace and Archive: Current State and Next Steps GEC15 Oct 2012 Giridhar Manepalli Corporation for National Research Initiatives

Presented by Jens Schwidder Tara D. Gibson James D. Myers Computing & Computational Sciences Directorate Oak Ridge National Laboratory Scientific Annotation.

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

DGC Paris WP2 Summary of Discussions and Plans Peter Z. Kunszt And the WP2 team.

Sponsored by the National Science Foundation Establishing Policy-based Resource Quotas at Software-defined Exchanges Marshall Brinn, GPO June 16, 2015.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

Sponsored by the National Science Foundation Raven Provisioning Service Spiral 2 Year-end Project Review Department of Computer Science University of Arizona.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

Nanbor Wang, Balamurali Ananthan Tech-X Corporation Gerald Gieraltowski, Edward May, Alexandre Vaniachine Argonne National Laboratory 2. ARCHITECTURE GSIMF:

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

Status of Globus activities Massimo Sgaravatto INFN Padova for the INFN Globus group

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

Sponsored by the National Science Foundation 1 March 15, 2011 GENI I&M Update: I&M Service Types, Arrangements, Assembling Goals Architecture Overview.

PARALLEL AND DISTRIBUTED PROGRAMMING MODELS U. Jhashuva 1 Asst. Prof Dept. of CSE om.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.

Designing a Federated Testbed as a Distributed System Robert Ricci, Jonathon Duerig, Gary Wong, Leigh Stoller, Srikanth Chikkulapelly, Woojin Seok 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Services for Distributed e-Infrastructure Access Tiziana Ferrari on behalf.

Grid Services for Digital Archive Tao-Sheng Chen Academia Sinica Computing Centre

Sponsored by the National Science Foundation GEC17 Plenary Session: Architecture Marshall Brinn, GPO July 22, 2013.

Presented by Edith Ngai MPhil Term 3 Presentation

Module 8: Securing Network Traffic by Using IPSec and Certificates

NAAS 2.0 Features and Enhancements

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

Digital Object Architecture Giridhar Manepalli gmanepalli@cnri.reston.va.us Corporation for National Research Initiatives http://www.cnri.net/

Proposed GENI Services GENI Federated Clearinghouse Security Model GENI Experiment Management Service

GENI Federated Clearinghouse Spiral 1 Effort

? Resource Discovery Adapt in the Backend Cluster A Cluster B Discover & Access Discover & Access Interoperability Layer Adapt ? Cluster B Experimenter Cluster A Experimenter Discover & Access

GENI Federated Clearinghouse (GFC) Spiral 1: Defined a basic data model of the GFC Implemented a prototype of the GFC that federates records from ProtoGENI Prototype is made available at http://geni.doregistry.org/GFC/ Assumed that the GFC service was part of the control framework Spiral 2: Plan to integrate with other clusters and make the GFC operational Assuming that the GFC service is an experimental service not a core control framework component Goals To allow resource (and other entities) discovery across clusters To provide an interoperability layer between various existing clearinghouse models by defining a common mapping model To provide an open-source clearinghouse software that future, or existing, GENI communities can use

Aggregate Manager Identifier Data Model User Identifier Public Key or X509 Certificate Description HRN Contact Credentials Component Identifier Manager Description HRN Resource Identifier Resource Identifier Component RSpec Description Status Credentials Aggregate Manager Identifier HRN Identifier Description Component Identifier Aggregate Slice Sliver Identifier HRN Identifier Description Slice Authority User Identifier Credentials Owner or Not Status Sliver Slice Identifier HRN Identifier Description Expiration Status Resource Type Service Identifier Access Details Public Key or X509 Certificate Policies

GFC Homepage

Resource Search Results

Resource Record

Namespace 10510 10510.0 (GPO) 10510.1 (TIED) 10510.3 (ProtoGENI) … 10510.3.0 (Sandbox) 10510.3.1 (University of Utah Node) 10510.3.2 (University of Wisconsin Node) 10510.3.n … 10510.3.4 (University of Washington Node) 10510.3.3 (University of Kentucky Node) For example, University of Wisconsin component identifier: 10510.3.2/2f61b3fe-22cb-102c-a837-00304868a4be-r-c7300-32-c Issued/Used by ProtoGENI Clearinghouse

GENI Federated Clearinghouse (GFC) Scalability GFC Client 1. Which Handle Server do I ask for handle 10510.3.1/456? Global Handle Registry 2. Ask Handle Server"1" User Record for 10510.3.1/456 HRN Description Contact Public Key or X509 Certificate Credentials 6. User Record 3. Resolve 10510.3.1/456 Handle Record for 10510.3.1/456 Registry Information Type of Record: "User" Stored or not 4. Handle Record 5. Resolve User 10510.3.1/456 GENI Federated Clearinghouse (GFC) Organization A Organization N GFC Mirror Handle Server "X" Handle Server “1" GFC Mirror

Security Model Spiral 1 Effort

Security: PKI Public Key Infrastructure, an effective and standards-based solution, allows for secure processing of identity claims Issues Trust is assumed to be transitive, e.g., trusting certificate authorities (CA) implies trusting end users Managing trust stores and revocation lists is manual and ad hoc Every server part of a common service, e.g., GENI service, needs to be explicitly synchronized among each other to be effective Resolution Need explicit “trust” management mechanism Need dynamic, synchronized, and distributed management of trust stores

Proposed Security Model Trusted user claim False claim by an intruder 1. Claims to be 10510.3.1/456 GENI Service A GENI Service B 1. Falsely Claims to be 10510.3.2/789 3. Issues PKI Challenge 3. Issues PKI Challenge 4. Successfully Responds 2. Trusts 10510.3.1/* & Retrieves Public Key 4. Fails the Challenge 2. Trusts 10510.3.2/* & Retrieves Public Key Organization X 10510.3.1/* GENI Trusted Handle Services Organization Y 10510.3.2/* Un-trusted user claim Revoked user claim 2. Trusts 10510.3.2/* but fails to find the record 1. Falsely Claims to be 10510.3.2/abc 1. Claims to be abc/123 GENI Service D GENI Service C 2. Does Not Trust abc/* & Denies the Claim 3. Denies the Claim

Proposed Security Model Complete details of the proposed model is available here: http://groups.geni.net/geni/attachment/wiki/DigitalObjectRegistry/ClearinghouseSecurityReqmnts.pdf The model allows users to claim their identifiers (handles) explicitly or implicitly using certificates The model requires trusting the Handle System caBIG, a Grid application based on the Globus Toolkit (Grid middleware), verified and experimented with the Handle System successfully for service end-point authentication CHI project, another Grid application using the Globus Toolkit, is currently using/experimenting with the Handle System for identifying metadata records and access controls Frank Siebenlist, from Argonne National Laboratory, is the POC for the Handle System effort in those two projects

Spiral 1 Integration Issues GFC Other than ProtoGENI, no other cluster participated in the federation Possible reasons: Supporting the GFC to be a core control framework component may be orthogonal to the clusters’ goals Clusters have, or soon will have, their own clearinghouses serving the users (so why support another clearinghouse) Security Model Unexplored by GENI members, so it’s still an unknown entity

Spiral 2 Integration Plan GFC Restate the role of the GFC as an experimental service Consequently, the GFC does not affect the clusters’ approach to clearinghouses Security Model Push the model details to the OMIS group and get it evaluated Work with the OMIS group to integrate with other clusters

GENI Experiment Management Service (GEMS) Spiral 2 Effort

Experiment Management Experiments have, and result in, various resources which are related to each other (e.g. specs, logs, software, etc.) Packaging those resources together (logically) is important while archiving, in order to reuse, repurpose, or reanalyze Those resources, however, exist on multiple platforms and environments Solution: A unified service that establishes the relationship between various resources and that integrates with heterogeneous repositories would meet these requirements

GENI Experiment Management Service Experiment ID 1 Experiment ID 2 Access Layer Specification ID X Specification ID X Graph of Related Documents I need to know about Experiment with ID 1. Regular User Source code ID Y Source code ID Y Graph of S/W Dependencies Logs/Results ID A Logs/Results ID B Graph of Related Logs ExperimentRelationship Graph Experiment Relationship Graph Experiment Relationship Definition Layer Here are the logs. Tool Logs Source Code Experimenter Here is the source code. Repository Infrastructure Trac File System/ Amazon S3 Digital Object Repository Subversion Administrator

Spiral 2 Integration Plan Host an Experiment Repository for GENI members Done! Develop a prototype demonstrating the GEMS capability Work with both the Experiment and OMIS working groups to define an interface for the GENI Experiment Management Service, involving experimenters from various clusters