Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of.

Slides:

Advertisements

Similar presentations

GridShib Tom Barton, U Chicago. 2 Grid Computing Distributed computing and/or data resources Heterogeneous computing & storage environments Interfaces.

Advertisements

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

GT 4 Security Goals & Plans Sam Meder

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

CVRG Presenter Disclosure Information Tahsin Kurc, PhD Center for Comprehensive Informatics Emory University CardioVascular Research Grid Core Infrastructure.

High Performance Computing Course Notes Grid Computing.

GridShib: Campus/Grid RBAC Integration GGF15 Workshop: Leveraging Site Infrastructure for Multi-Site Grids October 3th, 2005 Von Welch

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Attributes, Anonymity, and Access: Shibboleth and Globus Integration to Facilitate Grid Collaboration 4th Annual PKI R&D Workshop Tom Barton, Kate Keahey,

GeWorkbench caGrid TeraGrid Integration Scott Oster Ohio State University – Dept. of Biomedical Informatics Christine Hung Columbia University – JCSB/C2B2.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Widely Distributed Access Management Tom Barton University of Chicago.

Globus 4 Guy Warner NeSC Training.

Technical Introduction to caGrid Service Development caGrid 1.3 Justin Permar caGrid Knowledge Center

OpenMDR: Generating Semantically Annotated Grid Services Rakesh Dhaval Shannon Hastings.

CaGrid Executive Introduction caGrid 1.3 Justin Permar caGrid Knowledge Center kc.nci.nih.gov/CaGrid/KC.

AAF Middleware update February Presented by Terry Smith Technical Manager and Heath Marks Manager.

State of Service Oriented Science Tools Open Source Grid Cluster Conference Oakland.

CaGrid 2.0 December What is caGrid 2.0??? Provides a patch for caGrid 1.x to support SHA2 OSGi implementation of WSRF on the new technical stack.

I2/NMI Update: Signet, Grouper, & GridShib Tom Barton University of Chicago.

Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois Shannon Hastings Department of Biomedical Informatics Ohio State University.

External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.

Digital Object Architecture

Department of Biomedical Informatics Service Oriented Bioscience Cluster at OSC Umit V. Catalyurek Associate Professor Dept. of Biomedical Informatics.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Using the Open Metadata Registry (openMDR) to create Data Sharing Interfaces October 14 th, 2010 David Ervin & Rakesh Dhaval, Center for IT Innovations.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

H Using the Open Metadata Registry (OpenMDR) to generate semantically annotated grid services Rakesh Dhaval, MS, Calixto Melean,

GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,

Shannon Hastings Multiscale Computing Laboratory Department of Biomedical Informatics.

Grid Trust Service (GTS). Problem How does the grid clients/services know which CA certificates to trust? Should I trust this CA?

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

Introduce Grid Service Authoring Toolkit Shannon Hastings, Scott Oster, Stephen Langella, David Ervin Ohio State University Software Research Institute.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

1 caGrid Security Overview Mark Grand Senior Engineer caGrid Knowledge Center February 7, 2011.

0 Cancer Biomedical Informatics Grid (caBIG) – An Approach towards Data Access and Integration Avinash Shanbhag Director, Core Infrastructure Engineering.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

CaGrid Overview and Core Services caGrid Knowledge Center February 2011.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

© 2006 The University of Chicago Grouper Backgrounder for Authorization WG Tom Barton, U Chicago.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.

Globus and PlanetLab Resource Management Solutions Compared M. Ripeanu, M. Bowman, J. Chase, I. Foster, M. Milenkovic Presented by Dionysis Logothetis.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

Security Solutions Rachana Ananthakrishnan University of Chicago.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

Grid Rapid Application Virtualization Interface (gRAVI) - Service Oriented Science Ravi K Madduri, Argonne National Laboratory/ University of Chicago Joshua.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

CaGrid 1.0 Security Infrastructure Stephen Langella, Scott Oster, Shannon Hastings, David Ervin, Joshua Phillips, Vinay Kumar, Tahsin Kurc, Joel Saltz.

Identifiers, Resources, EPRs,and Missing Links OSG - Middleware Security Group Meeting Mon-Tue, June 5-6, 2006, SLAC, Stanford, CA Frank Siebenlist (Argonne.

Gridshib-intro-dec051 GridShib An Introduction Tom Scavo NCSA.

Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.

Tony Pan, Stephen Langella, Shannon Hastings, Scott Oster, Ashish Sharma, Metin Gurcan, Tahsin Kurc, Joel Saltz Department of Biomedical Informatics The.

0 caBIG and caGrid: Interoperable Computing Infrastructure for the Nation’s [and World’s] Cancer Research Enterprise Peter A. Covitz, Ph.D. Chief Operating.

Security in Research Computing John Sandefur UAB Comprehensive Cancer Center John-Paul Robinson UAB Research Computing.

Cancer Bioinformatics Grid (caBIG) CANS 2006 Chicago, Illinois

LIGO Identity and Access Management

I2/NMI Update: Signet, Grouper, & GridShib

Gonçalo Borges, Mário David, Jorge Gomes

Shibboleth for Non-Web-Based Applications: GridShib

The E-Authentication Initiative

NSF Middleware Initiative: GridShib

NSF Middleware Initiative: GridShib

Presentation transcript:

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella Department of Biomedical Informatics Ohio State University

National Cancer Institute’s 2015 Goal “Relieve suffering and death due to cancer by the year 2015”  Need: Enable investigators to leverage their joint expertise in order to meet NCI 2015 Goal.  Strategy: Create scalable, actively managed organization connecting members of the NCI- supported cancer enterprise by building a Biomedical Informatics Grid

Cancer Biomedical Informatics Grid (caBIG TM ) The cancer Biomedical Informatics Grid (caBIG™), is a voluntary network or grid connecting individuals and institutions to enable the sharing of data and tools, creating a World Wide Web of cancer research. The goal is to speed the delivery of innovative approaches for the prevention and treatment of cancer. The infrastructure and tools created by caBIG™ also have broad utility outside the cancer community.  National Cancer Institute Initiative  Over 800 Participants  Over 80 Organizations  Over 70 Projects

VO Related Security Issues  Identity / User Provisioning  Hundreds of organizations, Tens of thousands of users.  Varying levels of Identity Management from Institution to Institution.  How do we assign Identity to users, how do we provision user accounts?  Who should assert the identity for a given user?  Trust - How do we decide who to trust?  Credential Providers  Certificate Authorities  Attribute Authorities  Group Authorities  Other digital signers

VO Related Security Issues  Authorization  How do we create, manage, and provision groups of users/services at the grid level, such that we can build access control policy based on group membership?  How can we share access control policy across the grid?  How can we leverage institution maintained attributes?

caGrid  Grid Infrastructure for caBIG  Focuses on providing middleware for enabling the interoperability between caBIG applications.  Open Source Reusable Components  caGrid Components  Grid Service Graphical Development Toolkit (Introduce)  Metadata / Semantic Services  Advertisement and Discovery  Data Service Infrastructure  Analytical Service Infrastructure  Identifiers  Workflow  Security

 Grid Authentication and Authorization with Reliably Distributed Services (GAARDS)  The GAARDS Security Infrastructure provides services and tools for the administration and enforcement of security policy in an enterprise Grid.  Developed on top of the Globus Toolkit  Extends the Grid Security Infrastructure (GSI)  Provide enterprise services and administrative tools for:  Grid User Management  Identity Federation  Trust management  Group/VO management  Access Control Policy management and enforcement  Integration between existing security domains and the grid security domain.  Security Infrastructure for the Cancer Biomedical Informatics Grid (caBIG TM ) GAARDS

GAARDS Services  Dorian  Grid User Account Management  Integration point between external security domains and the grid.  Allows accounts managed in external domains to be federated and managed in the grid.  Dorian allows users to use their existing credentials (external to the grid) to authenticate to the grid  Grid Trust Service (GTS)  Creation and Management of a federated trust fabric.  Supports applications and services in deciding whether or not signers of digital credentials/user attributes can be trusted.  Supports the provisioning of trusted certificate authorities and corresponding CRLS.  Grid Grouper  Group management service for the grid  Provides a group-based authorization solution for the Grid  Enforce authorization policy based on membership to groups

Dorian – Grid User Management  Grid User Account Management  Administrative interface for account provisioning and management.  Built in Certificate Authority  Manages Grid Credentials for each user.  Enables users to authenticate and create grid proxies, which they may use to access the grid.  Identity Management and Federation  Integration point between external security domains and the grid.  User may use existing credentials to obtain a grid proxy.  User’s authenticate to IdP, obtain a SAML assertion (proof) which is then given to Dorian to facilitate the creation of a grid proxy.  Automated Account Creation and Provisioning  Complete WSRF Compliant Grid Service  Can be accessed and administered over the grid.  Complete Administrative UI  Manage all aspects of Dorian Addresses Identity Management and User Provisioning Issues

Grid Trust Service (GTS)  The Grid Trust Service (GTS) is a federated grid infrastructure enabling the provisioning and management of a grid trust fabric.  GTS Features  Provisioning of Trust Roots  CA certificates and CRLs  Administration of Trust Levels  CAs may be grouped and discovered by the level of trust that is acceptable to the consumer.  Facilitates the curation of numerous independent trust overlays across the same physical Grid.  Validation Service, which allows for the centralized enforcement of certificate verification and validation policies.  Administrative UI for administrating the trust fabric. Trust Group A Trust Group B Trust Group C Trust Group D Addresses Trust Related Issues

Grid Grouper  Grid Grouper provides a group based authorization solution for the grid.  Groups are defined and managed at the grid level.  Grid services/applications enforce authorization policy based on membership to groups.  Built on top of Grouper  Internet2 initiative.  Grid enables Grouper, WSRF Compliant Web service.  Grid Grouper Object Model  Java API for accessing and managing groups over the grid.  Similar to Grouper’s Object Model  Grid Grouper Admin UI Addresses Authorization Related Issues

caGrid / GAARDS Status  Release Schedule  Beta Release was Summer 2006  Official Release December 15, 2006  Focus on Quality  Automated Continuous and Nightly Builds and Unit, System, and Integration Testing  “Quality at a glance” dashboards and archive of all build and test results  Giving Back to the Community  GAARDS is a Globus Incubator Project  More Information  caBIG   caGrid   GAARDS Globus Project  Information to be posted shortly after release 

GAARDS Team  Ohio State University  Stephen Langella  Shannon Hastings  Scott Oster  David Ervin  Tahsin Kurc  Joel Saltz  NCICB  Avinash Shanbhag  Argonne National Labs  Frank Siebenlist  Semantic Bits  Joshua Phillips  Vinay Kumar  Booze Allen Hamilton  Arumani Manisundaram

Special Thanks  caBIG TM  Internet 2  Grouper Team  Tom Barton, University at Chicago  Frank Manion, Fox Chase

Questions?