Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Slides:



Advertisements
Similar presentations
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Advertisements

MyProxy Jim Basney Senior Research Scientist NCSA
MyProxy: A Multi-Purpose Grid Authentication Service
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
Case Studies in Identity Management for Scientific Collaboration 2014 Technology Exchange Jim Basney CILogon This material is.
MTA SZTAKI Hungarian Academy of Sciences Grid Computing Course Porto, January Introduction to Grid portals Gergely Sipos
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
GGF15 Workshop MyProxy Integration with PubCookie Marty Humphrey*, Jim Jokl*, and Jim Basney** *Department of Computer Science, University of Virginia,
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
Federated Identity for Scientific Collaborations: Policy Issues Jim Basney 2 nd Workshop on Federated Identity Systems for Scientific.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
Single Sign-On for Java Web Start Applications Using MyProxy Terry Fleury, Jim Basney, and Von Welch November 3, 2006.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
TG QM Arlington: GIG User Support Coordination Plan Sergiu Sanielevici, GIG Area Director for User Support Coordination
NOS Objectives, YR 4&5 Tony Rimovsky. 4.2 Expanding Secure TeraGrid Access A TeraGrid identity management infrastructure that interoperates with campus.
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Secure Access to Research Infrastructure via the InCommon Federation.
Connect.usatlas.org ci.uchicago.edu ATLAS Connect Technicals & Usability David Champion Computation Institute & Enrico Fermi Institute University of Chicago.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
GRAM: Software Provider Forum Stuart Martin Computational Institute, University of Chicago & Argonne National Lab TeraGrid 2007 Madison, WI.
August 2007 Leveraging Campus Authentication to Access the TeraGrid - OR - Partnering with Campuses to Broaden Participation in TeraGrid Scott Lathrop.
TeraGrid Plans for Authentication and Authorization Testbed Dane Skow, Argonne National Laboratory Computation Institute Seminar September 28, 2006.
© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
GridShib: Grid/Shibboleth Interoperability September 14, 2006 Washington, DC Tom Barton, Tim Freeman, Kate Keahey, Raj Kettimuthu, Tom Scavo, Frank Siebenlist,
© 2008 Pittsburgh Supercomputing Center So you have a TeraGrid Allocation What now?
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
10/24/2015OSG at CANS1 Open Science Grid Ruth Pordes Fermilab
ShibGrid: Shibboleth access to the UK National Grid Service University of Oxford and STFC.
Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science.
Apache Airavata (Incubating) Gateway to Grids & Clouds Suresh Marru Nov 10 th 2011.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.
Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)
Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.
Challenges of Federated Authentication to TeraGrid and Open Science Grid Jim Basney
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.
Security Solutions Rachana Ananthakrishnan University of Chicago.
Network, Operations and Security Area Tony Rimovsky NOS Area Director
Feb 2-4, 2004LNCC Workshop on Computational Grids & Apps Middleware for Production Grids Jim Basney Senior Research Scientist Grid and Security Technologies.
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
TeraGrid User Portal Eric Roberts. Outline Motivation Vision What’s included? Live Demonstration.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009.
A Vision for Core Services 2.0 Core Services 2.0 WG David L. Hart TG Quarterly Meeting, Dec. 7, 2007.
Leveraging Campus Authentication to Access the TeraGrid Scott Lathrop, Argonne National Lab Tom Barton, U Chicago.
1 Name of Meeting Location Date - Change in Slide Master Authentication & Authorization Technologies for LSST Data Access Jim Basney
Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.
UCTrust Integration for UC Grid David Walker University of California, Davis ucdavis.edu Kejian Jin University of California, Los Angeles kjin.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Federated Environments and Incident Response: The Worst of Both Worlds
A Grid Authorization Model for Science Gateways
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
This material is based upon work supported by the National Science Foundation under Grant #XXXXXX. Any opinions, findings, and conclusions or recommendations.
Presentation transcript:

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science Foundation under Grant No Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

What is the TeraGrid? NSF-funded facility to offer high end compute, data, and visualization resources to the nation’s academic researchers

TeraGrid Campus Integration  The TeraGrid project is working in many ways to better integrate with campuses to support research and education  TeraGrid Campus Champions  TeraGrid Client Software  Authentication and Authorization is just one aspect of TeraGrid’s Campus Integration efforts  For more info about TeraGrid Contact: Internet2 Fall 2008 Member Meeting

TeraGrid and InCommon: Status  TeraGrid joined InCommon in July 2008  TeraGrid will be an InCommon Resource Provider  TeraGrid will not be an InCommon Credential Provider (at this time)  Shibboleth integration with TeraGrid User Portal (TGUP) will begin soon  Today I’m presenting our plans Internet2 Fall 2008 Member Meeting

TeraGrid Federations  TeraGrid Core Services  Manage accounts and allocations across resources and sites  Centralized resource usage accounting  TeraGrid Central Database (TGCDB)  X.509 Public Key Infrastructure (PKI)  International Grid Trust Federation (IGTF) (igtf.net)  Includes Certificate Authorities operating outside of TeraGrid  Enables single sign-on across TeraGrid systems and other grids Internet2 Fall 2008 Member Meeting

TeraGrid Federations  TeraGrid Science Gateways Program  Enables TeraGrid to scale to large user communities by outsourcing front-end user support  Gateways are self-managed scientific communities  Gateways act as identity provider and resource broker  InCommon Federation  Facilitates campus login to TeraGrid resources by researchers and students  Provides an integrated login experience between campus and TeraGrid services Internet2 Fall 2008 Member Meeting

TeraGrid and InCommon: Goals  First Step: Campus login to TeraGrid User Portal  Access administrative interfaces: Request Allocation, View Usage, List Accounts, Edit Profile, Register X.509 DNs, Add/Remove User  Access TeraGrid resources: SSH Terminal, File Transfer  Manage Training Accounts: Short-term student access using campus attributes Eliminate the need to distribute TeraGrid usernames and passwords in the classroom Internet2 Fall 2008 Member Meeting

TeraGrid and InCommon: Goals  Next Step: Campus logins to TeraGrid Science Gateways  Attribute-based access to community-focused interfaces  Operated by the community  Attributes used end-to-end from campus through gateway to TeraGrid resource providers and TeraGrid-wide accounting Internet2 Fall 2008 Member Meeting

TeraGrid User Portal (TGUP) Internet2 Fall 2008 Member Meeting

TGUP Systems Monitor Internet2 Fall 2008 Member Meeting

TGUP Science Gateways Listing Internet2 Fall 2008 Member Meeting

My TeraGrid: Usage Internet2 Fall 2008 Member Meeting

My TeraGrid: Accounts Internet2 Fall 2008 Member Meeting

My TeraGrid: Add/Remove User Internet2 Fall 2008 Member Meeting

TG Proposal Submission Internet2 Fall 2008 Member Meeting

My TeraGrid: SSH Terminal Internet2 Fall 2008 Member Meeting

My TeraGrid: File Manager Internet2 Fall 2008 Member Meeting

Approach: Account Linking  New User  A new user authenticates to the TGUP via Shibboleth  The user prepares and submits a proposal for TeraGrid resources  If the proposal is approved, the user’s TeraGrid account is created with a link to his/her ePPN/ePTID  Result  The user can access personalized TGUP functionality using campus Shibboleth authentication, without requiring a separate TGUP username and password Internet2 Fall 2008 Member Meeting

Approach: Account Linking  Existing User  An existing user authenticates to the TGUP via Shibboleth  The TGUP prompts for the user’s TGUP username and password  The user is given the option to link his/her ePPN/ePTID to his/her TeraGrid account  Result  The user can access personalized TGUP functionality using campus Shibboleth authentication, without requiring a separate TGUP username and password Internet2 Fall 2008 Member Meeting

Access to TeraGrid Resources  TeraGrid resources support PKI authentication  Interfaces: GSISSH (remote login), GRAM (job submission), GridFTP (file transfer)  Approach:  Automatically obtain PKI credentials based on Shibboleth authentication to TGUP  Transparently use PKI credentials with TGUP SSH Terminal and File Manager  See  GridShib CA:  MyProxy CA: Internet2 Fall 2008 Member Meeting

Summary  TeraGrid has joined InCommon  To facilitate campus login to TeraGrid resources by researchers and students  First Step: Campus login to TeraGrid User Portal  Next Step: Campus login to Science Gateways  Thanks!  Contact: Internet2 Fall 2008 Member Meeting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.