Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMI is partially funded by the European Commission under Grant Agreement RI-261611 EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence.

Published byGervais Reynolds Modified over 8 years ago

Similar presentations

Presentation on theme: "EMI is partially funded by the European Commission under Grant Agreement RI-261611 EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence."— Presentation transcript:

1 EMI is partially funded by the European Commission under Grant Agreement RI-261611 EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence Field EGI Community Forum Manchester, 11.04.2013

2 EMI INFSO-RI-261611 Introduction Architecture Security Information Model Demonstration Outline 11/04/2013EMI CF 2013, Manchester2

3 EMI INFSO-RI-261611 Aims to unify all the EMI services’ endpoints Designed from scratch to support federations Self contained/decentralized registry REST-ful API (for the management of endpoint information) Hierarchical Network – Organize EMIR nodes in a rooted tree Domain Service Registry (DSR): the nodes in the hierarchical network Global Service Registry (GSR): the root of the hierarchy Consistency – Event based synchronization: propagating (asynchronous) events from leaf to the root node (GSR) – Handles failures occurred within the hierarchy P2P Network – Variation of a Pastry Distributed Hash Table – Always form at the root (GSR) level – Bootstraps from a globally published List containing addresses of all the root (GSR) nodes – Eventual consistent replication of GSRs Introduction 11/04/2013EMI CF 2013, Manchester3

4 EMI INFSO-RI-261611 Organised in a Hierarchy (A Rooted Tree) Three Main Components: – Global Service Registry (GSR) – EMIR Service Endpoint Registration Publisher (SERP) – Domain Service Registry (DSR) Several Hierarchies for different federations Architecture 11/04/2013EMI CF 2013, Manchester4 SERP

5 EMI INFSO-RI-261611 Decentralised Security at every EMIR node Authentication – Leverages from the EMI’s (Common Authentication) CaNL Library – SSL/TLS – Credential types: EEC, Proxy and several credential formats formats: DER, PEM, P12, JKS – Types of Trust Anchors: OpenSSL, CA directories (IGTF), JKS Access Control – Coarse Grained Single Access Control List (ACL) file containing subject’s DN and associated pre- defined roles (very similar to GridMap file) Highly Simplified with restrictions – Fine Grained (Expert level) User attributes file: Mapping of User DN’s with multi-valued attributes A directory of XACML policies Customisable but complex EMIR: Security 11/04/2013EMI CF 2013, Manchester5

6 EMI INFSO-RI-261611 EMIR Service Endpoint Publisher (EMIR- SERP) – Implemented as a OS’s background process – Registers with an EMIR Server – Updates Periodically – Supports X.509 certificates – Fetch and Translates endpoint information from BDII into EMIR data format (JSON) Client: EMIR SERP 11/04/2013EMI CF 2013, Manchester6

7 EMI INFSO-RI-261611 Information Model 11/04/2013EMI CF 2013, Manchester7

8 EMI INFSO-RI-261611 OGF’s GLUE 2.0 Vocabulary to represent Services and Service Endpoints JSON and XML for registrations Schema-less: support for any number of custom attributes Information Model 11/04/2013EMI CF 2013, Manchester8

9 EMI INFSO-RI-261611 Demonstration 11/04/2013EMI CF 2013, Manchester9

10 EMI INFSO-RI-261611 Configuring a DSR 11/04/2013EMI CF 2013, Manchester10

11 EMI INFSO-RI-261611 url, anonymousPort and security attributes emir.security.truststore.type=directory emir.security.truststore.directoryLocations.1=/etc/grid- security/certificates/*.pem emir.security.truststore.directoryEncoding=PEM emir.security.truststore.directoryConnectionTimeout=100 emir.security.truststore.directoryDiskCachePath=/tmp Credentials emir.security.credential.format=pem emir.security.credential.path=/etc/grid-security/hostcert.pem emir.security.credential.keyPath=/etc/grid-security/hostkey.pem Configuring a DSR 11/04/2013EMI CF 2013, Manchester11

12 EMI INFSO-RI-261611 serviceowner banned Customize policies 11/04/2013EMI CF 2013, Manchester12

13 EMI INFSO-RI-261611 Configuring an EMIR-SERP 11/04/2013EMI CF 2013, Manchester13

14 EMI INFSO-RI-261611 url, credentials (default) and one or more (from any type) information source – json_file_location: single JSON file to be published – json_dir_location: set of JSON files that can be extended during the operation lifetime – resource_bdii_url (new!): service endpoint information source Resource BDII Configuring an EMIR-SERP 11/04/2013EMI CF 2013, Manchester14

15 EMI INFSO-RI-261611 List of GLUE 2.0 Attributes 11/04/2013EMI CF 2013, Manchester15 Mandatory Service_ID Service_Name Service_Type Service_Endpoint_ID Service_Endpoint_URL Service_Endpoint_Capability Service_Endpoint_Technology Service_Endpoint_InterfaceName Service_Endpoint_InterfaceVersion Service_ExpireOn Optional EMI_VersionService_Location_Longitude Service_QualityLevelService_Endpoint_HealthState Service_ComplexityService_Endpoint_ServingState Service_CreationTimeService_Endpoint_DowntimeStart Service_Location_AddressService_Endpoint_DowntimeEnd Service_Location_PlaceService_Endpoint_WSDL Service_Location_CountryService_Endpoint_AccessPolicyRule Service_Location_PostCodeService_Endpoint_Semantics Service_Location_LatitudeService_Endpoint_SupportedProfile

16 EMI INFSO-RI-261611 Query the EMIR Service Index 11/04/2013EMI CF 2013, Manchester16

17 EMI INFSO-RI-261611 First page of results (limit is 100 by default): http://asimov.grid.niif.hu:9127/services http://asimov.grid.niif.hu:9127/services First 10 results: http://asimov.grid.niif.hu:9127/services?pageSize=1 0 http://asimov.grid.niif.hu:9127/services?pageSize=1 0 Next 10 results using reference: http://asimov.grid.niif.hu:9127/services?pageSize=1 0&ref=###### or http://asimov.grid.niif.hu:9127/services?limit=10&s kip=10 http://asimov.grid.niif.hu:9127/services?pageSize=1 0&ref=###### http://asimov.grid.niif.hu:9127/services?limit=10&s kip=10 Query the EMIR Service Index 11/04/2013EMI CF 2013, Manchester17

18 EMI INFSO-RI-261611 Configuring a GSR 11/04/2013EMI CF 2013, Manchester18

19 EMI INFSO-RI-261611 Enable GSR functions – emir.global.enable=true Define a well-known global list of entry GSRs – emir.global.providerList=http://szigeti.ki.iif.hu/EMI R_EGI_CF.list Configuring a GSR 11/04/2013EMI CF 2013, Manchester19

20 EMI INFSO-RI-261611 https://twiki.cern.ch/twiki/bin/view/EMI/E MIRegistry https://twiki.cern.ch/twiki/bin/view/EMI/E MIRegistry https://github.com/eu-emi Links 11/04/2013EMI CF 2013, Manchester20

21 EMI INFSO-RI-261611 Questions or problems? 11/04/2013EMI CF 2013, Manchester21 Contact us! emir@niif.hu

Download ppt "EMI is partially funded by the European Commission under Grant Agreement RI-261611 EMI Registry (EMIR) Shiraz Memon, Ivan Marton, Gabor Szigeti, Laurence."

Similar presentations

Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.

Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Distributed Computing COEN 317 DC2: Naming, part 1.

Distributed Computing COEN 317 DC2: Naming, part 1.
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.

BZUPAGES.COM An Introduction to. BZUPAGES.COM Introduction Large corporations today face the following problems Finding a certain file. Seeing everything.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.

Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Survey of Identity Repository Security Models JSR 351, Sep 2012.

Survey of Identity Repository Security Models JSR 351, Sep 2012.
Module 2: Implementing DNS to Support Active Directory

Module 2: Implementing DNS to Support Active Directory
Distributed Computing COEN 317 DC2: Naming, part 1.

Distributed Computing COEN 317 DC2: Naming, part 1.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.

Similar presentations

Ads by Google