Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Network Information Center, Chinese Academy of Sciences

Published byDelphia Fox Modified over 4 years ago

Similar presentations

Presentation on theme: "Computer Network Information Center, Chinese Academy of Sciences"— Presentation transcript:

1 Computer Network Information Center, Chinese Academy of Sciences
Resource Access System in High-performance Computing Environment on Third-party Application Platform Rong HE Computer Network Information Center, Chinese Academy of Sciences

2 Outline Introduction Resource Access System Implementation
Conclusion & Future Work

3 China National High Performance Computing Environment
2 Operating Centers ( Beijing / Hefei ) 19 Sites ( 200PF + 200PB ) Portal SCEAPI-REST

4 SCE - Middleware for Science Cloud
Scientific computing Lightweight Stable Diversity CLI Portal GUI API International Patent (PCT/CN2911/071640)

5 (multi-thread, automatic )
SCEAPI-REST Cross Platforms and Languages Windows、Linux、Android、iOS…… Java、C/C++、PHP…… Functions Computing Resources、Job、File Account、Statistics Client、 Web Application - HTML /AJAX SCEAPI-REST Authentication LDAP: User Info Persistent data : Application ID, session HTTP Request JSON Response SCEAPI Library (multi-thread, automatic ) SCE Software

6 Portal

7 Third-party Application Platform-CSTCloud
China's Science and Technology Cloud CSTPassport to login the platform A lot of resources Advanced Network Science Data Software Community

8 Third-party Application Platform-EasyHPC
Online Educational Practice Platform for High Performance Computing HPC-related courses from the online platform, submit course assignments, exchange discussions, and complete HPC programming exercises

9 High Performance Computing Environment
Question CSTCloud EasyHPC Access System High Performance Computing Environment Account Resource

10 Access System-Account
Account Grid Account Verify login message Get login message Create Grid account Implement account binding Record to the database

11 Access System-Resource
Identify the Application Authorization Management API Gateway

12 Resource Access System
Principal User Role Federated Application Authentication Request Actions/Operations ………… Resources Request Information Authorization API JSON Effect ……. Action …… Resource Account Identity-based policies Resource-based policies Create Account Get Account Account Mapping Create service Get Information Account Service Resource Service Software Job

13 OpenID Connect New federation protocol that builds on OAuth 2
Adds identity inputs/outputs to OAuth messages Related to prior OpenID versions in name only Compact messages for mobile scenarios RP/client can determine info about end user Tokens are JWTs UserInfo endpoint to get user data

14 JWT Lightweight tokens passed in HTTP headers & query strings
Akin to SAML tokens Less expressive Less security options More compact Encoded with JSON not XML

15 Authorization Code Mode Flow

16 UserInfo Endpoint Get Information of User

17 Third-party Application Platform
Apply for APPID and APPKey Get Authorization Access Resources by API

18 Implementation-Workflow

19 Implementation-Verify login message
CSTCloud Simple JavaScript to judge the login message Callback to CSTCloud to get login user message EasyHPC Encode user data in the format of JWT Put user data in HTTP headers & query strings when get resources by API Access system decode JWT and get user message

20 CSTCloud Access

21 Conclusion & Future Work
Third-party Application Platform can access resources conveniently by Resource Access System Federated Account can login the environmental platform and use it Future work API Gateway Access Management Supply personalized API according to application

22 Thank you~

Download ppt "Computer Network Information Center, Chinese Academy of Sciences"

Similar presentations

Contrail and Federated Identity Management

Contrail and Federated Identity Management
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
The Alfresco API Steven Glover Gethin James Peter Monks.

The Alfresco API Steven Glover Gethin James Peter Monks.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.

1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.

IT Unity Webinar Series September 2015 Using Azure Active Directory to Secure Your Apps.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Www.jrc.ec.europa.eu Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
(Azure+O365) Identity Presenter Name Position or role Microsoft Azure.

(Azure+O365) Identity Presenter Name Position or role Microsoft Azure.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect

Similar presentations

Ads by Google