Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Object Architecture

Published byMatthew McCormick Modified over 8 years ago

Similar presentations

Presentation on theme: "Digital Object Architecture"— Presentation transcript:

1 Digital Object Architecture
Giridhar Manepalli Corporation for National Research Initiatives

2 Proposed GENI Services
GENI Federated Clearinghouse Security Model GENI Experiment Management Service

3 GENI Federated Clearinghouse
Spiral 1 Effort

4 ? Resource Discovery Adapt in the Backend Cluster A Cluster B
Discover & Access Discover & Access Interoperability Layer Adapt ? Cluster B Experimenter Cluster A Experimenter Discover & Access

5 GENI Federated Clearinghouse (GFC)
Spiral 1: Defined a basic data model of the GFC Implemented a prototype of the GFC that federates records from ProtoGENI Prototype is made available at Assumed that the GFC service was part of the control framework Spiral 2: Plan to integrate with other clusters and make the GFC operational Assuming that the GFC service is an experimental service not a core control framework component Goals To allow resource (and other entities) discovery across clusters To provide an interoperability layer between various existing clearinghouse models by defining a common mapping model To provide an open-source clearinghouse software that future, or existing, GENI communities can use

6 Aggregate Manager Identifier
Data Model User Identifier Public Key or X509 Certificate Description HRN Contact Credentials Component Identifier Manager Description HRN Resource Identifier Resource Identifier Component RSpec Description Status Credentials Aggregate Manager Identifier HRN Identifier Description Component Identifier Aggregate Slice Sliver Identifier HRN Identifier Description Slice Authority User Identifier Credentials Owner or Not Status Sliver Slice Identifier HRN Identifier Description Expiration Status Resource Type Service Identifier Access Details Public Key or X509 Certificate Policies

7 GFC Homepage

8 Resource Search Results

9 Resource Record

10 Namespace 10510 10510.0 (GPO) 10510.1 (TIED) 10510.3 (ProtoGENI)
(Sandbox) (University of Utah Node) (University of Wisconsin Node) n (University of Washington Node) (University of Kentucky Node) For example, University of Wisconsin component identifier: /2f61b3fe-22cb-102c-a a4be-r-c c Issued/Used by ProtoGENI Clearinghouse

11 GENI Federated Clearinghouse (GFC)
Scalability GFC Client 1. Which Handle Server do I ask for handle /456? Global Handle Registry 2. Ask Handle Server"1" User Record for /456 HRN Description Contact Public Key or X509 Certificate Credentials 6. User Record 3. Resolve /456 Handle Record for /456 Registry Information Type of Record: "User" Stored or not 4. Handle Record 5. Resolve User /456 GENI Federated Clearinghouse (GFC) Organization A Organization N GFC Mirror Handle Server "X" Handle Server “1" GFC Mirror

12 Security Model Spiral 1 Effort

13 Security: PKI Public Key Infrastructure, an effective and standards-based solution, allows for secure processing of identity claims Issues Trust is assumed to be transitive, e.g., trusting certificate authorities (CA) implies trusting end users Managing trust stores and revocation lists is manual and ad hoc Every server part of a common service, e.g., GENI service, needs to be explicitly synchronized among each other to be effective Resolution Need explicit “trust” management mechanism Need dynamic, synchronized, and distributed management of trust stores

14 Proposed Security Model
Trusted user claim False claim by an intruder 1. Claims to be /456 GENI Service A GENI Service B 1. Falsely Claims to be /789 3. Issues PKI Challenge 3. Issues PKI Challenge 4. Successfully Responds 2. Trusts /* & Retrieves Public Key 4. Fails the Challenge 2. Trusts /* & Retrieves Public Key Organization X /* GENI Trusted Handle Services Organization Y /* Un-trusted user claim Revoked user claim 2. Trusts /* but fails to find the record 1. Falsely Claims to be /abc 1. Claims to be abc/123 GENI Service D GENI Service C 2. Does Not Trust abc/* & Denies the Claim 3. Denies the Claim

15 Proposed Security Model
Complete details of the proposed model is available here: The model allows users to claim their identifiers (handles) explicitly or implicitly using certificates The model requires trusting the Handle System caBIG, a Grid application based on the Globus Toolkit (Grid middleware), verified and experimented with the Handle System successfully for service end-point authentication CHI project, another Grid application using the Globus Toolkit, is currently using/experimenting with the Handle System for identifying metadata records and access controls Frank Siebenlist, from Argonne National Laboratory, is the POC for the Handle System effort in those two projects

16 Spiral 1 Integration Issues
GFC Other than ProtoGENI, no other cluster participated in the federation Possible reasons: Supporting the GFC to be a core control framework component may be orthogonal to the clusters’ goals Clusters have, or soon will have, their own clearinghouses serving the users (so why support another clearinghouse) Security Model Unexplored by GENI members, so it’s still an unknown entity

17 Spiral 2 Integration Plan
GFC Restate the role of the GFC as an experimental service Consequently, the GFC does not affect the clusters’ approach to clearinghouses Security Model Push the model details to the OMIS group and get it evaluated Work with the OMIS group to integrate with other clusters

18 GENI Experiment Management Service (GEMS)
Spiral 2 Effort

19 Experiment Management
Experiments have, and result in, various resources which are related to each other (e.g. specs, logs, software, etc.) Packaging those resources together (logically) is important while archiving, in order to reuse, repurpose, or reanalyze Those resources, however, exist on multiple platforms and environments Solution: A unified service that establishes the relationship between various resources and that integrates with heterogeneous repositories would meet these requirements

20 GENI Experiment Management Service
Experiment ID 1 Experiment ID 2 Access Layer Specification ID X Specification ID X Graph of Related Documents I need to know about Experiment with ID 1. Regular User Source code ID Y Source code ID Y Graph of S/W Dependencies Logs/Results ID A Logs/Results ID B Graph of Related Logs ExperimentRelationship Graph Experiment Relationship Graph Experiment Relationship Definition Layer Here are the logs. Tool Logs Source Code Experimenter Here is the source code. Repository Infrastructure Trac File System/ Amazon S3 Digital Object Repository Subversion Administrator

21 Spiral 2 Integration Plan
Host an Experiment Repository for GENI members Done! Develop a prototype demonstrating the GEMS capability Work with both the Experiment and OMIS working groups to define an interface for the GENI Experiment Management Service, involving experimenters from various clusters

Download ppt "Digital Object Architecture"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
FIBRE-BR Meeting GENI I&M Marcelo Pinheiro. Agenda GENI Overview GENI User groups GENI I&M Use Cases GENI I&M Services.

FIBRE-BR Meeting GENI I&M Marcelo Pinheiro. Agenda GENI Overview GENI User groups GENI I&M Use Cases GENI I&M Services.
A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,

A Unified Approach to Combat Counterfeiting: Use of the Digital Object Architecture and ITU-T Recommendation X.1255 Robert E. Kahn President & CEO CNRI,
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.

Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
NSF Middleware Initiative: GridShib Tom Barton University of Chicago.

NSF Middleware Initiative: GridShib Tom Barton University of Chicago.
CORDRA Philip V.W. Dodds March 2004. The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
CNRI Handle System and its Applications

CNRI Handle System and its Applications
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.

Similar presentations

Ads by Google