Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP.

Published byGladys Hutchinson Modified over 8 years ago

Similar presentations

Presentation on theme: "EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP."— Presentation transcript:

1 EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP Physicist Programmer

2 Introduction –The AMI team –What is AMI? Fundamental Architecture and clients –The gLite Metadata Interfaces –Adaptation of AMI Architecture for gLite –Securing and deploying the gLite Interfaces –The gLite search Interface –Authorisation and VOMs –Conclusion

3 The AMI Team The core of AMI was developed at LPSC Grenoble, by: –Solveig Albrand - solveig.albrand@lpsc.in2p3.fr solveig.albrand@lpsc.in2p3.fr –Jerome Fulachier - jerome.fulachier@lpsc.in2p3.fr jerome.fulachier@lpsc.in2p3.fr –Fabian Lambert - fabian.lambert@lpsc.in2p3.fr fabian.lambert@lpsc.in2p3.fr The wrapping of AMI with gLite interfaces was my MSc. Thesis project and is found at: –http://ppewww.ph.gla.ac.uk/~tdoherty/MScThesis/MScThesis.pdfhttp://ppewww.ph.gla.ac.uk/~tdoherty/MScThesis/MScThesis.pdf Since September I have been working full time in collaboration with the Grenoble team

4 What is AMI? It is a developing application, which stores and allows access to dataset metadata for the ATLAS experiment It fulfils the need of many database-backed applications by offering a generic web service and servlet interface, through the use of self- describing databases supports geographical distribution with the use of web services and secure access with the use of grid-certificates

5 Fundamental Architecture of AMI Three-tier architecture - generic packages - middle layer command classes placed within generic packages key to the implementation of the gLite metadata interface methods Command classes used in managing the databases allows for connection to MySQL, Oracle and SQLite Generic web search page for example

6 Fundamental Architecture of AMI and AMI clients A controller class directly interfaces with the command classes in the middle layer and with the client tier (illustrated later) choose corresponding AMI command equivalent to the basic requirements of each of the gLite Interface methods There are three possibilities for the client: relevant client is Web Services client web services deployed on Tomcat with Axis framework plug-in

7 Why use gLite? Problem –Want AMI to be not only useful to physicists but to any grid user Solution –Adapt AMI to handle the gLite Metadata Interface.

8 What are the gLite Metadata Interface methods? administration privileges get, set, clear, list or query metadata for datasets creation or deletion of datasets Checking, retrieval and setting of privileges Retrieval of versions

9 Adaptation of AMI Architecture for gLite Interfaces What do we know so far? –AMI has a three-tier Architecture with command classes in the middle tier –It is part of a client server model with the possibility of a web service client –The gLite Metadata Interface methods can be matched to AMI commands –Clients interface with a controller class on the server side What is the solution? –To have the implementation of the gLite interfaces on the server side interfacing with the web service client and the controller class

10 Adaptation of AMI Architecture for gLite Interfaces Web Service client gLite Interface method gLite Interface Implementation Controller class Result returned in XML format

11 Deploying and securing gLite web service client Note: This is covered in more detail in my Thesis. Deployment Deploy AMI in Apache Tomcat Plug-in Apache AXIS (a soap engine) to Tomcat Use AXIS tools to auto-create web service client classes Authentication Obtain a grid-certificate from a Certificate Authority The user must be registered within AMI with specific privileges A module called Trustmanager used in AMI extracts the Distinguished Name (DN) from the certificate and AMI authenticates it

12 gLite Search Interface Within AMI data is organized in "projects". Each project can contain several namespaces namespace is "database" in MySQL terms, "schema" in ORACLE and "file" in SQLite When executing a search through AMI data – querying is done per “project” To be able to do a cascaded search across several projects of any type (MySQL, ORACLE or SQLite for example) the gLite Search Interface was introduced This can be done from one query

13 gLite Search Interface The EGEE grammar was transcribed so that we could use jflex for lexical analysis, and java_cup for syntax parsing. The parser translates the EGEE metadata query to an SQL query which is sent to all relevant AMI namespaces. (For example if the “entity” to select is a dataset then we only send to namespaces where we know there is a dataset table.) The request is sent twice – the first time to know how many results would be obtained, and the second to get the results.

14 AMI Router Namespace and Authorisation AMI uses indirect connections to “namespaces”. Connections, authentication and authorization are handles by a special “namespace” called the “router”. Authorization is very finely grained. –Users have roles. –Roles have rights to execute commands. –Can be further limited by projects, –Or even records, –Or ad hoc controls (write special class & use java reflection) The router has the following structure.

15 Authorisation A B C

16 VOMS and Authorisation (at requirements analysis stage) Obtain grid-certificate from CA Request VOMs proxy certificate Access AMI using this certifcate User authenticated using TrustManager Authorisation achieved depending on user task mapping correctly from their VOMS group/role to their registered user role within AMI This poses a problem for AMI

17 Problems with VOMS and possible solutions The main search interface for AMI is browser based Browsers at the moment cannot handle proxy certificates There are two possible solutions which will be tested as prototypes: –Mod_gridsite – this method fetches lists of DNs from the VOMS system per group/role –MyProxy – this method allows for the storing of proxy- certificates on a remote server

18 Conclusion Gave a brief overview of AMI design An introduction to gLite Metadata Interface How they where both integrated An overview of how the interfaces were deployed as secure web services An introduction to AMI implementation of gLite Search interface and VOMs Result Now have a secure and generic metadata interface that supports a well defined API

Download ppt "EGEE User Forum Data Management session Development of gLite Web Service Based Security Components for the ATLAS Metadata Interface Thomas Doherty GridPP."

Similar presentations

21 Sep 2005LCG's R-GMA Applications R-GMA and LCG Steve Fisher & Antony Wilson.

21 Sep 2005LCG's R-GMA Applications R-GMA and LCG Steve Fisher & Antony Wilson.
Metadata Progress GridPP18 20 March 2007 Mike Kenyon.

Metadata Progress GridPP18 20 March 2007 Mike Kenyon.
Metadata (data about data) GridPP-15, Paul Millar.

Metadata (data about data) GridPP-15, Paul Millar.
29 June 2006 GridSite - www.gridsite.org - Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.

29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
A Prototype Implementation of a Framework for Organising Virtual Exhibitions over the Web Ali Elbekai, Nick Rossiter School of Computing, Engineering and.

A Prototype Implementation of a Framework for Organising Virtual Exhibitions over the Web Ali Elbekai, Nick Rossiter School of Computing, Engineering and.
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
Caching the MDSPlus Data via Hibernate By Ajith M Jose Comp6703 Project Client: Raju Karia Supervisor: Dr. Henry Gardner (Development of “WebScope”)

Caching the MDSPlus Data via Hibernate By Ajith M Jose Comp6703 Project Client: Raju Karia Supervisor: Dr. Henry Gardner (Development of “WebScope”)
Distributed Heterogeneous Data Warehouse For Grid Analysis

Distributed Heterogeneous Data Warehouse For Grid Analysis
COllaborative VIrtual TEams (COVITE) Project J.S. Pahwa, P. Burnap, L. Joita, W.A.Gray, O.F.Rana, John Miles Partners: Cardiff University ActivePlan Solutions.

COllaborative VIrtual TEams (COVITE) Project J.S. Pahwa, P. Burnap, L. Joita, W.A.Gray, O.F.Rana, John Miles Partners: Cardiff University ActivePlan Solutions.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
GGF Toronto 19.02.02 Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.

GGF Toronto Spitfire A Relational DB Service for the Grid Peter Z. Kunszt European DataGrid Data Management CERN Database Group.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Talend 5.4 Architecture Adam Pemble Talend Professional Services.

Talend 5.4 Architecture Adam Pemble Talend Professional Services.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
JDBC Vs. Java Blend Presentation by Gopal Manchikanti Shivakumar Balasubramanyam.

JDBC Vs. Java Blend Presentation by Gopal Manchikanti Shivakumar Balasubramanyam.
- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

- 1 - Grid Programming Environment (GPE) Ralf Ratering Intel Parallel and Distributed Solutions Division (PDSD)

Similar presentations

Ads by Google