1 / 11

Attribute-based Authentication for Gateways

Attribute-based Authentication for Gateways. Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr. Gateway Objectives for PY4 and 5. TeraGrid integration will be straightforward for new and existing gateway developers

huslu
Télécharger la présentation

Attribute-based Authentication for Gateways

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attribute-based Authenticationfor Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr

  2. Gateway Objectives for PY4 and 5 • TeraGrid integration will be straightforward for new and existing gateway developers • There will be a set of easy to discover general services provided by and for Gateways • The targeted support program will be well-organized • We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users • There will be a funded cross-directorate gateway program at the NSF Presented December, 2007

  3. We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users • A unique identifier for each end gateway user per community account must exist in TGCDB • Gateways will need to transmit and TGCDB will need to receive this additional identifier through any job submission mechanism • Attribute-based authentication in production and easy to use Presented December, 2007

  4. How will we meet those goals? • Attribute-based authentication • In our case, GridShib for Globus • Fantastic documentation and assistanceThanks Jim Basney, Tom Scavo, Terry Fleury • http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes

  5. How have we been moving toward those goals in 2008? • Q108 • GridShib SAML Tools released for gateways with documentation • Successfully tested VOMS/SAML for OSG/TG interop • GridShib for Globus Toolkit released for RPs • Q208 • TeraGrid 08 • Tutorial, poster, BoF, demo for gateways at working group meeting • GridShib SAML integrated into SimpleGrid • Q308 • Provided a testing mechanism for Science Gateways to verify they are including attributes correctly (http://gstest.ncsa.uiuc.edu/) • Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team • Published GridShib configuration file for TG RPs • Q408 • Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs • Engage with additional Science Gateways to incorporate attributes into their job submissions • Update GT GRAM Audit capabilities to support recording of gateway job attributes

  6. How will this be made available at RP sites?science-gateway CTSS kit, which includes • commsh • NCSA-developed, PSC-enhanced tool to restrict community accounts • http://security.ncsa.uiuc.edu/research/commaccts/docs/howto.php • GridShib for Globus Toolkit • NCSA-developed tool to collect, process, store and log attributes • Future TG-specific efforts will store these in the TGCDB • http://gridshib.globus.org/ • Kit name for information services lookup at http://info.teragrid.org • science-gateway.teragrid.org • Installation instructions • http://software.teragrid.org/pacman/ctss4/ctss-science-gateway-registration/README.install

  7. Who’s expressed interest in deploying the gateway kit in PY4? Results of survey conducted by Lee Liming and team, sent to tg-leads 8/13/08

  8. Who’s expressed interest in testing the gateway kit in PY4? This talk is to remind the TeraGrid team of the higher level goals and the importance of the work and generate interest in testing so we can meet our goals!

  9. Ambitious, but achievable goal • By September, 2009 all jobs submitted by community accounts will include attributes with unique user identifiers to be stored in the TGCDB • Next steps • RP testing through Feb 2009 • Globus Toolkit 4.0.9 released Feb 2009 • Capability Kit V2 released Mar 2009 • Production installations of Capability Kit V2 • 6-month gateway transition – March through August • News postings, education process, log analysis to identify who still needs to make the switch, lots of support • Big party in September!

  10. What would we like to happen next? • More RPs for testing • What does testing mean? (identify a node, install Capability Kit V1, work one-on-one with NCSA to test) • What’s the impact on a site? (admin needed to install and test GT 4.0.8 + GridShib for GT) • What’s the impact on Globus performance? (negligible) • Real focus on this through February • More gateways for testing • GISolve, nanoHUB and SimpleGrid have done some tests already • Nancy, Stu can identify gateways • Real focus on this, increasing over the summer • Where do you sign up? • Email jbasney@ncsa.uiuc.edu (RPs) or wilkinsn@sdsc.edu (gateways) • Help is available!

  11. Community Account Usage by Sitein 2008 Over 2M CPU hours used by community accounts in 2008

More Related