1 / 33

How Grid Security works in GEO Sciences

How Grid Security works in GEO Sciences. N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009 GEO Workshop / PRAGMA17 Hanoi. What is Grid Security. Who am I? / Who are they? Grid Security Infrastructure (GSI) What can I do? / What can they do?

jermaine-holcomb
Télécharger la présentation

How Grid Security works in GEO Sciences

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009 GEO Workshop / PRAGMA17 Hanoi

  2. What is Grid Security • Who am I? / Who are they? • Grid Security Infrastructure (GSI) • What can I do? / What can they do? • Virtual Organization Membership Service (VOMS)

  3. GEO Grid VO Design Identity

  4. Requirements • Credential Management: • Non-secure users often manage their private keys for PKI / GSI credentials without careful planning. • Authentication methods: • Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc. • Portal Development: • Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc.

  5. Tsukuba-GAMA My Proxy CA My Proxy Repository VOMS Independencefrom Authentication methods: Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc. Generates Grid credentials from any method. username and password OpenID OUR SOLUTION:TSUKUBA-GAMA Language Free Portal Development: Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc. Provides Apache, Servlet, and GridSphere authentication modules, in order to support any language. PHP, Perl, Python, etc... user credential VO Portal Proxy Certificate Tsukuba-GAMA Authentication Flow for PKI / GSI VOMS Proxy Certificate Credential Management: Non-secure users often manage their private keys for PKI / GSI without careful planning. Manages user credentials on the server side, instead of leaving it to inexperienced users. Online CA End Entity Certificate Credential Repository VO attribute VO Management Credential Management User

  6. DEMO 1:TSUKUBA-GAMALOGIN PRAGMA VO PORTAL(GRIDSPHERE)

  7. Demo Environments - login USER 1. input username and pass of user cert PRAGMA VO portal http://gfm49.apgrid.org/gridsphere/ voms proxy cert 4. register proxy cert Credential Repository 2. generategloubs proxy certificate PRAGMA VOMS 3. add voms attribute

  8. Identity Attribute

  9. DEMO 2:TSUKUBA-GAMALOGIN TESTVO PORTAL(GRIDSPHERE)

  10. Same Identity Different Attribute

  11. GEO Grid VO Design I’m here TEST VO PRAGMA VO

  12. GSI w/ VOMS PRAGMA VO Portal (GridSphere, Perl, PHP, Java etc.) PRAGMA-VO (VOMS) VO member management Credential Repository (MyProxy Repository) Share Account Online-CA (MyProxy CA) Sign Certificate GHZ-VO (VOMS) TEST VO Portal

  13. EXAMPLE SCENARIO:SATELLITE DATABASE FEDERATION

  14. Demo environment /PRAGMA/Geo /TESTVO /PRAGMA/Geo /GHZ NONE (FREE) Formosat2 @Taiwan ASTER @Japan PALSAR @Japan MODIS @Japan OGSA-DAI

  15. DEMO 3: SIMSSATELLITE DATABASE FEDERATION

  16. SIMS Java Program AIST Integration Framework with OGSA-DAI OGSA-DAI Client SIMS portlet - query data - create web page which shows thumbnail images SQL SQL SQL SQL SQL Application Server Globus VOMS VOMS Globus OGSA- DAI OGSA- DAI OGSA- DAI SQL w/ JDBC SQL w/ JDBC Database Server (Sybase) Database Server (PostgreSQL) NSPO@TW AIST@JP FORMOSAT-2 ASTER MODIS

  17. SIMS – Search Results FORMOSAT-2 ASTER MODIS

  18. DEMO 4:LANGUAGE FREEPORTAL DEVELOPMENT

  19. DEMO 4-1:PORTAL DEVELOPMENT(OPENLAYERS)

  20. OGCProxy User GridSite OGCProxy • OGCProxy is a broker portlet • forwarding users' requests to backend OGC services. • providing freely development environment of client application. VOMS Proxy https://portal/OGCProxy?\ URL=https://gridsite/..../service https://gridsite/..../service Contents ACL: /testvo.geogrid.org/aster VO Name Group

  21. ASTER + Formosat2 / OpenLayers ASTER / Japan Formosat2 / Taiwan

  22. DEMO 4-2:PORTAL DEVELOPMENT(PHP, PERL, ...)

  23. Web Portal Development • apache_ahtn_myproxy module • PHP, Perl, Phython, etc. • Servlet basic authentication module • Java Servlet • GridSphere authentication module

  24. DEMO 5:INDEPENDENCE FROM AUTHENTICATION METHODS

  25. DEMO 5-1:INDEPENDENCE FROM AUTHENTICATION METHODS:(OPENID)

  26. OpenID authentication module Password for OpenID User OpenID Server MyProxy CA Request short-lived credential OpenID URL VO member DB Web Portal VOMS proxy VOMS server - Account DB - Credential Repository

  27. DEMO 5-1:INDEPENDENCE FROM AUTHENTICATION METHODS:(CREDENTIAL)

  28. Credential Login My Proxy CA My Proxy Repository VOMS Independencefrom Authentication methods: Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc. Generates Grid credentials from any method. username and password OpenID Language Free Portal Development: Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc. Provides Apache, Servlet, and GridSphere authentication modules, in order to support any language. PHP, Perl, Python, etc... user credential VO Portal Tsukuba-GAMA Authentication Flow for PKI / GSI VOMS Proxy Certificate Credential Management: Non-secure users often manage their private keys for PKI / GSI without careful planning. Manages user credentials on the server side, instead of leaving it to inexperienced users. Online CA End Entity Certificate Credential Repository VO attribute VO Management Credential Management User

  29. Compare Identity Credential Login Identity Same VO OpenID Login

  30. Conclusions My Proxy CA My Proxy Repository VOMS Independencefrom Authentication methods: - Username and Password - OpenID - Globus credential username and password OpenID PHP, Perl, Python, etc... Language Free Portal Development: - GridSphere / Satellite database federation - Geographical portal / OpenLayers - PHP, Perl user credential VO Portal Tsukuba-GAMA Authentication Flow for PKI / GSI VOMS Proxy Certificate Online CA End Entity Certificate Credential Repository VO attribute Credential Management: - User does not need to manage their credentials VO Management Credential Management User

  31. THANK YOU To be released NEXT month!

  32. DEMO 6:ACCOUNT CREATION

  33. Account Creation VO Admin USER Account Admin 4. Import the user’s account information to the VO 4. Register the user to the VO VO portal http://testvo.geogrid.org/gridsphere/ VO (VOMS) Account Portal http://testvo.geogrid.org:9443/gridsphere Account DB (GAMA) 1. Request an account 2. Approve 3. Activate an account

More Related