1 / 14

TERENA - Collaboration on Storage Services Jari.Miettinen@csc.fi Mikael.Linden@csc.fi

ePoste Restante and ePort Payé exchanging files using centralized temporary storage with federated authentication. TERENA - Collaboration on Storage Services Jari.Miettinen@csc.fi Mikael.Linden@csc.fi Amsterdam 29.6.2007. Content. road to ePostal services current delivery procedures

kamin
Télécharger la présentation

TERENA - Collaboration on Storage Services Jari.Miettinen@csc.fi Mikael.Linden@csc.fi

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ePoste Restante and ePort Payéexchanging files using centralized temporary storage with federated authentication TERENA - Collaboration on Storage Services Jari.Miettinen@csc.fi Mikael.Linden@csc.fi Amsterdam 29.6.2007

  2. Content • road to ePostal services • current delivery procedures • obstacles on the road of the user • ePoste Restante and ePort Payé • connection to AAI - Haka • deployment scenarios • caveats by the path • current development status • advantages to the user community

  3. road to ePostal services @CSC (1/2) • CSC supercomputing centre • general-purpose fiber disk service • long-term archiving • the Project Disk service for individual research groups • Nic.funet.fi ftp archive since 1990 • the origin of Linux • over 4M files • performance record 800Mbps sustained on Fedora6 release day (Oct 23 2006)

  4. road to ePostal services @CSC (2/2) • Funet e-mail support and coordination • expert services • spam filtering support • mail delivery backup for customers (renounced Dec 2006) • Haka authentication federation • operator role • deployment support for service builders • CSC SC applications: the web-based Scientist’s interface • P2P study in co-operation with YLE (2006) • insight to usefullness of P2P

  5. current delivery procedures • customer problem: how to deliver a 4.7GB data disk containing sensitive data to colleague? • possible solutions: • travel • courier: Fedex and others • conventional posting • Skype it • feed it to P2P network • setup a small home/office ftp/web server • e-mail

  6. obstacles on the road of the user • CO2 emissions and ecological footprint • Skype/P2P jeopardizes security and confidence • data could be encrypted • how to erase a file from the P2P network? • organizational security policies and practices • networks are not open anymore • e2e principle is broken: wide use of NAT etc. • new servers have to be registered – even small ftp servers ;-) • conventions in the e-mail administration • many sites have file size restrictions • focus in spam war nowadays... • reliability and performance • home/office systems are not tuned • network bottlenecks

  7. ePoste Restante and ePort Payé (1/2) • ePoste Restante • an electrical version of a fetch mail office • authenticated user uploads a file to the server • the non-authenticated friend of the user downloads the file • ePort Payé • reminds of free postage envelopes, carriage paid • the authenticated user generates an electrical voucher • the voucher is delivered to his non-authenticated friend • the friend uploads a file to the server • the user downloads the file

  8. ePoste Restante and ePort Payé (2/2) • common features • web-based • no adminstration intervention is needed during normal operation • file is automagically deleted after a fixed period of time (days) • the amount of downloads is limited (half a dozen) • ordinary e-mail is used for delivering short notices and downloading information • optional use of https

  9. connection to AAI - Haka • authentication • no CSC supercomputing user environment account is required as users are autheticated in their home organizations • saves time and effort in adminstration procedures! • easy for users • AUP has to be accepted anyway - electrically • authorization • political decision: in the first phase e.g. all the researches of the Funet organizations joined to Haka may be accepted as users • check the contence of the schacHomeOrganizationType –attribute provided by IdP, e.g. • schacHomeOrganization=uta.fi • schacHomeOrganizationType=PREFIX:fi:university • metadata • useful user data could be got automatically, e.g. the real user name, e-mail address, organization information • minimizes the user typing efforts • further development: AAI enabled shared data areas for research groups

  10. deployment scenarios • simple extension to the popular e-mail • send less attachments • one may even doesn’t want to keep them anyway... • data intensive research – up to middle class volumes • computational data • digitized material: documents, scripts, maps,... • digital material: images,... • measurement data

  11. caveats by the path • data security: integrity • users should (always) encrypt their sensitive data in transfers • the current user customs overlook (at least) integrity • easy end user encrypting solution is needed – a mouse click • we may need a password/passphrase exchange/clearing house service  • misuse • every system can be misused • banned in AUP • usage is logged • some checking needed in regularly - TOP10 user lists etc. • a new tunnel for viruses • users can transfer executables – advisory needed • the problem already exists • Who do you trust? Trust us!

  12. current development status • work for new services in the Funet user SIG during 2006-2007 • revealed two separate and independent implementations in the universities: Turku and Oulu • testing and piloting in Nic.funet.fi during summer 2007 • Haka/shibboleth support • feature selection and supplement • decisions: autumn 2007 • (possible) production - late 2007

  13. advantages to the user community • person-to-person file transfer is enabled easily for end users • self-service • simple trust model: sender-receiver • CSC doesn’t have to be trusted  • non-interactive operation • support for even larger files sizes

  14. Questions and comments, please!

More Related