Introduction on Science Gateway

Tutorial on Science Gateways, Roma, 03.06.2013

Riccardo Rotondo

Introduction on Science Gateway Understanding access and functionalities

Riccardo Rotondo Tutorial on Science Gateways, Roma, 03.06.2013

Outline §  What is a Science Gateway ?

§  The Catania Science Gateway Framework §  General Architecture

§  Authentication, Authorisation and Roles

§  Catania Grid Engine

§  Roles

§  Use Case: §  The DECIDE Science Gateway

§  The GARR Science Gateway

Tutorial on Science Gateways, Roma, 03.06.2013 Riccardo Rotondo

Reference Model


Science G

ateway

Scientific Application E-Collaboration

Social Application

Standard Services

Users of different Institutions

members of GARR and/or

international partners involved

in European Projects of the

Consortium

GRID

CLOUD Local Cluster

Reference Model


Science G

ateway

Scientific Application E-Collaboration

Social Application

Users of different Institutions

members of GARR and/or

international partners involved

in European Projects of the

Consortium

Standard-based (SAGA) middleware-independent

Grid Engine

Requirements §  Authentication and Autorisation

§  SAML, LDAP

§  Application middleware indipendent §  jSAGA, SAGA

§  Standard Java Technology §  JSR 168/286

§  Web Technology §  Web CMS

§  Wiki, Blog, Messages Board, Vconf, Adobe Connect

§  Portal Framework

§  Standard Adoption §  Reusability §  Simplicity §  Easy usage and access



Terena Identity Federations


http://ww

w.terena.org/about/terena-m

embers-

map.htm

l

Federated Identity Management (FIdM)


§  In the web technology arena many approaches are available to federate authentication

§  A standard provided by OASIS defines the Security Assertion Markup Language (SAML)

§  Several tools are available, e.g.: §  Shibboleth §  SimpleSAMLphp

§  Organisations can rely on traditional tools to manage users: §  LDAP, CAS, plain text, etc.

§  Free and Open Source

Enabling SGs to FIdM


§  Access to e-Infrastructure services requires authentication.

§  The distributed/cross-domain nature of resources requires, in some case, strong security mechanisms

§  SGs willing to provide easy access to these services

§  Some institutions want to maintain the control of their own users’ authentication

So a federation is made of…

§  A collection of Identity Providers that follows a defined set of rules and policy.

§  Identity providers (IdPs) are responsible for authenticating a closed group of users (i.e. of the same organisation)

§  Each IdPs regulate access to a set of Service Providers (i.e. mail server of the mentioned organisation)


Federated User

Science Gateway


Social User

Science Gateway


Authorisation request

§  The first time users access the Science Gateway their IdP authenticates them

§  LDAP server connected to the Service Provider (SP) cannot authorise the users

§  SP leads users automatically to the registration form

§  A part from them data, users can request for a specific role



Authorisation request

Authorisation Managment


Registration

§  Users not belonging to any of the enabled federation can register to the catch all Identity Provider of the GrIDP federation



Integrated Services


GRID CLOUD

JSR 168/286 JSR 168/286

JSR 168/286

JSR 168/286

Catania Science Gateway Framework

Local Cluster




Grid Engine Data On Grid Services

Cloud Services

JSAGA Adaptors

Usage Workflow

Riccardo Rotondo

1. Sign in GRID

eTokenServer

User Tracking DB

5. Grid Submission

5. Tracking

6. Getting Results


2. Grid Request

Access


Applications accessing grid services

Riccardo Rotondo

§  12 applications developed among 5 different countries and 3 continents (Europe, Latin America and Asia);

§  4 scientific domains: §  Life Science; §  Mathematic & Computer Science; §  High Energy Physics; §  Cultural Heritage.


Job Submission


Job Submission


My Workspace – Active Job List


My Workspace - Done Job List


My Workspace – MyJobsMap


My Data


Sharing features among users will soon be added

Roles & Privileges

§  Surfing a Science Gateway changes according different roles

§  Mapping between Liferay roles and LDAP group §  Similar mapping available on grid (i.e. voms

roles) §  Liferay allows administrator to fully customize

users experience assigning different roles to each components (pages, wikis, plugins, data)


Facebook Integration


References §  GARR Science Gateway: https://sgw.garr.it §  GARR Science Gateway Facebook Community

Page: https://www.facebook.com/GarrScienceGatewayCommunity

§  Training Material: https://gilda.ct.infn.it/wikimain §  Catania Science Gateways:

http://www.catania-science-gateways.it


Questions ?


Introduction on Science Gateway

Education

cluster science gateways

users sp

registration users

time users

easy access

fidm access

grid request6

grid submissiongrid5