SBGrid Science Portal - eScience 2012

• 1.The SBGrid Science Portal:An integrated environment for protein structure studiesIan Stokes-Rees Harvard Medical School eScience 2012, Chicago, October 2012

2. Whats interesting about another Science Portal?j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 3. Whats interesting about another Science Portal? Interface modalities Web forms, RESTful interfaces, command linej.mp/esci12-sbgrid ijstokes@seas.harvard.edu 4. Whats interesting about another Science Portal? Interface modalities Web forms, RESTful interfaces, command line Access model Browser SSO, X.509, LDAP, .htaccess, GACLj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 5. Whats interesting about another Science Portal? Interface modalities Web forms, RESTful interfaces, command line Access model Browser SSO, X.509, LDAP, .htaccess, GACL Identity management Streamlined grid account creationj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 6. Whats interesting about another Science Portal? Interface modalities Web forms, RESTful interfaces, command line Access model Browser SSO, X.509, LDAP, .htaccess, GACL Identity management Streamlined grid account creation Computational capability local, cluster, and grid computingj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 7. Whats interesting about another Science Portal? Interface modalities Web forms, RESTful interfaces, command line Access model Browser SSO, X.509, LDAP, .htaccess, GACL Identity management Streamlined grid account creation Computational capability local, cluster, and grid computing Data management Web (HTTP), scp, GridFTP, GlobusOnline Tiered staging of dataj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 8. Im still skeptical. What about Taverna, GridSphere, Galaxy, or HubZero?j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 9. Im still skeptical. What about Taverna, GridSphere, Galaxy, or HubZero? All great if the portal or application plugin already exists; and the application workGlows closely match your requirementsj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 10. Im still skeptical. What about Taverna, GridSphere, Galaxy, or HubZero? All great if the portal or application plugin already exists; and the application workGlows closely match your requirements Not-so-great if you have to implement a new portal on top of one of those frameworks you want to adapt the workGlow your data model changes you want to add a new application you want to explore the data in an unanticipated way command-line access is also important to you you are working with othersj.mp/esci12-sbgridijstokes@seas.harvard.edu 11. Links www.sbgrid.org portal.sbgrid.org j.mp/esci12-sbgrid ijstokes@seas.harvard.edu @ijstokesj.mp/esci12-sbgridijstokes@seas.harvard.edu 12. Outline Community Who the SBGrid Science Portal is meant to serve Objectives What was the vision for the Science Portal Implementation Software and service architectures Security, Collaboration, and IdM ... or How I learned to stop worrying and love X.509 Data Tiered data distribution modelj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 13. Washington U. School of Med.Cornell U.R. CerioneNE-CATT. EllenbergerB. CraneR. OswaldD. FremontS. Ealick C. ParrishRosalind Franklin NIH M. JinH. SondermannD. HarrisonM. MayerA. KeUMass MedicalU. WashingtonT. Gonen U. Maryland W. Royer E. TothBrandeis U.UC DavisN. GrigorieffH. StahlbergTufts U.K. HeldweinUCSFColumbia U.JJ MirandaQ. FanY. Cheng CommunityRockefeller U.StanfordR. MacKinnonA. Brunger Yale U.K. GarciaT. BoggonK. ReinischT. Jardetzky D. BraddockJ. Schlessinger Y. HaF. SigworthCalTechE. Lolis F. ZhouP. BjorkmanHarvard and AffiliatesW. Clemons N. Beglova A. LeschzinerG. Jensen Rice UniversityS. BlacklowK. MillerD. Rees E. NikonowiczB. ChenA. RaoY. ShamooVanderbiltJ. ChouT. RapoportY.J. Tao Center for Structural Biology J. ClardyM. SamsoWesternU W. ChazinC. Sanders M. Eck P. SlizM. Swairjo B. Eichman B. Spiller B. Furie T. Springer M. EgliM. Stone R. GaudetG. VerdineUCSD B. LacyM. WatermanM. Grant G. WagnerT. NakagawaM. OhiS.C. HarrisonL. WalenskyH. Viadiu Thomas Jefferson J. Hogle S.WalkerJ. WilliamsD. Jeruzalmi T.Walz D. Kahne J. WangNot Pictured:University of Toronto: L. Howell, E. Pai, F. Sicheri; NHRI (Taiwan): G. Liou; Trinity College, Dublin: Amir Khan T. Kirchhausen S. Wong 14. Structural Biology:Study of Protein Structure and Function 400m1mmj.mp/esci12-sbgrid10nmijstokes@seas.harvard.edu 15. Structural Biology:Study of Protein Structure and Function400m1mm 10nm Shared scientiGic data collection facility Data intensive (10-100 GB/day)j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 16. Consortium By The Numbers ~200 member labs representing about 1500 users ~200 software packages multi-platform (Linux, OS X) multi-version 4 FTE staff Automated software distribution 80 GB for full package rsync+ssh for updates Everything Just Works So labs are happy to renew membership and refer friendsj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 17. Boston Life Sciences Hub Biomedical researchers Government agencies Life sciences Tufts Universities Universit y School of Medicin e Hospitalsj.mp/esci12-sbgridijstokes@seas.harvard.edu 18. Hug a Life Scientist!j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 19. Hug a Life Scientist! Let them know you care ...j.mp/esci12-sbgridijstokes@seas.harvard.edu 20. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesntj.mp/esci12-sbgridijstokes@seas.harvard.edu 21. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them toj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 22. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlictedj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 23. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologistsj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 24. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled softwarej.mp/esci12-sbgrid ijstokes@seas.harvard.edu 25. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled software Expanded intoj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 26. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled software Expanded into training events and workshopsj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 27. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled software Expanded into training events and workshops best practice guidesj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 28. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled software Expanded into training events and workshops best practice guides shared computational infrastructure(clusters! OSG! GlobusOnline!)j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 29. Hug a Life Scientist! Let them know you care ... ... because the software we give them doesnt ... and neither do the systems we subject them to ... but to be fair, a lot of the pain is self-inZlicted SBGrid came into existence to Zill the tech void/pain experienced by structural biologists Started with providing reliable compiled software Expanded into training events and workshops best practice guides shared computational infrastructure(clusters! OSG! GlobusOnline!) web-based collaborative computational and data servicesj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 30. Objectives A.Extensible infrastructure to facilitate development and deployment of novel computational workGlows B.Web-accessible environment for collaborative, compute and data intensive sciencej.mp/esci12-sbgridijstokes@seas.harvard.edu 31. Objectives (explained)j.mp/esci12-sbgridijstokes@seas.harvard.edu 32. Objectives (explained) Pareto Principlej.mp/esci12-sbgridijstokes@seas.harvard.edu 33. Objectives (explained) Pareto Principle 80% of the time users are happy with basic web form interface to standard application workGlow and canned result analysisj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 34. Objectives (explained) Pareto Principle 80% of the time users are happy with basic web form interface to standard application workGlow and canned result analysis 20% of the effort to address these routine casesj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 35. Objectives (explained) Pareto Principle 80% of the time users are happy with basic web form interface to standard application workGlow and canned result analysis 20% of the effort to address these routine cases Science Portals are a big win over cumbersome and complex Fortran codej.mp/esci12-sbgrid ijstokes@seas.harvard.edu 36. Objectives (explained) Pareto Principle 80% of the time users are happy with basic web form interface to standard application workGlow and canned result analysis 20% of the effort to address these routine cases Science Portals are a big win over cumbersome and complex Fortran code Corollary to Pareto Principlej.mp/esci12-sbgrid ijstokes@seas.harvard.edu 37. Objectives (explained) Pareto Principle 80% of the time users are happy with basic web form interface to standard application workGlow and canned result analysis 20% of the effort to address these routine cases Science Portals are a big win over cumbersome and complex Fortran code Corollary to Pareto Principle 20% of the time users want or need customized application work12 POSIX groups/user suexec or gsexec possibilityj.mp/esci12-sbgridijstokes@seas.harvard.edu 66. SBGrid Portal: Current Status 262 users (lifetime), 72 active in past quarter 2.4 million hours on OSG last 12 months Seamless data sharing from web to ssh? requires NFSv4 to allow >12 POSIX groups/user suexec or gsexec possibility Account integration PAM (ssh/command line) + web through FreeIPA LDAP prototype of X.509 + VOMS + MyProxy (next section!)j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 67. SBGrid Portal: Current Status 262 users (lifetime), 72 active in past quarter 2.4 million hours on OSG last 12 months Seamless data sharing from web to ssh? requires NFSv4 to allow >12 POSIX groups/user suexec or gsexec possibility Account integration PAM (ssh/command line) + web through FreeIPA LDAP prototype of X.509 + VOMS + MyProxy (next section!) Collaboration shared secret (password) manual .htaccess or .gaclj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 68. Identity Management** or How I learned to stop worrying and love X.509 69. Big Picturej.mp/esci12-sbgridijstokes@seas.harvard.edu 70. Big Picture Federated environment requires federated identity management trusted identity providers (roots of trust)j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 71. Big Picture Federated environment requires federated identity management trusted identity providers (roots of trust) Collaboration requires user-driven capacity to form cross-organization user groups (aka Virtual Organizations) roles (or at least privilege levels) within VOj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 72. Big Picture Federated environment requires federated identity management trusted identity providers (roots of trust) Collaboration requires user-driven capacity to form cross-organization user groups (aka Virtual Organizations) roles (or at least privilege levels) within VO State of Play InCommon will get us part way there (waiting on adoption!) OpenID nice for users, but no trust or delegated perms X.509 process and details still tough for end user SSH keys lack standard root of trust and rolesj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 73. X.509 Digital CertiZicates Analogy to a passport: Application form Sponsors attestation Consular services veriGication of application, sponsor, and accompanying identiGication and eligibility documents Passport issuing ofGice Portable, digital passport Gixed and secure user identiGiers name, email, home institution signed by widely trusted issuer time limited ISO standardj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 74. X.509 Challenges Lots of humans in the loop to get usable cert Registration Agent, Sponsor, VO Manager, User Awkward working with X.509 certs multiple formats proxy certs and VOMS ACs proxy servers (MyProxy) expiry (of proxy, of base cert, of VO membership) browser integration and import process CA cert chain digital token needs to be available on all devices particularly challenging for phones and tabletsj.mp/esci12-sbgridijstokes@seas.harvard.edu 75. X.509 Nirvana (ours at least)j.mp/esci12-sbgrid ijstokes@seas.harvard.edu 76. X.509 Nirvana (ours at least) User never sees X.509 anything unless they want toj.mp/esci12-sbgrid ijstokes@seas.harvard.edu 77. X.509 Nirvana (ours at least) User never sees X.509 anything unless they want to X.509 request + VO membership + account creation completed in one step by one person single step for user single step for one administratorj.mp/esci12-sbgridijstokes@seas.harvard.edu 78. X.509 Nirvana (ours at least) User never sees X.509 anything unless they want to X.509 request + VO membership + account creation completed in one step by one person single step for user single step for one administrator Goodbye passphrases (and forgotten passphrases) hold private key in LDAP and use LDAP authentication to accessj.mp/esci12-sbgridijstokes@seas.harvard.edu 79. X.509 Nirvana (ours at least) User never sees X.509 anything unless they want to X.509 request + VO membership + account creation completed in one step by one person single step for user single step for one administrator Goodbye passphrases (and forgotten passphrases) hold private key in LDAP and use LDAP authentication to access Automate everything login (web or command line) triggers X.509 proxy request with (default) VOMS AC, and loading to MyProxy serverj.mp/esci12-sbgridijstokes@seas.harvard.edu 80. X.509 Nirvana (ours at least)User never sees X.509 anything unless they want toX.509 request + VO membership + account creation completed in one step by one person single step for user single step for one administratorGoodbye passphrases (and forgotten passphrases) hold private key in LDAP and use LDAP authentication to accessAutomate everything login (web or command line) triggers X.509 proxy request with (default) VOMS AC, and loading to MyProxy serverVO Management System run by users Users need to be able to self-manage their (sub-) VOsj.mp/esci12-sbgridijstokes@seas.harvard.edu 81. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"! *289:4)"*&% !";("!6"=()(7(=(&:S1 411!2;","!&R2%()*,"!&*289:4;4(=47(=(&: !"&!(";","!& U2a "?12!&%()*"+ ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 82. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"!T0 = late Saturday *289:4)"*&% night lab session !";("!6"=()(7(=(&:S1 411!2;","!&R2%()*,"!&*289:4;4(=47(=(&: !"&!(";","!& U2a "?12!&%()*"+ ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 83. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"!T0 = late Saturday *289:4)"*&% night lab session !";("!6"=()(7(=(&:S1 411!2;","!&R2%()*,"!&*289:4;4(=47(=(&: !"&!(";","!& U2a "?12!&%()*"+ ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 84. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"!T0 = late Saturday *289:4)"*&% night lab session !";("!6"=()(7(=(&: T+60h = early-TuesdayS1 411!2;","!&responseR2%()*,"!&*289:4;4(=47(=(&: !"&!(";","!& U2a "?12!&%()*"+ ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 85. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"!T0 = late Saturday *289:4)"*&% night lab session !";("!6"=()(7(=(&: T+60h = early-TuesdayS1 411!2;","!& responseR2T+66h = late-Tuesday%()*,"!&*289:4;4(=47(=(&:response !"&!(";","!& U2a "?12!&%()*"+ ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 86. U1U1U1 Addressing CertiZicate Problems /. -..)"*& 012*%2! 3%"!)"*"!4&","!&5":14(! !"#$"%&%()*"+,"!&U1 !"&$!*&!4,5(*)*$67"!T0 = late Saturday *289:4)"*&% night lab session !";("!6"=()(7(=(&: T+60h = early-TuesdayS1 411!2;","!& responseR2T+66h = late-Tuesday%()*,"!&*289:4;4(=47(=(&:response !"&!(";","!& T+70h = late-Tuesday U2a "?12!&%()*"+ STAGE 1 ,"!&5":14(!j.mp/esci12-sbgridijstokes@seas.harvard.edu 87. VO (Group) Membership Registration !")*#!"#$%&(# *+,(-,.#/-0.# +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1 ;0.23#>-0.#07897:3#5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#4%%#@A# V2 :,#!")*# (,123#.0?>0-:#!")*#$B#.0:>.(#!")*#$B#4%%#$B#:,# +.,C3#50.:# 88. VO (Group) Membership Registration T+82h = mid-Wednesday !")*#!"#$%&(# *+,(-,.#/-0.# ask What next? +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1 ;0.23#>-0.#07897:3#5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#4%%#@A# V2 :,#!")*# (,123#.0?>0-:#!")*#$B#.0:>.(#!")*#$B# 4%%#$B#:,#+.,C3#50.:# 89. VO (Group) Membership Registration T+82h = mid-Wednesday !")*#!"#$%&(# *+,(-,.#/-0.# ask What next? +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1T+95h = early-Thursday ;0.23#>-0.#07897:3# response (time zone!)5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#4%%#@A# V2 :,#!")*# (,123#.0?>0-:#!")*#$B#.0:>.(#!")*#$B# 4%%#$B#:,#+.,C3#50.:# 90. VO (Group) Membership Registration T+82h = mid-Wednesday !")*#!"#$%&(# *+,(-,.#/-0.# ask What next? +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1T+95h = early-Thursday ;0.23#>-0.#07897:3# response (time zone!)5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#V2response :,#!")*# (,123#.0?>0-:#!")*#$B#.0:>.(#!")*#$B# 4%%#$B#:,#+.,C3#50.:# 91. VO (Group) Membership Registration T+82h = mid-Wednesday !")*#!"#$%&(# *+,(-,.#/-0.# ask What next? +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1T+95h = early-Thursday ;0.23#>-0.#07897:3# response (time zone!)5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#V2response :,#!")*# (,123#T+105h = mid-Thursdayresponse.0?>0-:#!")*#$B#.0:>.(#!")*#$B# 4%%#$B#:,#+.,C3#50.:# 92. VO (Group) Membership Registration T+82h = mid-Wednesday !")*#!"#$%&(# *+,(-,.#/-0.# ask What next? +.0-0(:#50.:#:,#.0?>0-:#&0&90.-0-:#!"#8.,>+-#4(%#.,70-# U2b(,123#4%&(# V1T+95h = early-Thursday ;0.23#>-0.#07897:3# response (time zone!)5,(6.:3# S2time4++.,;0#&0&90.-+-=#4(%#.,70-#V2response :,#!")*# (,123#T+105h = mid-Thursdayresponse.0?>0-:#!")*#$B#.0:>.(#!")*#$B# 4%%#$B#:,#+.,C3#50.:#T+105h = 4.5 days waiting 93. () AB)! !"#$%& *+",-"# .-/#;< #/>:/-$+"#$%&%66":,$ =3!#"I3 ;:/-$-14,/@6/#$6/#$9/3+%1#,,#""%+#0%1*$/2%#/$:#,$#%691,4,:85/#,"?23%4/,$- 0/#123/&14151&1$3 A1a 6#/%$/6",7#8/&14151&1$3 &"6%&%66$S1* %++#"0/6/#$time-14,6/#$,"?23%0%1&%51&1$3 A1b -/$#/$#1/0%&-/#1%&,:85/#-/$;:/-$+"#$%&%66":,$ T0 = late Saturday;< =3!#"I3 ;:/-$-14,/@6/#$6/#$9/3+%1#,,#""%+#0%1*$/2%#/$:#,$#%691,4,:85/#,"?23%4/,$- 0/#123/&14151&1$3 A1a 6#/%$/6",7#8/&14151&1$3 &"6%&%66$S1* %++#"0/6/#$time-14,6/#$,"?23%0%1&%51&1$3 A1b -/$#/$#1/0%&-/#1%&,:85/#-/$;:/-$+"#$%&%66":,$ T0 = late Saturday;< =3!#"I3 ;:/-$-14,/@6/#$6/#$9/3+%1#,,#""%+#0%1*$/2%#/$:#,$#%691,4,:85/#,"?23%4/,$- 0/#123/&14151&1$3 A1a 6#/%$/6",7#8/&14151&1$3 &"6%&%66$S1* %++#"0/6/#$ T+40h = mid-Mondaytime-14,6/#$,"?23%0%1&%51&1$3 A1bresponse -/$#/$#1/0%&-/#1%&,:85/#-/$;:/-$+"#$%&%66":,$ T0 = late Saturday;< =3!#"I3 ;:/-$-14,/@6/#$6/#$9/3+%1#,,#""%+#0%1*$/2%#/$:#,$#%691,4,:85/#,"?23%4/,$- 0/#123/&14151&1$3 A1a 6#/%$/6",7#8/&14151&1$3 &"6%&%66$S1* %++#"0/6/#$ T+40h = mid-Mondaytime-14,6/#$,"?23%0%1&%51&1$3 A1bresponse -/$#/$#1/0%&-/#1%&,:85/#-/$;