E N D
Slide 2:National Cancer Institute’s 2015 Goal Need: Enable investigators to leverage their joint expertise in order to meet NCI 2015 Goal.
Strategy: Create scalable, actively managed organization connecting members of the NCI-supported cancer enterprise by building a Biomedical Informatics Grid
Slide 3:Cancer Biomedical Informatics Grid (caBIGTM) The cancer Biomedical Informatics Grid (caBIG™), is a voluntary network or grid connecting individuals and institutions to enable the sharing of data and tools, creating a World Wide Web of cancer research. The goal is to speed the delivery of innovative approaches for the prevention and treatment of cancer. The infrastructure and tools created by caBIG™ also have broad utility outside the cancer community.
National Cancer Institute Initiative
Over 800 Participants
Over 80 Organizations
Over 70 Projects
Slide 4:VO Related Security Issues Identity / User Provisioning
Hundreds of organizations, Tens of thousands of users.
Varying levels of Identity Management from Institution to Institution.
How do we assign Identity to users, how do we provision user accounts?
Who should assert the identity for a given user?
Trust - How do we decide who to trust?
Credential Providers
Certificate Authorities
Attribute Authorities
Group Authorities
Other digital signers
Slide 5:VO Related Security Issues Authorization
How do we create, manage, and provision groups of users/services at the grid level, such that we can build access control policy based on group membership?
How can we share access control policy across the grid?
How can we leverage institution maintained attributes?
Slide 6:caGrid Grid Infrastructure for caBIG
Focuses on providing middleware for enabling the interoperability between caBIG applications.
Open Source Reusable Components
caGrid Components
Grid Service Graphical Development Toolkit (Introduce)
Metadata / Semantic Services
Advertisement and Discovery
Data Service Infrastructure
Analytical Service Infrastructure
Identifiers
Workflow
Security
Slide 7:Grid Authentication and Authorization with Reliably Distributed Services (GAARDS)
The GAARDS Security Infrastructure provides services and tools for the administration and enforcement of security policy in an enterprise Grid.
Developed on top of the Globus Toolkit
Extends the Grid Security Infrastructure (GSI)
Provide enterprise services and administrative tools for:
Grid User Management
Identity Federation
Trust management
Group/VO management
Access Control Policy management and enforcement
Integration between existing security domains and the grid security domain.
Security Infrastructure for the Cancer Biomedical Informatics Grid (caBIGTM)
GAARDS
Slide 8:GAARDS Services Dorian
Grid User Account Management
Integration point between external security domains and the grid.
Allows accounts managed in external domains to be federated and managed in the grid.
Dorian allows users to use their existing credentials (external to the grid) to authenticate to the grid
Grid Trust Service (GTS)
Creation and Management of a federated trust fabric.
Supports applications and services in deciding whether or not signers of digital credentials/user attributes can be trusted.
Supports the provisioning of trusted certificate authorities and corresponding CRLS.
Grid Grouper
Group management service for the grid
Provides a group-based authorization solution for the Grid
Enforce authorization policy based on membership to groups
Slide 9:Dorian – Grid User Management Grid User Account Management
Administrative interface for account provisioning and management.
Built in Certificate Authority
Manages Grid Credentials for each user.
Enables users to authenticate and create grid proxies, which they may use to access the grid.
Identity Management and Federation
Integration point between external security domains and the grid.
User may use existing credentials to obtain a grid proxy.
User’s authenticate to IdP, obtain a SAML assertion (proof) which is then given to Dorian to facilitate the creation of a grid proxy.
Automated Account Creation and Provisioning
Complete WSRF Compliant Grid Service
Can be accessed and administered over the grid.
Complete Administrative UI
Manage all aspects of Dorian
Slide 11:Grid Grouper Grid Grouper provides a group based authorization solution for the grid.
Groups are defined and managed at the grid level.
Grid services/applications enforce authorization policy based on membership to groups.
Slide 12:caGrid / GAARDS Status Release Schedule
Beta Release was Summer 2006
Official Release December 15, 2006
Focus on Quality
Automated Continuous and Nightly Builds and Unit, System, and Integration Testing
“Quality at a glance” dashboards and archive of all build and test results
Giving Back to the Community
GAARDS is a Globus Incubator Project
More Information
caBIG
https://cabig.nci.nih.gov/
caGrid
http://gforge.nci.nih.gov/projects/cagrid-1-0/
GAARDS Globus Project
Information to be posted shortly after release
http://dev.globus.org/wiki/Incubator/GAARDS
Slide 13:GAARDS Team Ohio State University
Stephen Langella
Shannon Hastings
Scott Oster
David Ervin
Tahsin Kurc
Joel Saltz
NCICB
Avinash Shanbhag
Slide 14:Special Thanks caBIGTM
Internet 2
Grouper Team
Tom Barton, University at Chicago
Frank Manion, Fox Chase
Slide 15:Questions?