1 / 14

Overview

Dynamic Virtual Organisations for e-Science Education (DyVOSE) project Dr Richard Sinnott Technical Director National e-Science Centre ||| Deputy Director (Technical) Bioinformatics Research Centre University of Glasgow ros@dcs.gla.ac.uk. Overview. DyVOSE project Brief summary project

franz
Download Presentation

Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Virtual Organisations for e-Science Education (DyVOSE) projectDr Richard SinnottTechnical Director National e-Science Centre|||Deputy Director (Technical) Bioinformatics Research CentreUniversity of Glasgowros@dcs.gla.ac.uk

  2. Overview • DyVOSE project • Brief summary project • Outline of technical approach • Achievements and Status • Plans for the future

  3. DyVOSE Overview • Dynamic Virtual Organisations for e-Science Education (DyVOSE) project • Two year project started 1st May 2004 • Exploring advanced authorisation infrastructures for security in context of education • University of Salford/(Kent) provide authorisation software (PERMIS) and security expertise • Applied in Grid Computing module part of advanced MSc at the University of Glasgow • Will provide insight into rolling out authorisation infrastructures/Grid to the masses • Exploration of current state of the art in authorisation infrastructures • Second phase of work will involve NeSC Edinburgh/EDINA • Extensions to the existing PERMIS infrastructure to provide dynamic delegation of authority and recognition of authority

  4. DyVOSE Project Participants • Dynamic Virtual Organisations in e-Science Education (DyVOSE) team • Principal Investigators • Dr Richard Sinnott (NeSC Glasgow) • Prof David Chadwick (Salford/Kent) • Developers • Dr John Watt, Anthony Stell (NeSC Glasgow) • Dr Sassa Otenko (Salford/Kent) • Mr Tuan Anh Nguyen (Salford/Kent) • Other Key People Involved • Dr David Berry (NeSC Edinburgh) • Dr Sandy Shaw (EDINA)

  5. DyVOSE Workplan Other resources • Phase 1 • Looking at applying existing PERMIS technology to establish static Privilege Management Infrastructure at GU National Grid Service GU Condor pools ScotGrid PERMIS based Education authorisation VO policies Authorisation checks Authorisation decisions

  6. Grid Computing module • Part of advanced MSc at Glasgow • Started teaching on 30th September • Completed on 2nd December • 16 students took this module • Involved • 20 lectures, 10 tutorials • 3 problem sets, 1 large programming assignment • Two exam papers • Huge amount of work in doing this for first time • first UK Grid Computing course? • Technological landscape fluidity? • Taught by • Richard Sinnott (NeSC, Course Director) • Colin Perkins (DCS) • John Watt (NeSC, DyVOSE researcher)

  7. Explorations in Course • Students used PERMIS Policy Editor to develop security policy for use in their assignment • Detailed feedback given to PERMIS team • Assignment based on… • Sorting/searching “complete works of Shakespeare” • … run on single PC, • … using training lab Condor pool, • … * as GT3.3/Condor service, • … as GT3.3 service using GSI, • To see how authorisation at service level achieved • service should be accessible by themselves and lecturing staff only • used previously define policy • … using * for GT3.3-PERMIS authorised service • To see how authorisation at method level achieved • Students split into groups (Gp1, Gp2) • Sort method available to their group and lecturers only • Search method available to all • Performance aspects investigated throughout…

  8. Current PERMIS based PMI approach • PERMIS allows to • Define roles for who can do what on what • Policy = { Role x Target x Action } • Can user X invoke service Y and access or change data Z? • Policies created with PERMIS PolicyEditor (output is XML file)

  9. PERMIS based Authorisation

  10. PERMIS...ctd • PERMIS Privilege Allocator then used to associate roles with specific users • Signed policies are stored as attribute certificates in LDAP server • Exploited the GGF AuthZ specification • Generic way toauthorise access to Grid services using SAML callouts • Based on GT3.3 – PERMIS • Grid service (WSDD) has policy information associated with it • DN of clients, target and actions checked when attempts made to invoke services

  11. DyVOSE Phase 2/3 Glasgow Edinburgh ScotGrid Condor pool Blue Dwarf Dynamically established VO resources/users Delegated VO policies Edinburgh Education VO policies Glasgow Education VO policies Shibboleth PERMIS based Authorisation checks/decisions

  12. Work Progress …ctd • Web site established • http://www.nesc.ac.uk/hub/projects/dyvose • Dissemination • Feeding in to UK STF work, ETF AAA action line and informing ETF on other Core Programme projects • Presentations given at UK e-Science Education Workshop • Posters presented at • JISC meeting in Brighton • AHM 2004 in Nottingham • Papers accepted for and presented at • European Grid Conference, Amsterdam, Feb 2005 • NIST 4th Annual PKI Workshop, Gaithersberg, USA, April 2005 • High Performance Computing Systems and Applications Conference, Guelph, Canada, May 2005 • CLAG + Grid Edu workshop at CCGrid conference, Cardiff, May 2005 • Paper submitted and accepted for AHM 2005 • Course materials available on web site

  13. Future • Developing new course materials • Assignment to focus on exploring dynamic delegation of trust • Completion of dynamic delegation of trust and recognition of authority implementation • Detailed designs completed already • Continue working on GT4, PERMIS, Shibboleth integration • Using results from SAAM, SIPS project • Delivering requirements to GridShib project • Work input into other NeSC Glasgow projects • Biomedical Research Informatics Delivered by Grid Enabled Services (BRIDGES) • Others • More later…

  14. Questions?

More Related