Attribute based authentication for gateways
This presentation is the property of its rightful owner.
Sponsored Links
1 / 11

Attribute-based Authentication for Gateways PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on
  • Presentation posted in: General

Attribute-based Authentication for Gateways. Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr. Gateway Objectives for PY4 and 5. TeraGrid integration will be straightforward for new and existing gateway developers

Download Presentation

Attribute-based Authentication for Gateways

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Attribute based authentication for gateways

Attribute-based Authenticationfor Gateways

Jim Basney

Terry Fleury

Stuart Martin

JP Navarro

Tom Scavo

Nancy Wilkins-Diehr


Gateway objectives for py4 and 5

Gateway Objectives for PY4 and 5

  • TeraGrid integration will be straightforward for new and existing gateway developers

  • There will be a set of easy to discover general services provided by and for Gateways

  • The targeted support program will be well-organized

  • We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users

  • There will be a funded cross-directorate gateway program at the NSF

Presented December, 2007


We will be able to routinely count end gateway users who will total 25 of total teragrid users

We will be able to routinely count end gateway users, who will total 25% of total TeraGrid users

  • A unique identifier for each end gateway user per community account must exist in TGCDB

  • Gateways will need to transmit and TGCDB will need to receive this additional identifier through any job submission mechanism

  • Attribute-based authentication in production and easy to use

Presented December, 2007


How will we meet those goals

How will we meet those goals?

  • Attribute-based authentication

    • In our case, GridShib for Globus

    • Fantastic documentation and assistanceThanks Jim Basney, Tom Scavo, Terry Fleury

    • http://www.teragridforum.org/mediawiki/index.php?title=Science_Gateway_Credential_with_Attributes


How have we been moving toward those goals in 2008

How have we been moving toward those goals in 2008?

  • Q108

    • GridShib SAML Tools released for gateways with documentation

    • Successfully tested VOMS/SAML for OSG/TG interop

    • GridShib for Globus Toolkit released for RPs

  • Q208

    • TeraGrid 08

      • Tutorial, poster, BoF, demo for gateways at working group meeting

    • GridShib SAML integrated into SimpleGrid

  • Q308

    • Provided a testing mechanism for Science Gateways to verify they are including attributes correctly (http://gstest.ncsa.uiuc.edu/)

    • Provided documentation for CTSS Gateway Capability Kit to GIG Packaging Team

    • Published GridShib configuration file for TG RPs

  • Q408

    • Rollout CTSS Gateway Capability Kit for preliminary testing at TG RPs

    • Engage with additional Science Gateways to incorporate attributes into their job submissions

    • Update GT GRAM Audit capabilities to support recording of gateway job attributes


How will this be made available at rp sites science gateway ctss kit which includes

How will this be made available at RP sites?science-gateway CTSS kit, which includes

  • commsh

    • NCSA-developed, PSC-enhanced tool to restrict community accounts

    • http://security.ncsa.uiuc.edu/research/commaccts/docs/howto.php

  • GridShib for Globus Toolkit

    • NCSA-developed tool to collect, process, store and log attributes

      • Future TG-specific efforts will store these in the TGCDB

    • http://gridshib.globus.org/

  • Kit name for information services lookup at http://info.teragrid.org

    • science-gateway.teragrid.org

  • Installation instructions

    • http://software.teragrid.org/pacman/ctss4/ctss-science-gateway-registration/README.install


Who s expressed interest in deploying the gateway kit in py4

Who’s expressed interest in deploying the gateway kit in PY4?

Results of survey conducted by Lee Liming and team, sent to tg-leads 8/13/08


Who s expressed interest in testing the gateway kit in py4

Who’s expressed interest in testing the gateway kit in PY4?

This talk is to remind the TeraGrid team of the higher level goals

and the importance of the work

and generate interest in testing so we can meet our goals!


Ambitious but achievable goal

Ambitious, but achievable goal

  • By September, 2009 all jobs submitted by community accounts will include attributes with unique user identifiers to be stored in the TGCDB

  • Next steps

    • RP testing through Feb 2009

    • Globus Toolkit 4.0.9 released Feb 2009

    • Capability Kit V2 released Mar 2009

    • Production installations of Capability Kit V2

    • 6-month gateway transition – March through August

      • News postings, education process, log analysis to identify who still needs to make the switch, lots of support

    • Big party in September!


What would we like to happen next

What would we like to happen next?

  • More RPs for testing

    • What does testing mean? (identify a node, install Capability Kit V1, work one-on-one with NCSA to test)

    • What’s the impact on a site? (admin needed to install and test GT 4.0.8 + GridShib for GT)

    • What’s the impact on Globus performance? (negligible)

    • Real focus on this through February

  • More gateways for testing

    • GISolve, nanoHUB and SimpleGrid have done some tests already

      • Nancy, Stu can identify gateways

    • Real focus on this, increasing over the summer

  • Where do you sign up?

    • Email [email protected] (RPs) or [email protected] (gateways)

    • Help is available!


Community account usage by site in 2008

Community Account Usage by Sitein 2008

Over 2M CPU hours used by community accounts in 2008


  • Login