1 / 11

Leveraging the InCommon Federation to access the NSF TeraGrid

Leveraging the InCommon Federation to access the NSF TeraGrid. Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009. Big Picture: CASC Report.

newman
Download Presentation

Leveraging the InCommon Federation to access the NSF TeraGrid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Leveraging the InCommon Federationto access the NSF TeraGrid Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009

  2. Big Picture: CASC Report • Tactical Recommendation 2.3.1a: The global federated system for identity management, authentication, and authorization that is supported by the InCommon Federation should be adopted with an initial focus on major research universities and colleges. After an initial deployment in research- oriented functions involving research universities, such an identity management strategy for CI should be implemented generally within funding agencies and other educational institutions. http://www.casc.org/papers/CASC-CCI_Workshop_Report_and_Recommendations.pdf May 21, 2009

  3. More Pragmatically • Long Term: • Show how CI projects can get out of the process of credentialing users • Leverage existing processes at the user’s campus. • Short Term: • Allow TG users to also use their campus logins to access TG. • Augment, not replace, current authentication process. May 21, 2009

  4. TeraGrid Campus Integration • The TeraGrid project is working in many ways to better integrate with campuses to support research and education • TeraGrid Campus Championshttp://www.teragrid.org/eot/campuschamps.html • TeraGrid Client Softwarehttp://teragridforum.org/mediawiki/index.php?title=TeraGrid_Client_Software • Authentication and Authorization is just one aspect of TeraGrid’s Campus Integration effort May 21, 2009

  5. Brass Tacks: Three activities • Technical deployment of Shibboleth CA, integration in to TGUP • Establish InCommon membership and relationship with campuses • Accreditation of Shibboleth CA with TAGPMA May 21, 2009

  6. Deployment of Shibboleth CA and Integration with TGUP • Shibboleth CA deployed • Integration with TGUP delayed due to LifeRay Transition • Will integrate after transition completed • In the interim: • https://go.teragrid.org • Replicates functionality of TGUP • GSISSH, GridFTP • Allows us to build trust relationships May 21, 2009

  7. Approach • Link Shibboleth identity to TG User Identity • An existing user authenticates to the TGUP via Shibboleth • The TGUP prompts for the user’s TGUP username and password • Automatically obtain PKI credentials based on Shibboleth authentication to TGUP • Transparently use PKI credentials with TGUP SSH Terminal and File Manager May 21, 2009

  8. Establishing Trust on Two Fronts Shibboleth PKI / TG SSO InCommon TAGPMA Shibboleth-CA/ go.teragrid.org/ TGUP RPs Universities May 21, 2009

  9. TeraGrid and InCommon: Status • TeraGrid joined InCommon in July 2008 • TeraGrid still needs to establish relationships with each campus to provide us with user identifiers. • InCommon provides the foundation for this, but it still is not free. • We are in the process of contacting campuses with > 50 TG users • Have established relationship with 12 so far • See dropdown list on https://go.teragrid.org • Another ~3 who we are talking with May 21, 2009

  10. TAGPMA Status • Accreditation of new Shibboleth CA achieved as of May 13, 2009 • New Shibboleth CA now in TG tarball • Rolling out to RPs: • http://www.teragridforum.org/mediawiki/index.php?title=Status_of_new_CA_installation_at_TG_RPs May 21, 2009

  11. Next Steps • Continue to build relationships with Campuses • Find initial users to kick the tires on process • Monitor TGUP transition and be prepared to jump in. May 21, 2009

More Related