leveraging the incommon federation to access the nsf teragrid n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Leveraging the InCommon Federation to access the NSF TeraGrid PowerPoint Presentation
Download Presentation
Leveraging the InCommon Federation to access the NSF TeraGrid

Loading in 2 Seconds...

play fullscreen
1 / 11

Leveraging the InCommon Federation to access the NSF TeraGrid - PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on

Leveraging the InCommon Federation to access the NSF TeraGrid. Jim Basney, Terry Fleury, Von Welch TeraGrid Round Table Update May 21, 2009. Big Picture: CASC Report.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Leveraging the InCommon Federation to access the NSF TeraGrid' - newman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
leveraging the incommon federation to access the nsf teragrid

Leveraging the InCommon Federationto access the NSF TeraGrid

Jim Basney, Terry Fleury, Von Welch

TeraGrid Round Table Update

May 21, 2009

big picture casc report
Big Picture: CASC Report
  • Tactical Recommendation 2.3.1a: The global federated system for identity management, authentication, and authorization that is supported by the InCommon Federation should be adopted with an initial focus on major research universities and colleges. After an initial deployment in research- oriented functions involving research universities, such an identity management strategy for CI should be implemented generally within funding agencies and other educational institutions.

http://www.casc.org/papers/CASC-CCI_Workshop_Report_and_Recommendations.pdf

May 21, 2009

more pragmatically
More Pragmatically
  • Long Term:
    • Show how CI projects can get out of the process of credentialing users
    • Leverage existing processes at the user’s campus.
  • Short Term:
    • Allow TG users to also use their campus logins to access TG.
      • Augment, not replace, current authentication process.

May 21, 2009

teragrid campus integration
TeraGrid Campus Integration
  • The TeraGrid project is working in many ways to better integrate with campuses to support research and education
    • TeraGrid Campus Championshttp://www.teragrid.org/eot/campuschamps.html
    • TeraGrid Client Softwarehttp://teragridforum.org/mediawiki/index.php?title=TeraGrid_Client_Software
  • Authentication and Authorization is just one aspect of TeraGrid’s Campus Integration effort

May 21, 2009

brass tacks three activities
Brass Tacks: Three activities
  • Technical deployment of Shibboleth CA, integration in to TGUP
  • Establish InCommon membership and relationship with campuses
  • Accreditation of Shibboleth CA with TAGPMA

May 21, 2009

deployment of shibboleth ca and integration with tgup
Deployment of Shibboleth CA and Integration with TGUP
  • Shibboleth CA deployed
  • Integration with TGUP delayed due to LifeRay Transition
    • Will integrate after transition completed
  • In the interim:
    • https://go.teragrid.org
  • Replicates functionality of TGUP
    • GSISSH, GridFTP
  • Allows us to build trust relationships

May 21, 2009

approach
Approach
  • Link Shibboleth identity to TG User Identity
    • An existing user authenticates to the TGUP via Shibboleth
    • The TGUP prompts for the user’s TGUP username and password
  • Automatically obtain PKI credentials based on Shibboleth authentication to TGUP
    • Transparently use PKI credentials with TGUP SSH Terminal and File Manager

May 21, 2009

establishing trust on two fronts
Establishing Trust on Two Fronts

Shibboleth

PKI / TG SSO

InCommon

TAGPMA

Shibboleth-CA/

go.teragrid.org/

TGUP

RPs

Universities

May 21, 2009

teragrid and incommon status
TeraGrid and InCommon: Status
  • TeraGrid joined InCommon in July 2008
  • TeraGrid still needs to establish relationships with each campus to provide us with user identifiers.
    • InCommon provides the foundation for this, but it still is not free.
  • We are in the process of contacting campuses with > 50 TG users
    • Have established relationship with 12 so far
      • See dropdown list on https://go.teragrid.org
    • Another ~3 who we are talking with

May 21, 2009

tagpma status
TAGPMA Status
  • Accreditation of new Shibboleth CA achieved as of May 13, 2009
  • New Shibboleth CA now in TG tarball
  • Rolling out to RPs:
    • http://www.teragridforum.org/mediawiki/index.php?title=Status_of_new_CA_installation_at_TG_RPs

May 21, 2009

next steps
Next Steps
  • Continue to build relationships with Campuses
  • Find initial users to kick the tires on process
  • Monitor TGUP transition and be prepared to jump in.

May 21, 2009