Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki

Similar documents
Leveraging the Globus Platform in your Web Applications

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

Building the Modern Research Data Portal. Developer Tutorial

Tutorial: Building the Services Ecosystem

Welcome! Presenters: STFC January 10, 2019

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Design patterns for data-driven research acceleration

Integrating with ClearPass HTTP APIs

The Materials Data Facility

Introducing the New Globus CLI (alpha)

Federated Services for Scientists Thursday, December 9, p.m. EST

Building on the Globus Python SDK

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Beyond File Transfer. Steve Tuecke NCAR September 5, 2018

Bomgar PA Integration with ServiceNow

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

BlackBerry Developer Summit. A02: Rapid Development Leveraging BEMS Services and the AppKinetics Framework

GitHub-Flask Documentation

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Bambu API Documentation

Using OAuth 2.0 to Access ionbiz APIs

Introduction to SciTokens

Login with Amazon. Customer Experience Overview for Android/Fire apps

Integration Service. Admin Console User Guide. On-Premises

Partner Center: Secure application model

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

sanction Documentation

COMPUTE CANADA GLOBUS PORTAL

Connect to data that drives productivity and build smarter apps with Microsoft Graph Gideon Huang

Integrating Salesforce and SharePoint Netwoven Inc.

Azure Archival Installation Guide

Microsoft Architecting Microsoft Azure Solutions.

CA Single Sign-On and LDAP/AD integration

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

GPII Security. Washington DC, November 2015

GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

Managing Protected and Controlled Data with Globus. Vas Vasiliadis

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Sentinet for Microsoft Azure SENTINET

How to use or not use the AWS API Gateway for Microservices

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

NIELSEN API PORTAL USER REGISTRATION GUIDE

SharePoint General Instructions

How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client

[GSoC Proposal] Securing Airavata API

BLACKBERRY SPARK COMMUNICATIONS PLATFORM. Getting Started Workbook

Centrify for Dropbox Deployment Guide

Authentication in the Cloud. Stefan Seelmann

ArcGIS for Server: Administration and Security. Amr Wahba

Entrust PartnerLink Login Instructions

Introduction to Globus: SaaS for Research Data Management. Harvard University September 12, 2017

DreamFactory Security Guide

Automation with Meraki Provisioning API

REST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0

OAuth 2 and Native Apps

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

globus-sdk-python Documentation

Single Sign-On for PCF. User's Guide

Securing APIs and Microservices with OAuth and OpenID Connect

The SciTokens Authorization Model: JSON Web Tokens & OAuth

Tableau Automation Starter Kit:

Chatter Answers Implementation Guide

FAQ. General Information: Online Support:

BEC. NetScaler Unmanaged VPN. Installation Guide. and. User Guide. Version

Xerox Mobile Link App

Azure Developer Immersions API Management

f5-icontrol-rest Documentation

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Microsoft Graph API Deep Dive

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

RingCentral for ServiceNow. Admin Guide

Globus Platform Services for Data Publication. Greg Nawrocki University of Chicago & Argonne National Lab GeoDaRRS August 7, 2018

SafeNet Authentication Manager

SUG Breakout Session: OSC OnDemand App Development

Leveraging Globus Identity for the Grid. Suchandra Thapa GlobusWorld, April 22, 2016 Chicago

Table of Contents. I. How do I register for a new account? II. How do I log in? (I already have a MyJohnDeere.com account.)

Set Up and Manage Salesforce Communities

TECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.

Box Connector. Version 2.0. User Guide

VMware AirWatch Content Gateway Guide for Windows

Beginner s Guide to Cordova and Mobile Application Development

API Manager Version May User Guide

Release Notes. Concur Connect. Release Notes... 1

All about SAML End-to-end Tableau and OKTA integration

Full Stack Web Developer Nanodegree Syllabus

INDIGO AAI An overview and status update!

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

AEM Mobile: Setting up Google as an Identity Provider

Technical Overview. Version March 2018 Author: Vittorio Bertola

Sentinet for BizTalk Server SENTINET

CDIS Biomedical Data Commons

Integration Service. Admin Console User Guide. On-Premises

Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras

The Now Platform Reference Guide

ClickToCall SkypeTest Documentation

VMware AirWatch Content Gateway Guide for Windows

Using OpenID/OAuth to access Federated Data Services

Transcription:

Leveraging the Globus Platform in your Web Applications GlobusWorld April 26, 2018 Greg Nawrocki greg@globus.org

Topics and Goals Platform Overview Why expose the APIs A quick touch of the Globus Auth APIs Globus Transfer APIs Jupyter Notebook walkthrough Integrating Globus into Science Gateways and Portals Modern Research Data Portal (MRDP) demo Overall Goal - Build the foundation for what you will see in subsequent talks

How can I integrate Globus into my research workflows? Specifically applications I ve developed or am planning to develop. 4

Globus serves as A platform for building science gateways, portals and other web applications in support of research and education 5

Globus Platform-as-a-Service File Sharing File Transfer & Replication Globus Auth API (Group Management) Integrate file transfer and sharing capabilities into scientific web apps, portals, gateways, etc... Globus Connect Globus Transfer API Data Publication & Discovery Use existing institutional ID systems in external web applications

PaaS Security Challenges Globus Auth How to provide: Login to apps o Web apps (Jupyter Notebook, Portals), Mobile, Desktop, Command line Protect all REST API communications o App à Globus service (Jupyter Notebook, MRDP) o App à non-globus service (MRDP) o Service à service (MRDP) While: Not introducing even more identities o Providing a platform to consolidate those identities Providing least privileges security model (consents) Being agnostic to programming language and framework Being web friendly Making it easy for users and developers 7

Authorization Code Grant 1. Access portal 2. Redirects user Client (Jupyter Notebook, Portal, Application) Browser (User) 4. Authorization code 5. Authenticate using client id and secret, send authorization code 6. Access token(s) 3. User authenticates and consents Globus Auth (Authorization Server) 7. Authenticate with access token(s) to create a transfer client object and give the user the authority invoke the transfer service Globus Transfer (Resource Server)

Globus Platform Transfer API

Globus Transfer API Globus Web App consumes public Transfer API Resource named by URL (standard REST approach) Query params allow refinement (e.g., subset of fields) Globus APIs use JSON for documents and resource representations Requests authorized via OAuth2 access token Authorization: Bearer asdflkqhafsdafeawk docs.globus.org/api/transfer 10

Globus Python SDK Python client library for the Globus Auth and Transfer REST APIs globus_sdk.transferclient class handles connection management, security, framing, marshaling from globus_sdk import TransferClient tc = TransferClient() globus.github.io/globus-sdk-python 11

TransferClient low-level calls Thin wrapper around REST API post(), get(), update(), delete() get(path, params=none, headers=none, auth=none, response_class=none) o path path for the request, with or without leading slash o params dict to be encoded as a query string o headers dict of HTTP headers to add to the request o response_class class response object, overrides the client s default_response_class o Returns: GlobusHTTPResponse object 12

TransferClient higher-level calls One method for each API resource and HTTP verb Largely direct mapping to REST API endpoint_search(filter_fulltext=none, filter_scope=none, num_results=25, **params) 13

Walkthrough Jupyter Notebook https://jupyter.demo.globus.org Sign in with Globus Verify the consents Start My Server (this will take about a minute) Open folder: globus-jupyter-notebooks Open folder: globusworld2018 Run SDK_autoAuth.ipynb If you mess it up and want to go back to the beginning Back down to the root folder Run NotebookPuller.ipynb 14

Endpoint Search Plain text search for endpoint Searches owner, display name, keywords, description, organization, department Full word and prefix match Limit search to pre-defined scopes all, my-endpoints, recently-used, in-use, sharedby-me, shared-with-me Returns: List of endpoint documents 15

Endpoint Management Get endpoint (by id) Update endpoint Create & delete (shared) endpoints Manage endpoint servers 16

Endpoint Activation Activating endpoint means binding a credential to an endpoint for login Globus Connect Server endpoint that have MyProxy or MyProxy OAuth identity provider require login via web Auto-activate Globus Connect Personal and Shared endpoints use Globusprovided credential Must auto-activate before any API calls to endpoints 17

File operations List directory contents (ls) Make directory (mkdir) Rename Note: Path encoding & UTF gotchas Don t forget to auto-activate first 18

Task submission Asynchronous operations Transfer o Sync level option Delete Get submission_id, followed by submit Once and only once submission 19

Task management Get task by id Get task_list Update task by id (label, deadline) Cancel task by id Get event list for task Get task pause info 20

Bookmarks Get list of bookmarks Create bookmark Get bookmark by id Update bookmark Delete bookmark by id Cannot perform other operations directly on bookmarks Requires client-side resolution 21

Shared endpoints and access rules (ACLs) Shared Endpoint create / delete / get info / get list Administrator role required to delegate access managers Access manager role required to manage permission/acls Operations: Get list of access rules Get access rule by id Create access rule Update access rule Delete access rule 22

Management API Allow endpoint administrators to monitor and manage all tasks with endpoint Task API is essentially the same as for users Information limited to what they could see locally Cancel tasks Pause rules 23

How can I do this in my [science gateway, data portal, web app, ]? 24

Demonstration Modern Research Data Portal https://docs.globus.org/modern-research-data-portal/

Prototypical research data portal Identity Provider HTTPS Globus Web Helper Pages Globus Cloud Browser Login Globus Auth Globus Transfer Applications Portal Web Server (Client) REST Other Services Desktop Firewall GridFTP User s Endpoint (optional) Portal Endpoint Science DMZ Other Endpoints 26

Data Distribution: ARM Climate Research Facility 27

Analysis Workflow Integration: Wellcome Sanger

Globus Helper Pages Globus pages designed for use by your web apps Browse Endpoint Activate Endpoint Select Group Manage Identities Manage Consents Logout docs.globus.org/api/helper-pages 29

Globus PaaS developer resources Python SDK Jupyter Notebook docs.globus.org/api Sample Application github.com/globus

Support resources Globus documentation: docs.globus.org Helpdesk and issue escalation: support@globus.org Customer engagement team Globus professional services team Assist with portal/gateway/app architecture and design Develop custom applications that leverage the Globus platform Advise on customized deployment and integration scenarios

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback