Leveraging the InCommon Federation to access the NSF TeraGrid

Similar documents
Goal. TeraGrid. Challenges. Federated Login to TeraGrid

CILogon Project

Federated Services for Scientists Thursday, December 9, p.m. EST

Managing Grid Credentials

CILogon. Federating Non-Web Applications: An Update. Terry Fleury

Deploying the TeraGrid PKI

Federated access to Grid resources

UCLA Grid Portal (UGP) A Globus Incubator Project

Using the MyProxy Online Credential Repository

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Authentication for Virtual Organizations: From Passwords to X509, Identity Federation and GridShib BRIITE Meeting Salk Institute, La Jolla CA.

UGP and the UC Grid Portals

Introduction to FREE National Resources for Scientific Computing. Dana Brunson. Jeff Pummill

The SciTokens Authorization Model: JSON Web Tokens & OAuth

Getting Started with XSEDE. Dan Stanzione

OGCE User Guide for OGCE Release 1

Contents. Windows 7 Instructions Windows 10 Instructions Android Instructions Mac OS Instructions ios Instructions...

Higher Education PKI Initiatives

AAI in EGI Current status

1. Federation Participant Information DRAFT

IAM Project Overview & Milestones

A VO-friendly, Community-based Authorization Framework

Case Study Identity Management at Texas A&M University

Report for the GGF 15 Community Activity: Leveraging Site Infrastructure for Multi-Site Grids

ios BYOD Wireless Instructions

UNIT IV PROGRAMMING MODEL. Open source grid middleware packages - Globus Toolkit (GT4) Architecture, Configuration - Usage of Globus

FeduShare Update. AuthNZ the SAML way for VOs

Canadian Access Federation: Trust Assertion Document (TAD)

Grid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007

GSI Online Credential Retrieval Requirements. Jim Basney

J. Basney, NCSA Category: Experimental October 10, MyProxy Protocol

Granting, Changing, or Rescinding Your FERPA Permissions

XSEDE Software and Services Table For Service Providers and Campus Bridging

Using the New UCOP UAT Validation Reports for Graduate Admissions

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Authorization Strategies for Virtualized Environments in Grid Computing Systems

BSE-SINGLE SIGN ON. For Brokers/ Banks/ Mutual Funds

Globus Research Data Management: Campus Deployment and Configuration. Steve Tuecke Vas Vasiliadis

SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES

The University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Using MATLAB on the TeraGrid. Nate Woody, CAC John Kotwicki, MathWorks Susan Mehringer, CAC

A Grid Authorization Model for Science Gateways

Data publication and discovery with Globus

Integration of Identity Provider for Single Sign-On

30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy

Virtual Organizations in Academic Settings

Electronic System for the Management of Proctors Application and Password Authorization for the Examinations

UNICORE Globus: Interoperability of Grid Infrastructures

Pittsburgh Supercomputing Center MyProxy Certificate Authority Short Lived Credential Service (PSC MyProxy CA)

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Do I Really Need Another Account? External Identities for Campus Applications

InCommon Federation: Participant Operational Practices

Extending Services with Federated Identity Management

SLCS and VASH Service Interoperability of Shibboleth and glite

EGI-InSPIRE. GridCertLib Shibboleth authentication for X.509 certificates and Grid proxies. Sergio Maffioletti

EGEE and Interoperation

Internet2 Overview, Services and Activities. Fall 2007 Council Briefings October 7, 2007

TEXAS STUDENT DATA SYSTEM TEAL - TSDS PORTAL LOGON

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Application Process Page 1 of 12. Application Process

Canadian Access Federation: Trust Assertion Document (TAD)

TimesheetX helps schools automate the time sheet submission and approval process for employees, employers, and administrators.

XSEDE New User Training. Ritu Arora November 14, 2014

Applying for Funding in Fluxx. Quick Start Instructions

XSEDE New User/Allocation Mini-Tutorial

Canadian Access Federation: Trust Assertion Document (TAD)

Correspondent Pipeline Portals Job Aid

IT Governance Committee Review and Recommendation

Canadian Access Federation: Trust Assertion Document (TAD)

XSEDE s Campus Bridging Project Jim Ferguson National Institute for Computational Sciences

A Roadmap for Integration of Grid Security with One-Time Passwords

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

Advantages of Online form for CAS. Instructions for filling online form for CAS

Credentialing for InCommon

Canadian Access Federation: Trust Assertion Document (TAD)

LionsLink. Student and Alumni Guide

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Grid Architectural Models

Leveraging Globus Identity for the Grid. Suchandra Thapa GlobusWorld, April 22, 2016 Chicago

Assurance Enhancements for the Shibboleth Identity Provider 19 April 2013

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

SmartSolutions Portal User Guide

Canadian Access Federation: Trust Assertion Document (TAD)

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

High Performance Computing Course Notes Grid Computing I

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

UAB IT Academic Computing

Introduction to Grid Infrastructures

Development of new security infrastructure design principles for distributed computing systems based on open protocols

Canadian Access Federation: Trust Assertion Document (TAD)

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

Federated XDMoD Requirements

Transcription:

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign jbasney@ncsa.uiuc.edu This material is based upon work supported by the National Science Foundation under Grant No. 0503697. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.

What is the TeraGrid? NSF-funded facility to offer high end compute, data, and visualization resources to the nation s academic researchers www.teragrid.org

TeraGrid Campus Integration The TeraGrid project is working in many ways to better integrate with campuses to support research and education TeraGrid Campus Champions http://www.teragrid.org/eot/campuschamps.html TeraGrid Client Software http://teragridforum.org/mediawiki/index.php?title=teragrid_client_software Authentication and Authorization is just one aspect of TeraGrid s Campus Integration efforts For more info about TeraGrid Contact: help@teragrid.org

TeraGrid and InCommon: Status TeraGrid joined InCommon in July 2008 TeraGrid will be an InCommon Resource Provider TeraGrid will not be an InCommon Credential Provider (at this time) Shibboleth integration with TeraGrid User Portal (TGUP) will begin soon Today I m presenting our plans

TeraGrid Federations TeraGrid Core Services Manage accounts and allocations across resources and sites Centralized resource usage accounting TeraGrid Central Database (TGCDB) X.509 Public Key Infrastructure (PKI) International Grid Trust Federation (IGTF) (igtf.net) Includes Certificate Authorities operating outside of TeraGrid Enables single sign-on across TeraGrid systems and other grids

TeraGrid Federations TeraGrid Science Gateways Program Enables TeraGrid to scale to large user communities by outsourcing front-end user support Gateways are self-managed scientific communities Gateways act as identity provider and resource broker InCommon Federation Facilitates campus login to TeraGrid resources by researchers and students Provides an integrated login experience between campus and TeraGrid services

TeraGrid and InCommon: Goals First Step: Campus login to TeraGrid User Portal Access administrative interfaces: Request Allocation, View Usage, List Accounts, Edit Profile, Register X.509 DNs, Add/Remove User Access TeraGrid resources: SSH Terminal, File Transfer Manage Training Accounts: Short-term student access using campus attributes Eliminate the need to distribute TeraGrid usernames and passwords in the classroom

TeraGrid and InCommon: Goals Next Step: Campus logins to TeraGrid Science Gateways Attribute-based access to community-focused interfaces Operated by the community Attributes used end-to-end from campus through gateway to TeraGrid resource providers and TeraGrid-wide accounting

TeraGrid User Portal (TGUP)

TGUP Systems Monitor

TGUP Science Gateways Listing

My TeraGrid: Usage

My TeraGrid: Accounts

My TeraGrid: Add/Remove User

TG Proposal Submission

My TeraGrid: SSH Terminal

My TeraGrid: File Manager

New User Approach: Account Linking A new user authenticates to the TGUP via Shibboleth The user prepares and submits a proposal for TeraGrid resources If the proposal is approved, the user s TeraGrid account is created with a link to his/her eppn/eptid Result The user can access personalized TGUP functionality using campus Shibboleth authentication, without requiring a separate TGUP username and password

Existing User Approach: Account Linking An existing user authenticates to the TGUP via Shibboleth The TGUP prompts for the user s TGUP username and password The user is given the option to link his/her eppn/ eptid to his/her TeraGrid account Result The user can access personalized TGUP functionality using campus Shibboleth authentication, without requiring a separate TGUP username and password

Access to TeraGrid Resources TeraGrid resources support PKI authentication Interfaces: GSISSH (remote login), GRAM (job submission), GridFTP (file transfer) Approach: Automatically obtain PKI credentials based on Shibboleth authentication to TGUP Transparently use PKI credentials with TGUP SSH Terminal and File Manager See GridShib CA: http://gridshib.globus.org/ MyProxy CA: http://myproxy.ncsa.uiuc.edu/ca

Summary TeraGrid has joined InCommon To facilitate campus login to TeraGrid resources by researchers and students First Step: Campus login to TeraGrid User Portal Next Step: Campus login to Science Gateways Thanks! Contact: jbasney@ncsa.uiuc.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback