Leveraging the Globus Platform in your Web Applications

Similar documents
Leveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki

Building the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017

Building the Modern Research Data Portal. Developer Tutorial

Tutorial: Building the Services Ecosystem

Beyond File Transfer. Steve Tuecke NCAR September 5, 2018

Globus Research Data Management: Campus Deployment and Configuration. Steve Tuecke Vas Vasiliadis

globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

Introducing the New Globus CLI (alpha)

Integrating with ClearPass HTTP APIs

Design patterns for data-driven research acceleration

Welcome! Presenters: STFC January 10, 2019

GitHub-Flask Documentation

Bomgar PA Integration with ServiceNow

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

Using OAuth 2.0 to Access ionbiz APIs

BlackBerry Developer Summit. A02: Rapid Development Leveraging BEMS Services and the AppKinetics Framework

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Federated Services for Scientists Thursday, December 9, p.m. EST

Engagement With Scientific Facilities

Bambu API Documentation

Introduction to Globus: SaaS for Research Data Management. Harvard University September 12, 2017

sanction Documentation

NIELSEN API PORTAL USER REGISTRATION GUIDE

How to use or not use the AWS API Gateway for Microservices

The Now Platform Reference Guide

f5-icontrol-rest Documentation

CA Single Sign-On and LDAP/AD integration

Managing Protected and Controlled Data with Globus. Vas Vasiliadis

REST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0

Box Connector. Version 2.0. User Guide

USER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0

Partner Center: Secure application model

Azure Archival Installation Guide

OAuth 2 and Native Apps

Microsoft Graph API Deep Dive

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

globus-sdk-python Documentation

SharePoint General Instructions

Integration Service. Admin Console User Guide. On-Premises

BEC. NetScaler Unmanaged VPN. Installation Guide. and. User Guide. Version

Syncplicity Panorama with Isilon Storage. Technote

The Materials Data Facility

BLACKBERRY SPARK COMMUNICATIONS PLATFORM. Getting Started Workbook

TECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.

Building on the Globus Python SDK

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client

5 OAuth EssEntiAls for APi AccEss control layer7.com

AEM Mobile: Setting up Google as an Identity Provider

Login with Amazon. Customer Experience Overview for Android/Fire apps

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Microsoft Architecting Microsoft Azure Solutions.

VMware AirWatch Content Gateway Guide for Windows

Entrust PartnerLink Login Instructions

BIG-IP Access Policy Manager : Portal Access. Version 12.1

COMPUTE CANADA GLOBUS PORTAL

Sentinet for Microsoft Azure SENTINET

uick Start Guide 1. Install Oracle Java SE Development Kit (JDK) version or later or 1.7.* and set the JAVA_HOME environment variable.

Aruba Central Application Programming Interface

Liferay Security Features Overview. How Liferay Approaches Security

S-Drive Installation Guide v1.25

scconnect v1.x ADMINISTRATION, INSTALLATION, AND USER GUIDE

OAuth2 Autoconfig. Copyright

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Partner Integration Portal (PIP) Installation Guide

XCONNECT 2018 GATEWAY USER MANUAL

SpaceShuttle User guide v3

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

VMware AirWatch Chrome OS Platform Guide Managing Chrome OS Devices with AirWatch

Skandocs Installation and Connectivity Guide What you need to know to successfully utilise the Internet connectivity in Skandocs

ArcGIS Server and Portal for ArcGIS An Introduction to Security

VMware AirWatch Content Gateway Guide for Windows

DreamFactory Security Guide

Azure Developer Immersions API Management

AvePoint Cloud Governance. Release Notes

Novell Access Manager 3.1

[GSoC Proposal] Securing Airavata API

WEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F

VMware AirWatch Content Gateway Guide for Windows

Single Sign-On for PCF. User's Guide

Mobile Procurement REST API (MOBPROC): Access Tokens

Asana for bpm'online. User manual

Table of Contents. I. How do I register for a new account? II. How do I log in? (I already have a MyJohnDeere.com account.)

5 OAuth Essentials for API Access Control

Magento Pinterest Extension User Guide

VMware AirWatch Content Gateway Guide for Linux For Linux

Secure Access Manager User Guide September 2017

SafeNet Authentication Manager

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3.1 April 07, Integration Guide IBM

This walkthrough assumes you have completed the Getting Started walkthrough and the first lift and shift walkthrough.

ClickToCall SkypeTest Documentation

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

Using the MyProxy Online Credential Repository

GE Transportation Customer Web Center (CWC)

The benefits of synchronizing G Suite and Active Directory passwords

Salesforce Files Connect Implementation Guide

Centrify for Dropbox Deployment Guide

GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess

Transcription:

Leveraging the Globus Platform in your Web Applications Steve Tuecke tuecke@uchicago.edu NCAR September 5, 2018

Globus serves as A platform for building science gateways, web portals and other applications in support of research and education 2

Example web apps that leverage Globus 3

Globus Platform-as-a-Service Globus APIs File Sharing File Transfer & Replication Globus Auth (and Group Management) Integrate file transfer and sharing capabilities into scientific web apps, portals, gateways, etc... Globus Connect Data Automation, Publication & Search Use existing institutional ID systems in external web applications

PaaS Security Challenges Globus Auth How to provide: Login to apps o Web apps (Jupyter Notebook, Portals), Mobile, Desktop, Command line Protect all REST API communications o App à Globus service (Jupyter Notebook, MRDP) o App à non-globus service (MRDP) o Service à service (MRDP) While: Not introducing even more identities o Providing a platform to consolidate those identities Providing least privileges security model (consents) Being agnostic to programming language and framework Being web friendly Making it easy for users and developers 5

Authorization Code Grant 1. Access portal 2. Redirects user Browser (User) 4. Authorization code 3. User authenticates and consents Client (Web Portal, Application, Jupyter) 5. Authenticate using client id and secret, send authorization code 6. Access token(s) Globus Auth (Authorization Server) Identity Provider 7. Authenticate with access token(s) to give the client the authority invoke the transfer service Globus Transfer (Resource Server)

Globus Platform Transfer API

Globus Transfer API Globus Web App consumes public Transfer API REST API: Resources/actions named by URL Query params allow refinement (e.g., filter) Globus APIs use JSON for documents and resource representations Requests authorized via Globus Auth issued OAuth2 access token Authorization: Bearer asdflkqhafsdafeawk docs.globus.org/api/transfer 8

Globus Python SDK Python client library for the Globus Auth and Transfer REST APIs globus_sdk.transferclient class handles connection management, security, framing, marshaling from globus_sdk import TransferClient tc = TransferClient() globus.github.io/globus-sdk-python 9

TransferClient low-level calls Thin wrapper around REST API post(), get(), update(), delete() get(path, params=none, headers=none, auth=none, response_class=none) o path path for the request, with or without leading slash o params dict to be encoded as a query string o headers dict of HTTP headers to add to the request o response_class class response object, overrides the client s default_response_class o Returns: GlobusHTTPResponse object 10

TransferClient higher-level calls One method for each API resource and HTTP verb Largely direct mapping to REST API endpoint_search(filter_fulltext=none, filter_scope=none, num_results=25, **params) 11

Walkthrough Jupyter Notebook with our Hub https://jupyter.demo.globus.org Sign in with Globus Verify the consents Start My Server (this will take about a minute) Open folder: globus-jupyter-notebooks Open folder: globusworld2018 Run SDK_autoAuth.ipynb If you mess it up and want to go back to the beginning Back down to the root folder Run NotebookPuller.ipynb If you want to use the notebook outside of our hub https://github.com/globus/globus-jupyter-notebooks Autentication is a manual cut and paste of exchanging the authorization code for an access token 12

Endpoint Search Plain text search for endpoint Searches owner, display name, keywords, description, organization, department Full word and prefix match Limit search to pre-defined scopes all, my-endpoints, recently-used, in-use, sharedby-me, shared-with-me Returns: List of endpoint documents 13

Endpoint Management Get endpoint (by id) Update endpoint Create & delete (shared) endpoints Manage endpoint servers 14

Endpoint Activation Activating endpoint means binding a credential to an endpoint for login Globus Connect Server endpoint that have MyProxy or MyProxy OAuth identity provider require login via web Auto-activate Globus Connect Personal and Shared endpoints use Globusprovided credential Must auto-activate before any API calls to endpoints 15

File operations List directory contents (ls) Make directory (mkdir) Rename Note: Path encoding & UTF gotchas Don t forget to auto-activate first 16

Task submission Asynchronous operations Transfer o Sync level option Delete Get submission_id, followed by submit Once and only once submission 17

Task management Get task by id Get task_list Update task by id (label, deadline) Cancel task by id Get event list for task Get task pause info 18

Bookmarks Get list of bookmarks Create bookmark Get bookmark by id Update bookmark Delete bookmark by id Cannot perform other operations directly on bookmarks Requires client-side resolution 19

Shared endpoints and access rules (ACL) Shared Endpoint create / delete / get info / get list Administrator role required to delegate access managers Access manager role required to manage permissions/acl Operations: Get list of access rules Get access rule by id Create access rule Update access rule Delete access rule 20

Management API Allow endpoint administrators to monitor and manage all tasks with endpoint Task API is essentially the same as for users Information limited to what they could see locally Cancel tasks Pause rules 21

Globus Helper Pages Globus pages designed for use by your web apps Browse Endpoint Activate Endpoint Select Group Manage Identities Manage Consents Logout docs.globus.org/api/helper-pages 22

Example Modern Research Data Portal https://docs.globus.org/modern-research-data-portal/

Modern data apps leverage the Science DMZ Border Router perfsonar Firewall WAN Enterprise perfsonar Data Path Browsing path Query path 10GE perfsonar Science DMZ Switch/Router Portal server applications: web server search database authentication Portal Server 10GE Data Transfer Path Portal Query/Browse Path 10GE 10GE 10GE DTN DTN DTN 10GE 10GE 10GE 10GE Filesystem (data store) DTN API DTNs (data access governed by portal) fasterdata.es.net/ 24

Globus PaaS developer resources Python SDK Jupyter Notebook docs.globus.org/api Sample Application github.com/globus

Support resources Globus documentation: docs.globus.org Helpdesk and issue escalation: support@globus.org Customer engagement team Globus professional services team Assist with portal/gateway/app architecture and design Develop custom applications that leverage the Globus platform Advise on customized deployment and integration scenarios

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback