Скачать презентацию Middleware Support for Virtual Organizations Internet 2 Fall Скачать презентацию Middleware Support for Virtual Organizations Internet 2 Fall

c9ae4a50852bd302ab3d3270b1be6190.ppt

  • Количество слайдов: 15

Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Middleware Support for Virtual Organizations Internet 2 Fall 2006 Member Meeting Chicago, Illinois Stephen Langella [email protected] osu. edu Department of Biomedical Informatics Ohio State University

National Cancer Institute’s 2015 Goal “Relieve suffering and death due to cancer by the National Cancer Institute’s 2015 Goal “Relieve suffering and death due to cancer by the year 2015” § Need: Enable investigators to leverage their joint expertise in order to meet NCI 2015 Goal. § Strategy: Create scalable, actively managed organization connecting members of the NCIsupported cancer enterprise by building a Biomedical Informatics Grid

Cancer Biomedical Informatics Grid (ca. BIGTM) The cancer Biomedical Informatics Grid (ca. BIG™), is Cancer Biomedical Informatics Grid (ca. BIGTM) The cancer Biomedical Informatics Grid (ca. BIG™), is a voluntary network or grid connecting individuals and institutions to enable the sharing of data and tools, creating a World Wide Web of cancer research. The goal is to speed the delivery of innovative approaches for the prevention and treatment of cancer. The infrastructure and tools created by ca. BIG™ also have broad utility outside the cancer community. § § National Cancer Institute Initiative Over 800 Participants Over 80 Organizations Over 70 Projects

VO Related Security Issues § Identity / User Provisioning § Hundreds of organizations, Tens VO Related Security Issues § Identity / User Provisioning § Hundreds of organizations, Tens of thousands of users. § Varying levels of Identity Management from Institution to Institution. § How do we assign Identity to users, how do we provision user accounts? § Who should assert the identity for a given user? § Trust - How do we decide who to trust? § § § Credential Providers Certificate Authorities Attribute Authorities Group Authorities Other digital signers

VO Related Security Issues § Authorization § How do we create, manage, and provision VO Related Security Issues § Authorization § How do we create, manage, and provision groups of users/services at the grid level, such that we can build access control policy based on group membership? § How can we share access control policy across the grid? § How can we leverage institution maintained attributes?

ca. Grid § Grid Infrastructure for ca. BIG § Focuses on providing middleware for ca. Grid § Grid Infrastructure for ca. BIG § Focuses on providing middleware for enabling the interoperability between ca. BIG applications. § Open Source Reusable Components § ca. Grid Components § § § § Grid Service Graphical Development Toolkit (Introduce) Metadata / Semantic Services Advertisement and Discovery Data Service Infrastructure Analytical Service Infrastructure Identifiers Workflow Security

GAARDS § Grid Authentication and Authorization with Reliably Distributed Services (GAARDS) § The GAARDS GAARDS § Grid Authentication and Authorization with Reliably Distributed Services (GAARDS) § The GAARDS Security Infrastructure provides services and tools for the administration and enforcement of security policy in an enterprise Grid. § Developed on top of the Globus Toolkit § Extends the Grid Security Infrastructure (GSI) § Provide enterprise services and administrative tools for: § § § Grid User Management Identity Federation Trust management Group/VO management Access Control Policy management and enforcement § Integration between existing security domains and the grid security domain. § Security Infrastructure for the Cancer Biomedical Informatics Grid (ca. BIG TM)

GAARDS Services § Dorian § § § Grid Trust Service (GTS) § § Grid GAARDS Services § Dorian § § § Grid Trust Service (GTS) § § Grid User Account Management Integration point between external security domains and the grid. Allows accounts managed in external domains to be federated and managed in the grid. Dorian allows users to use their existing credentials (external to the grid) to authenticate to the grid Creation and Management of a federated trust fabric. Supports applications and services in deciding whether or not signers of digital credentials/user attributes can be trusted. Supports the provisioning of trusted certificate authorities and corresponding CRLS. Grid Grouper § § § Group management service for the grid Provides a group-based authorization solution for the Grid Enforce authorization policy based on membership to groups

Dorian – Grid User Management § Grid User Account Management § § § Identity Dorian – Grid User Management § Grid User Account Management § § § Identity Management and Federation § § § Administrative interface for account provisioning and management. Built in Certificate Authority Manages Grid Credentials for each user. Enables users to authenticate and create grid proxies, which they may use to access the grid. Integration point between external security domains and the grid. User may use existing credentials to obtain a grid proxy. User’s authenticate to Id. P, obtain a SAML assertion (proof) which is then given to Dorian to facilitate the creation of a grid proxy. Automated Account Creation and Provisioning Complete WSRF Compliant Grid Service § Can be accessed and administered over the grid. § Complete Administrative UI § Manage all aspects of Dorian Addresses Identity Management and User Provisioning Issues

Grid Trust Service (GTS) § The Grid Trust Service (GTS) is a federated grid Grid Trust Service (GTS) § The Grid Trust Service (GTS) is a federated grid infrastructure enabling the provisioning and management of a grid trust fabric. § GTS Features Trust Group B Trust Group C Trust Group A § Provisioning of Trust Roots § CA certificates and CRLs § Administration of Trust Levels § CAs may be grouped and discovered by the level of trust that is acceptable to the consumer. § Facilitates the curation of numerous independent trust overlays across the same physical Grid. § Validation Service, which allows for the centralized enforcement of certificate verification and validation policies. § Administrative UI for administrating the trust fabric. Addresses Trust Related Issues Trust Group D

Grid Grouper § § Grid Grouper provides a group based authorization solution for the Grid Grouper § § Grid Grouper provides a group based authorization solution for the grid. Groups are defined and managed at the grid level. Grid services/applications enforce authorization policy based on membership to groups. Built on top of Grouper § § § Grid enables Grouper, WSRF Compliant Web service. Grid Grouper Object Model § § § Internet 2 initiative. Java API for accessing and managing groups over the grid. Similar to Grouper’s Object Model Grid Grouper Admin UI Addresses Authorization Related Issues

ca. Grid / GAARDS Status § Release Schedule § Beta Release was Summer 2006 ca. Grid / GAARDS Status § Release Schedule § Beta Release was Summer 2006 § Official Release December 15, 2006 § Focus on Quality § Automated Continuous and Nightly Builds and Unit, System, and Integration Testing § “Quality at a glance” dashboards and archive of all build and test results § Giving Back to the Community § GAARDS is a Globus Incubator Project § More Information § ca. BIG § https: //cabig. nci. nih. gov/ § ca. Grid § http: //gforge. nci. nih. gov/projects/cagrid-1 -0/ § GAARDS Globus Project § Information to be posted shortly after release § http: //dev. globus. org/wiki/Incubator/GAARDS

GAARDS Team § Ohio State University § § § Stephen Langella Shannon Hastings Scott GAARDS Team § Ohio State University § § § Stephen Langella Shannon Hastings Scott Oster David Ervin Tahsin Kurc Joel Saltz § NCICB § Avinash Shanbhag § Argonne National Labs § Frank Siebenlist § Semantic Bits § Joshua Phillips § Vinay Kumar § Booze Allen Hamilton § Arumani Manisundaram

Special Thanks § § § ca. BIGTM Internet 2 Grouper Team Tom Barton, University Special Thanks § § § ca. BIGTM Internet 2 Grouper Team Tom Barton, University at Chicago Frank Manion, Fox Chase

Questions? Questions?