A AAAA Model to Support Science Gateways with

A AAAA Model to Support Science Gateways with Community Accounts GGF-14 Science Gateways Workshop June 28, 2005 Von Welch, James Barlow, James Basney, Doru Marcusiu 6/28/2005 GSI Credential Management AAAA Science Gateway Model

AAAA Model • • Authentication Authorization Auditing Accounting 6/28/2005 GSI Credential Management AAAA Science Gateway Model 2

Outline • Motivation – Traditional AAAA Computing Model • Proposed AAAA Model • Current work and Future Challenges 6/28/2005 GSI Credential Management AAAA Science Gateway Model 3

Traditional AAAA Model • All user have accounts at each site/resource – Nx. N matrix • Users access resources through lowlevel interfaces – E. g. Unix Shells, FTP session • Resource takes care of all the A’s 6/28/2005 GSI Credential Management AAAA Science Gateway Model 4

Traditional HPC Usage A U T H n % ls % foo Audit Accounting OS (Authz) 6/28/2005 GSI Credential Management AAAA Science Gateway Model 5

Traditional HPC Usage % ls % foo 6/28/2005 % ls % foo GSI Credential Management AAAA Science Gateway Model % ls % foo 6

Motivation • Shell-level access to resources is great for power users, but has steep learning curve – Many SG users just need domain-specific interface, e. g. they are not developing or deploying application codes • Each resource/site has to maintain state about every user – Scalability problems for large/dynamic user communities • No abstraction - users must adapt to all changes in resources 6/28/2005 GSI Credential Management AAAA Science Gateway Model 7

Our AAAA Model • SG acts as a interface between the community and its resources • Much like a traditional ‘Grid Portal’, it provides a domain-specific interface • However, unlike portals, it exists as a trusted entity in its own right, allowing the resource to “outsource” AAAA functionality to the SG • Resources runs all commands in a community account, which constrains what community can do - account can be constrained to a few community applications 6/28/2005 GSI Credential Management AAAA Science Gateway Model 8

Conceptual Model % ls % foo 6/28/2005 GSI Credential Management AAAA Science Gateway Model 9

Goals of Model • Model is primarily about how one splits the AAAA responsibility between the SG and the resource • In general, resource must trust the SG to some degree to provide this functionality in exchange for offload of effort 6/28/2005 GSI Credential Management AAAA Science Gateway Model 10

Authentication and Authorization • Two Modes: Simple and Authorization Credential • Both allow SG to manage user community • Authorization Credentials is more complex to deploy, but provides more information to resource 6/28/2005 GSI Credential Management AAAA Science Gateway Model 11

Simple Auth[nz] Model Authn % ls % foo • Authentication becomes the role of the SG – Users known only to the SG • Resource trusts SG to do authentication • SG authenticates to resource with its own credential • Portal enforces authorization by constraining what actions user can perform 6/28/2005 GSI Credential Management AAAA Science Gateway Model 12

Authz Credential Model Authn % ls % foo Authz Cred • Authentication still role of the SG – Users known only to the SG • SG augments user credentials with authz credentials – E. g. CAS, GAMA, Shibboleth, IU LEAD work • Resource trusts SG to do authentication and authz credentials from SG – Doesn’t know user, but trusts what SG says about user • Resource knows user “identifier” (may not be that useful, more later) 6/28/2005 GSI Credential Management AAAA Science Gateway Model 13

Auditing Model % ls % foo Auditing • Site still keeps details of what each job does • Site have want to contact user – Suspicious activity, job running amuck • SG is only way to map a particular job to a user • SG has all the contact information for the user • Resource may know user identifier, but needs contact information only in SG user database 6/28/2005 GSI Credential Management AAAA Science Gateway Model 14

Accounting Model % ls % foo Accounting • Site has all the details of what resources each job consumes – May know user who launched them (in authz cred mode) • SG needs this information – For reporting, authorization, catch mistakes • Need a mechanism to allow resource to report back to SG regularly – And allow SG to make usage back to a job back to a user 6/28/2005 GSI Credential Management AAAA Science Gateway Model 15

Outstanding Challenges • How to identify a job between SG and resource? – “/bin/foo run at 15: 38: 13 (my time)” not very accurate • Standard template for resource/SG agreement – Akin to certificate policy • Acceptance of group accounts – Convince folks its ok to outsource 6/28/2005 GSI Credential Management AAAA Science Gateway Model 16

Outstanding Challenges (cont) • Restricted accounts – Cookbook to restrict account to certain applications • Sandboxing of users from each others • Community administrators – Those who set up group account 6/28/2005 GSI Credential Management AAAA Science Gateway Model 17

The obligatory last slide… • NCSA is working on real-world deployment with Grid. Chem community • Acknowledgements to the Tera. Grid Science Gateway RAT and all the interviewed Portals • Complaints to vwelch@ncsa. uiuc. edu 6/28/2005 GSI Credential Management AAAA Science Gateway Model 18