dyvose status report dr richard sinnott technical director national e-science centre ||| deputy...
TRANSCRIPT
DyVOSEStatus Report
Dr Richard SinnottTechnical Director National e-Science Centre
||| Deputy Director Technical Bioinformatics
Research Centre University of Glasgow
[email protected] NeSC Review
11th October 2004
Overview
The teamReview goals of DyVOSE project
Brief summary of technical approach
Outline achievements thus farPlans for the future
Project Participants
Dynamic Virtual Organisations in e-Science Education (DyVOSE) team
Principal Investigators Dr Richard Sinnott (NeSC Glasgow) Prof David Chadwick (Salford)
Developers Dr John Watt (NeSC Glasgow) Dr Sassa Otenko (Salford) Mr Tuan Anh Nguyen (Salford)
Other Key People Involved Dr David Berry (NeSC Edinburgh) Dr Sandy Shaw (EDINA)
Dynamic Virtual Organisations for e-Science Education (DyVOSE) project
Two year project started 1st May 2004 funded by JISCExploring advanced authorisation infrastructures for security in context of education
University of Salford provide authorisation software (PERMIS) and security expertise
Applied in Grid Computing module part of advanced MSc at the University of Glasgow
– Will provide insight into rolling out authorisation infrastructures/Grid to the masses
– Exploration of current state of the art in authorisation infrastructures
– Second phase of work will involve NeSC Edinburgh/EDINA– Extensions to the existing PERMIS infrastructure to provide
dynamic delegation of authority and recognition of authority
DyVOSE Overview
Phase 1Looking at applying existing PERMIS technology to establish static Privilege Management Infrastructure at GU
DyVOSE Workplan
ScotGrid
Authorisation decisions
Authorisation checks
PERMIS based authorisation
Education
VO policies
GU Condor pool
Other (known!) Grid resources
Phase 1 DeliverablesD1.1 Design of Educational Case StudiesD1.2 Installation of Software Infrastructure for Static Delegation Based PMID1.3 Detailed Design for Dynamic Delegation and Recognition of Authority
Development of course material Including 20 lectures, 10 tutorials, 3 problem sets, 1 (large ~30hr)
programming assignment To be taught by
– Richard Sinnott – Colin Perkins – John Watt – one lecture by Seamus Ross (National Digital Curation Centre)
DyVOSE Phase 1
Module OutlineWeek 1 Lecture 1 Introduction to Grid Computing
Lecture 2 Scalability and Heterogeneity Aspects of Grid
Week 2 Tutorial 1 Discussion of Seminal Grid Papers
Lecture 3 Open Standards and Architectures
Lecture 4 Implementations of the Grid Architecture
Week 3 Lecture 5 Resource Discovery/Information Services
Lecture 6 Web and Grid Services
Tutorial 2 GT3 Lab work
Week 4 Lecture 7 Grid Security Concepts
Lecture 8 Virtual Organizations
Lecture 9 Security in Practice
Week 5 Tutorial 3 Lab work investigating Grid Security implementations
Lecture 10 Job Scheduling and Management - Theory
Lecture 11 Job Scheduling and Management - Practice
Week 6 Tutorial 4 Discussion of Job Scheduling Papers
Lecture 12 Workflow Management
Tutorial 5 Q&A on Programming Assignment
Taught today
Module Outline …ctdWeek 7 Lecture 13 Data Access, Integration and Management
Lecture 14 Data Provenance and Curation*
Tutorial 6 Discussion of Data Management/Provenance
Week 8 Lecture 15 Data Transfer
Lecture 16 Peer-to-Peer Communication
Tutorial 7 Discussion of Networking Papers
Week 9 Lecture 17 Tools for Collaboration
Tutorial 8 Discussion on the Future of Grid Computing
Lecture 18 The Future of Grid Computing
Week 10 Lecture 19 Sample Applications
Lecture 20 Review of Major Concepts
Tutorial 9 Q & A
* Given by Seamus Ross (DCC at Glasgow)
Current PERMIS based PMI approach
PERMIS allows toDefine roles for who can do what on what
Policy = { Role x Target x Action }– Can user X invoke service Y and access or change data Z?
» Policies created with PERMIS PolicyEditor (output is XML file)
PERMIS based Authorisation
PERMIS based Authorisation ...ctd
PERMIS Privilege Allocator then used to associate roles with specific users
Signed policies are stored as attribute certificates in LDAP server
Exploiting the GGF AuthZ specification Generic way to authorise access to Grid services using SAML
callouts– Based on GT3.3 – PERMIS
» Grid service (WSDD) has policy information associated with it» DN of clients, target and actions checked when attempts made
to invoke services BRIDGES and DyVOSE only projects exploiting this API right now
(Von Welch at AHM 2004)
Phase 2 D2.1 Report on Practical Experiences and Best Practices in Static
Delegation Based PMI D2.2 Software implementing Dynamic Delegation and Authority
Recognition in PERMIS
Phase 3 D3.1 User Manuals and Administrator Guides on Using and Setting
up and Managing Dynamic Delegation Infrastructures D3.2 Report on Practical Experiences in Using Dynamic Delegation
Infrastructures as Part of e-Science Education D 3.3 NMI release of PERMIS that supports dynamic Delegation and
Recognition of Authority
DyVOSE Phase 2 and 3
DyVOSE Phase 2/3
ScotGrid
PERMIS based Authorisation
checks/decisions
Glasgow Education
VO policies
Condor pool
Edinburgh Education VO policies
Shibboleth
Blue Dwarf
Glasgow Edinburgh
Dynamically established VO resources/users
Delegated VO policies
Majority of lecture materials completedFirst lecture had over 50 students
Clear demand for Grid education/teaching materials!!!
Assignment/case study defined exploring authorisation infrastructure (and GT3.3/Condor)
Infrastructure established in NeSC Glasgow training laboratory
Initial design of dynamic PMI complete
Input to wider UK security requirements document(Being drafted by Howard Chivers)
Work Progress
Wrestling with GT3.3 and PERMIS integrationSome delays due to version issues with GT3.3
Basic authorisation complete but more complex authorisation aspects being investigated
Complexity of assignment issues?
Continued feedback on PERMIS tools Policy editor refinements
– Numerous discussions/meetings with Salford team on sorting out PERMIS-GT3.3 issues
Building on experiences of MSc of Anthony Stell (NeSC ETF Grid engineer) comparing different authorisation infrastructures
Work Progress …ctd
Achievements
Web site establishedhttp://www.nesc.ac.uk/hub/projects/dyvose
Poster at JISC meeting in Brighton
Poster at AHM 2004 in Nottingham
Course materials nearing completionProvided to EGEE training team
Future plans
Attendance at JISC Shibboleth training course
Feed experiences into wider Grid community (ETF AAA work)
Continued input to wider security requirements/scenario documents (and to STF?)
Applying experiences in other projects (VOTES)
Course materials to be presented at e-Science Education workshop at NeSC 1-2 November
Conduit for information from JISC Core Middleware projects and wider UK e-Science activities
Questions?