design and i m plem entation of geo grid design and i m
play

Design and I m plem entation of GEO Grid Design and I m plem - PowerPoint PPT Presentation

www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1 www.geogrid.org W hat is the


  1. www.geogrid.org Design and I m plem entation of GEO Grid Design and I m plem entation of GEO Grid Security Security Yoshio Tanaka National Institute of Advanced Industrial Science and Technology (AIST) Japan 1

  2. www.geogrid.org W hat is the GEO Grid ? W hat is the GEO Grid ? The GEO (Global Earth Observation) Grid is aiming at providing an E-Science Infrastructure for worldwide Earth Sciences communities to accelerate GEO sciences based on the concept that relevant data and computation are virtually integrated with a certain access control and ease-of-use interface those are enabled by a set of Grid and Web service technologies. AIST: OGF Gold sponsor (a founding member) AIST: OGC Associate member (since 2007) Satellite Data Satellite Data Grid Grid Geology Geology Technologies Technologies Map Map Geo* Contents Applications GIS data GIS data Environment Environment Resources Resources Disaster Field data Disaster Field data mitigation mitigation 2

  3. www.geogrid.org GEO Grid Disaster Applications Land slides, flood mitigation Environment Global warming, CO 2 flux estimation monitoring Natural resource Oil, Gas exploration Full L0 ASTER on disk Contents Satellite Imagery MODIS on disk (East Asia) Geology archives Japan, SE Asia Sensors AsiaFlux, Field server Security, data access, service IT Software registry, resource mgmt., Weg GIS, Infrastructure Workflow, U/I Portal, etc. Storage, Servers Hardware Cluster computers 3

  4. www.geogrid.org A W orkflow exam ple “ “Disaster prevention and Disaster prevention and A W orkflow exam ple m itigation ( Volcano) ” ” m itigation ( Volcano) Monitoring of crustal In-situ observations Hazard Map for deformation by PALSAR e.g. growth of a lava dome Evacuation planning PALSAR ASTER Simulation of lava and/ or High resolution DEM pyroclastic flow on GEO Grid provided from ASTER 4

  5. www.geogrid.org Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure Size scalability in near-real-time data handling and distribution Need to manage hundreds tera-bytes to peta-byte of data. Such data will be made available with minimum time delay and at minimum cost. Handling wide diversification of data types, associated metadata, products and services. Research communities wish to integrate various data according to their interests. IT infrastructure must support the creation of user groups which represent various types of virtual research/ business communities Federation of distributed and heterogeneous data resources which is shared in such communities 5

  6. www.geogrid.org Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure ( cont ’ ’d) d) ( cont Respecting data owner’s publication policies Some data are not freely accessible. E.g. commercial data. IT infrastructure must provide a security infrastructure which supports flexible publication policies for both data and computing service providers. Smooth interaction and loose coupling between data services and computing services A desirable IT architectural style would achieve loose coupling among interacting software agents to allow users both to create services independently, and to produce new application from them. IT infrastructure must support sharing, coordination, and configuration of environments for application programs and resources, depending on the user’s requirements. 6

  7. www.geogrid.org Functional requirem ents for the I T infrastructure Functional requirem ents for the I T infrastructure ( cont ’ ’d) d) ( cont Ease of use End users should be able to access data and computing resources without the burden of installing special software and taking care of security issues (e.g. certificate mgmt.). Data and service providers should be able to easily make their resources available as services with desired access control. Administrators and leaders of communities should be able to create virtual communities easily by configuring appropriate access control. We must provide an ease-of-use framework for publishing services and user interfaces. 7

  8. www.geogrid.org Design Policy Design Policy Introduces a concept of VO (Virtual Organization) Data and computation are provided as “services” via standard protocols and APIs. A VO is created dynamically by integrating available services and resources according to the interests and requirements of the VO. User-level Authentication and VO-level Authorization User’s right is managed (assigned) by an administrator of his belonging VO. Access control to a service is configured by the service provider according to the publication policy. There are some options of the access control VO-level, Group/ Role-based, User-level, etc. Scalable architecture for the number of users. 8

  9. 9 www.geogrid.org Overview and usage m odel of the GEO Grid Overview and usage m odel of the GEO Grid system system

  10. www.geogrid.org Key Technologies: GSI and VOMS Key Technologies: GSI and VOMS Grid Security Infrastructure (GSI) is standard security technology used in the current Grid communities. Based on Public Key Infrastructure (PKI) and X.509 Certificates. Virtual Organization Membership Services (VOMS) is a software for creating/ managing VOs. Developed by European Communities Based on GSI End users of GEO Grid may not be required to understand GSI, VOMS, etc, but project (VO) admin should understand these technologies correctly. 10

  11. www.geogrid.org Overview and usage m odel of the GEO Grid Overview and usage m odel of the GEO Grid system system User-level Authentication and VO-level Authorization User’s right is managed (assigned) by an administrator of his belonging VO. Access control to a service is configured by the service provider according to the publication policy. There are some options of the access control VO-level, Group/ Role-based, User-level, etc. Scalable architecture for the number of users. 11

  12. www.geogrid.org GAMA account Account User A creation DB GEO Grid Portal w/o certificate login by GEO Grid CA Admin username / CA MyProxy password X.509 long-lived certificates B B A A User B credential A B B A login by repository w/ certificate X.509 proxy certificate certificates anonymous A A B B login X.509 proxy Anonymous User certificates VOMS VOMS w/ VOMS attributes server server request Project GridMapAuthZ Admin PDP Decision Data / Computation BlackList request PDP Service PEP Decision Service WhiteList Result Provider PDP Access Control by Account Mapping VOMS • All members are mapped to a single account PDP • Users are mapped to local account based on Data / groups (and role) Computation • Users are mapped to pool account based on PDP #n groups (and role) PDPs 12

  13. www.geogrid.org GAMA architecture GAMA architecture gama create user CACL AXIS Web Services gridportlets DB DB MyProxy GridSphere wrapper import user retrieve CAS Servlet container credential Java keystore Java keystore … Portal server 1 retrieve Portal server 2 credential Servlet container Java keystore Java keystore GAMA server Stand-alone applications 13

  14. www.geogrid.org Portal v.s v.s. Accounts . Accounts v.s v.s. VO . VO Portal VO portal VO (gridsphere) (VOMS) Account Portal Account DB (gridsphere) (GAMA) VO portal VO (gridsphere) (VOMS) 14

  15. www.geogrid.org Current status of evaluation, integration, and Current status of evaluation, integration, and developm ents developm ents Deployed and tested GAMA, VOMS server Pre-WS GRAM w/ VOMS WS GRAM w/ VOMS GridFTP w/ VOMS Apache w/ VOMS OGSA-DAI w/ VOMS Authorization using VOMS Different levels of AuthZ VO, Group, Role, User Different method for account mapping Single account, pool account, account for individual user Developed two functions for integrating GAMA and VOMS GAMA Portal accesses VOMRS (VO Management Registration Service) to register a new user with the VO when the account is activated. GAMA Portal generate a VOMS proxy from a proxy credential from the MyProxy server. Credential Portlet 15

  16. www.geogrid.org login Terra/ASTER Account user DB account (GAMA) server TDRS VO DB credential VO (VOMS) server APAN/TransPAC portal server GET exec query GSI + ERSDIS/NASA VOMS GSI + VOMS GSI + VOMS OGSA CSW WFS WCS WMS GRAM GridFTP DAI GIS map catalogue/ gateway GEO Grid Cluster server server metadata server server L0 L0 L0 L0 L0 L0 L0 L0 Data Maps Meta data Storage L0 L0 L0 L0 (DEM) 16

  17. www.geogrid.org Dem o Environm ents - - SI MS ( ASTER+ MODI S+ Form sat2 ) SI MS ( ASTER+ MODI S+ Form sat2 ) Dem o Environm ents SIMS portlet Java Program - query data Integration Framework AIST - create web page which with OGSA-DAI shows thumbnail images OGSA-DAI Client SQL SQL SQL SQL SQL Application Globus VOMS VOMS VOMS VOMS Globus OGSA- Server OGSA- OGSA- DAI DAI DAI SQL SQL w/ JDBC w/ JDBC Database Server Database Server (Sybase) (PostgreSQL) NSPO@TW AIST@JP FORMOSAT-2 ASTER MODIS 17

  18. 18 www.geogrid.org

Recommend


More recommend