EUDAT: Towards a pan-European Collaborative Data Infrastructure Federated Identity Management and Access Control Mark van de Sanden SARA, The Netherlands Terena VAMP workshop Utrecht, 6-7 September 2012
Outline • Project • Core Services • AAI Use Case 2
3
Data centers and Communities 4
5
6
7
8
9
Communities and Data Centers What are the basic basic requirements? Which common services are needed? 10
Dynamic replication to HPC workspace for processing 11
How Services are Shared? Service SR DR MD SSS PID AAI Community CLARIN X X + X X + ENES X X X X + EPOS EPOS X X X X X X X X VPH X X X X LifeWatch X X + X + + NB: “X”= this service is relevant to this community, “+“ = this community has interest in this service but at a later stage or has a similar service already running in production. 12
Example Use Case Objective : Enable communities to perform (HPC) computations on the replicated data EPOS Key benefits: Access to large computing facilities CINECA 2 Description : 1 This service will allow the EUDAT HPC EUDAT Community Facility Storage Storage communities to dynamically replicate subsets of their data stored in EUDAT to HPC machine workspaces for 3 processing. processing. 3 Differences with the safe replication scenario: PID SARA PRACE � replicated data are discarded when the analysis application ends; 4 2 � Persistent Identifier (PID) references are not applied to HPC HPC EUDAT Facility Facility replicated data into HPC workspaces; Storage � Users initiate the process of replicating data while in the safe replication scenario data are replicated automatically on a policy basis. Technologies: GridFTP, Griffin, gTransfer, Globus Online, iRODS 13
EUDAT AAI Use Case EUDAT is one of the first multi scientific domain project to tackle the data deluge Objective: Provide common data services with a working AAI system in a federated scenario Have to work with many different identity domains : community domains, federated NRENs, e-infrastucture (EGI, PRACE, eduGAIN), local Institutions, OpenID providers, … Potential user base ranges from the current core communities (>10k) to all scientists in EU and beyond. Technologies : Oauth2, OpenID, RADIUS, SAML2, X.509, XACML, etc. Access via Web based, command line, portals and/or via workflows while maintaining access rights and uphold trust and privacy Partners and communities are from across EU countries, have to coop with differences in legislation 14
EUDAT Approach Make use of existing solutions, services and policy frameworks, avoid setting up your own AAI. Distinguish between IdP and AtP providers, whereas AtP are preferably managed by communities. Make use of Credential Conversion or Security Make use of Credential Conversion or Security Token Service technologies, evaluating Contrail, EMI STS and GEMBUS STS Limit the technologies with which the data centers have to coop with, piloting with Shibbolizing services Integration with Community Portals and evaluating the use of Short Lived Certificates . What about homeless and citizen scientists? 15
sanden@sara.nl 16
Recommend
More recommend