Erik Vullings - Grid Computing at NCSA
advertisement
Platforms for Collaboration – Plus brief update from Australia – 9-11-2006 My condolences Dr. Erik Vullings MAMS Project Macquarie University’s E-Learning Centre of Excellence (MELCOE) Erik.Vullings@mq.edu.au Skype name: Erik_Vullings 3/22/2016 1 META ACCESS MANAGEMENT SYSTEM Contents Brief update on AU-Federation status Mini-grant projects User privacy mgmt via Autograph Shibbolized IM: ShibJIM Platform for Collaboration: A Virtual Organization (similar to myVocs) Based on Shibbolized GridSphere & MyProxy With cross-federation IdP manager, SP manager and workspace support… 3/22/2016 2 META ACCESS MANAGEMENT SYSTEM MAMS $40k-Grant Program (Federation status: 600,000 Shibboleth Identities, 20%HE) Round 1 (Feb 2006): AARNet: IdP, Wiki SP, Gnomic DB ATN IdP, eGrad School SP IdP, Fez (Fedora GUI) SP USYD IdP, Sensor data SP IdP, IAM suite SP Murdoch & MQ: IdP, IAM suite (LIGO) Monash IdP, SRB & Plone Melbourne: IdP, e-Lectures JCU: QU QUT: IdP, ENUM SP Griffith: Round 2 (Jul 2006): Deakin: IdP, Online Librarian WAGUL: 5 IdP, reciprocal borrowing 3/22/2016 3 META ACCESS MANAGEMENT SYSTEM Privacy Management with Autograph Control what’s on your SAML assertion… SP uses SAML handle to retrieve user attributes Service Provider Identity Provider 3/22/2016 4 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level – 3/22/2016 5 META ACCESS MANAGEMENT SYSTEM Different cards open different doors – Services & Service Level – 3/22/2016 6 META ACCESS MANAGEMENT SYSTEM Adding Personal Attributes Other examples: Accessibility info (colorblind, blind), Skype user name, IM account name, etc. 3/22/2016 7 META ACCESS MANAGEMENT SYSTEM IAM Suite – [I AM Suite] Prototyping a PfC – “All research projects are different, but most project infrastructures are more equal than not” All projects require: Collaboration between project members Collaboration with external people Dissemination of research results AuthN & AuthZ (what’s public, what’s not) 3/22/2016 12 META ACCESS MANAGEMENT SYSTEM IAM Suite – [I AM Suite] Prototyping a PfC – Scope: A toolkit for eResearch Projects and Dept., wishing to leverage Federated ID for accessing data, resources and generic collaboration tools over the grid, but excl. research-specific tools. Installation: Similar to ISP that hosts your CMS, forum etc.: Tick the box and you are ready to run… 3/22/2016 13 META ACCESS MANAGEMENT SYSTEM Possible Middleware HE Infrastructure for Collaboration Federation Services Federation Level WAYF Institutions Level Virtual Org. Level (intra-institution, eResearch project) <<SP>> <<SP>> MyProxy server CA? IdP1@UQ IdP2@UTS <<SP>> <<SP>> IR VO Portal GTK: Grid MyProxy Client GTK: HPC Gateway (CTS) … … VO IdP GTK: Store 3/22/2016 IdPn@MQ <<SP>> CMS SP: Forum SP: Wiki SP: CMS 14 META ACCESS MANAGEMENT SYSTEM IAM Suite Federation Receive assertions AFS adaptor Federation SP Fedora (internal or external, e.g. IR) VO-WAYF GridSphere VO-IdP GroupModule ShARPE AuthN IM Autograph Contains VO group attributes for RBAC. FedoraWeb MyProxy GTK GTK Storage Cluster GTK Specific tools GTK Presence PeoplePicker Calendar AuthZ Mgnr Equipm. 3/22/2016 VO-SP VO-SP Forum Wiki VO-SP VO-SP LMS Etc. 15 META ACCESS MANAGEMENT SYSTEM FLASH DEMO IAM SUITE Shib login to GS via VO-WAYF 1. admin adds Wiki service and tests it Create a group Add a resource and service to a group 2. 3. TBD authN source (none, IdP, VO-IdP, cert) Workspace (virtual room): 4. Create workspace & roles, add VO members, services, and resources… 3/22/2016 21 META ACCESS MANAGEMENT SYSTEM
