1 1 1 how grid security works in geo sciences n. yamamoto, y. tanaka, i. kojima, s. sekiguchi aist...
TRANSCRIPT
![Page 1: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/1.jpg)
1
1
http://www.geogrid.org/
www.geogrid.org
1
How Grid Security works How Grid Security works in GEO Sciencesin GEO Sciences
N. Yamamoto, Y. Tanaka, I. Kojima, S. SekiguchiAIST
Oct. 28, 2009 GEO Workshop / PRAGMA17Hanoi
![Page 2: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/2.jpg)
22
http://www.geogrid.org
2
What is Grid SecurityWhat is Grid Security
Who am I? / Who are they?Grid Security Infrastructure (GSI)
What can I do? / What can they do?Virtual Organization Membership Service (VOMS)
![Page 3: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/3.jpg)
33
http://www.geogrid.org
3
GEO Grid VO DesignGEO Grid VO Design
Identity
![Page 4: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/4.jpg)
44
http://www.geogrid.org
4
RequirementsRequirements
Credential Management:Non-secure users often manage their private keys for PKI / GSI credentials without careful planning.
Authentication methods:Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc.
Portal Development:Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc.
![Page 5: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/5.jpg)
55
http://www.geogrid.org
5
Tsukuba-GAMATsukuba-GAMA
Tsukuba-GAMA Authentication Flow for PKI / GSITsukuba-GAMA Authentication Flow for PKI / GSI
User
usernameand
password
VOMS
CredentialRepositoryMy Proxy
Repository
Online CA
VO Management
CredentialManagement
OpenID
usercredential
VO Portal
PHP,Perl,
Python, etc...
VOMSProxyCertificate
End EntityCertificate
My Proxy CA
VO attribute
Language Free Portal Development: Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc. Provides Apache, Servlet, and GridSphere authentication modules, in order to support any language.
Credential Management: Non-secure users often manage their private keys for PKI / GSI without careful planning.
Manages user credentials on the server side, instead of leaving it to inexperienced users.
Independencefrom Authentication methods: Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc.
Generates Grid credentials from any method.
Proxy CertificateOUR SOLUTION:OUR SOLUTION:TSUKUBA-GAMATSUKUBA-GAMA
![Page 6: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/6.jpg)
77
http://www.geogrid.org
7
http://www.geogrid.org/
DEMO 1:DEMO 1:TSUKUBA-GAMATSUKUBA-GAMA
LOGIN LOGIN PRAGMA VOPRAGMA VO PORTAL PORTAL(GRIDSPHERE)(GRIDSPHERE)
![Page 7: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/7.jpg)
88
http://www.geogrid.org
8
Demo Environments - loginDemo Environments - login
CredentialRepository
PRAGMA VOMS
PRAGMA VO portalhttp://gfm49.apgrid.org/gridsphere/
USER
vomsproxy cert
2. generategloubsproxy certificate
1. input username and pass of user cert
3. add voms attribute
4. register proxy cert
![Page 8: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/8.jpg)
99
http://www.geogrid.org
9
Identity
Attribute
![Page 9: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/9.jpg)
1010
http://www.geogrid.org
10
http://www.geogrid.org/
DEMO 2:DEMO 2:TSUKUBA-GAMATSUKUBA-GAMA
LOGIN LOGIN TESTVOTESTVO PORTAL PORTAL(GRIDSPHERE)(GRIDSPHERE)
![Page 10: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/10.jpg)
1111
http://www.geogrid.org
11
Same Identity
Different Attribute
![Page 11: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/11.jpg)
1212
http://www.geogrid.org
12
GEO Grid VO DesignGEO Grid VO Design
PRAGMA VO TEST VO
I’m here
![Page 12: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/12.jpg)
1313
http://www.geogrid.org
13
GSI w/ VOMSGSI w/ VOMS
PRAGMA VO Portal(GridSphere,
Perl, PHP, Java etc.)
PRAGMA VO Portal(GridSphere,
Perl, PHP, Java etc.)
TEST VO PortalTEST VO Portal
Credential Repository(MyProxy Repository)Credential Repository(MyProxy Repository)
Online-CA(MyProxy CA)
Online-CA(MyProxy CA)
PRAGMA-VO(VOMS)
PRAGMA-VO(VOMS)
GHZ-VO(VOMS)GHZ-VO(VOMS)
Sign Certificate
VO membermanagement
ShareAccount
![Page 13: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/13.jpg)
1515
http://www.geogrid.org
15
http://www.geogrid.org/
EXAMPLE SCENARIO:EXAMPLE SCENARIO:SATELLITE DATABASE SATELLITE DATABASE
FEDERATIONFEDERATION
![Page 14: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/14.jpg)
1616
http://www.geogrid.org
16
OGSA-DAI
Demo environmentDemo environment
ASTER@Japan
PALSAR@Japan
MODIS@Japan
Formosat2@Taiwan
/PRAGMA/Geo/PRAGMA/Geo/TESTVO /GHZ NONE (FREE)
![Page 15: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/15.jpg)
1717
http://www.geogrid.org
17
http://www.geogrid.org/
DEMO 3: SIMSDEMO 3: SIMSSATELLITE DATABASE SATELLITE DATABASE
FEDERATIONFEDERATION
![Page 16: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/16.jpg)
1818
http://www.geogrid.org
18
Database Server(Sybase)
FORMOSAT-2
Application Server OGSA-
DAI
Globus
SQLw/ JDBC
NSPO@TW
Database Server(PostgreSQL)
ASTER MODIS
OGSA-DAI
SQLw/ JDBC
OGSA-DAI
Globus
AIST@JP
AIST
OGSA-DAI Client
Integration Frameworkwith OGSA-DAI
Java Program
SQ
L
SQ
L
SQL SQL SQL
SIMS portlet - query data - create web page which shows thumbnail images
VOMSVOMS VOMSVOMS
SIMSSIMS
![Page 17: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/17.jpg)
1919
http://www.geogrid.org
19
SIMS – Search ResultsSIMS – Search Results
MODISFORMOSAT-2
ASTER
![Page 18: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/18.jpg)
2020
http://www.geogrid.org
20
http://www.geogrid.org/
DEMO 4:DEMO 4:LANGUAGE FREELANGUAGE FREE
PORTAL DEVELOPMENTPORTAL DEVELOPMENT
![Page 19: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/19.jpg)
2121
http://www.geogrid.org
21
http://www.geogrid.org/
DEMO 4-1:DEMO 4-1:PORTAL DEVELOPMENTPORTAL DEVELOPMENT
(OPENLAYERS)(OPENLAYERS)
![Page 20: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/20.jpg)
2222
http://www.geogrid.org
22
https://portal/OGCProxy?\ URL=https://gridsite/..../service
https://gridsite/..../service
User
ContentsACL: /testvo.geogrid.org/aster
GridSite
VOMS Proxy
VO Name Group
OGCProxyOGCProxy
OGCProxy is a broker portlet
forwarding users' requests to backend OGC services.providing freely development environment of client application.
OGCProxy
![Page 21: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/21.jpg)
2323
http://www.geogrid.org
23
ASTER + Formosat2 / OpenLayersASTER + Formosat2 / OpenLayers
ASTER / Japan
Formosat2 / Taiwan
![Page 22: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/22.jpg)
2424
http://www.geogrid.org
24
http://www.geogrid.org/
DEMO 4-2:DEMO 4-2:PORTAL DEVELOPMENTPORTAL DEVELOPMENT
(PHP, PERL, ...)(PHP, PERL, ...)
![Page 23: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/23.jpg)
2525
http://www.geogrid.org
25
Web Portal DevelopmentWeb Portal Development
apache_ahtn_myproxy modulePHP, Perl, Phython, etc.
Servlet basic authentication moduleJava Servlet
GridSphere authentication module
![Page 24: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/24.jpg)
2626
http://www.geogrid.org
26
http://www.geogrid.org/
DEMO 5:DEMO 5:INDEPENDENCE FROM INDEPENDENCE FROM
AUTHENTICATION AUTHENTICATION METHODSMETHODS
![Page 25: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/25.jpg)
2727
http://www.geogrid.org
27
http://www.geogrid.org/
DEMO 5-1:DEMO 5-1:INDEPENDENCE FROM INDEPENDENCE FROM
AUTHENTICATION AUTHENTICATION METHODS:METHODS:(OPENID)(OPENID)
![Page 26: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/26.jpg)
2828
http://www.geogrid.org
28
User
Passwordfor OpenID
OpenID Server
VO memberDB
VOMS server
MyProxy CA
- Account DB- Credential Repository
Web Portal
Request short-livedcredential
VOMS proxy
OpenID URL
OpenID authentication moduleOpenID authentication module
![Page 27: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/27.jpg)
2929
http://www.geogrid.org
29
http://www.geogrid.org/
DEMO 5-1:DEMO 5-1:INDEPENDENCE FROM INDEPENDENCE FROM
AUTHENTICATION AUTHENTICATION METHODS:METHODS:
(CREDENTIAL)(CREDENTIAL)
![Page 28: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/28.jpg)
3030
http://www.geogrid.org
30
Credential LoginCredential Login
Tsukuba-GAMA Authentication Flow for PKI / GSITsukuba-GAMA Authentication Flow for PKI / GSI
User
usernameand
password
VOMS
CredentialRepositoryMy Proxy
Repository
Online CA
VO Management
CredentialManagement
OpenID
usercredential
VO Portal
PHP,Perl,
Python, etc...
VOMSProxyCertificate
End EntityCertificate
My Proxy CA
VO attribute
Language Free Portal Development: Must accommodate existing application portals written by PHP, Perl, Python, Java Servlet, etc. Provides Apache, Servlet, and GridSphere authentication modules, in order to support any language.
Credential Management: Non-secure users often manage their private keys for PKI / GSI without careful planning.
Manages user credentials on the server side, instead of leaving it to inexperienced users.
Independencefrom Authentication methods: Must accommodate existing, settled authentication methods, OpenID, Shibboleth, username and password, user credential, etc.
Generates Grid credentials from any method.
![Page 29: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/29.jpg)
3131
http://www.geogrid.org
31
Compare IdentityCompare Identity
Identity
Same VO
Credential Login
OpenID Login
![Page 30: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/30.jpg)
3232
http://www.geogrid.org
32
ConclusionsConclusions
Tsukuba-GAMA Authentication Flow for PKI / GSITsukuba-GAMA Authentication Flow for PKI / GSI
User
usernameand
password
VOMS
CredentialRepositoryMy Proxy
Repository
Online CA
VO Management
CredentialManagement
OpenID
usercredential
VO Portal
PHP,Perl,
Python, etc...
VOMSProxyCertificate
End EntityCertificate
My Proxy CA
VO attribute
Language Free Portal Development: - GridSphere / Satellite database federation - Geographical portal / OpenLayers - PHP, Perl
Credential Management: - User does not need to manage their credentials
Independencefrom Authentication methods: - Username and Password - OpenID - Globus credential
![Page 31: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/31.jpg)
3333
http://www.geogrid.org
33
http://www.geogrid.org/
THANK YOUTHANK YOU
To be released NEXT month!
![Page 32: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/32.jpg)
3434
http://www.geogrid.org
34
http://www.geogrid.org/
DEMO 6:DEMO 6:ACCOUNT CREATIONACCOUNT CREATION
![Page 33: 1 1 1 How Grid Security works in GEO Sciences N. Yamamoto, Y. Tanaka, I. Kojima, S. Sekiguchi AIST Oct. 28, 2009](https://reader030.vdocument.in/reader030/viewer/2022032708/56649e685503460f94b650e7/html5/thumbnails/33.jpg)
3535
http://www.geogrid.org
35
Account CreationAccount Creation
Account DB(GAMA)
VO(VOMS)
VO portalhttp://testvo.geogrid.org/gridsphere/
Account Portalhttp://testvo.geogrid.org:9443/gridsphere
USER
1. Request an account
Account Admin
2. Approve
3. Activate an account
VO Admin
4. Register the user to the VO
4. Import the user’s account information to the VO