egi technical forum 2010, september 14, 2010, amsterdam h.j. weyer toc photon facilities and...
DESCRIPTION
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer Photon Facilities and Authentication EuroFEL is one of 44 pan- European research infra- structures listed in the ESFRI roadmap The European FEL LandscapeTRANSCRIPT
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
TOCPhoton Facilities and Authentication
The environment General boundary conditions IT requests and characteristics Umbrella concept Authentication and authorization Coaching Roadmap Status and Outlook
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
The environmentPhoton Facilities and Authentication
Photon facilities Synchrotrons and Free Electron Lasers (FELs) Produce light of highest brightness Typical range from infra-red to Xrays Size hundreds of meters
Wide range of research areas in EU about 30’000 visiting scientists/year small teams, visit for
Few hours (structural biology) to Few weeks (superconductivity, nano investigations)
About 15 synchrotrons in EU ESRF Grenoble National facilities (DESY, PSI, …)
Neutron facilities Complementary Similar user community
FELs, 103 to 106 times brighter SLAC/Stanford, DESY/Hamburg, PSI/Villigen Membrane proteins; microscopic movies of chemical reactions
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Photon Facilities and Authentication
EuroFEL is one of 44 pan-European research infra-structures listed in the ESFRI roadmap
The European FEL Landscape
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
General boundary conditions
Photon Facilities and Authentication
In EU in the order of several 10’000 user visits / year Large overbooking (≥3:1) Large administrative load
On-site visits Short duration In part spontaneous (keep that bonus)
Decentralized structure (compare to CERN) Various research fields Various facilities
National facilities Report to national governments
‘Part-time’ users E.g. structural biology: 10% of time
Research teams Patchwork In general low IT background
User at facilities produce excellent results 2009 Nobel prizes in chemistry
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
More boundary conditions
Photon Facilities and Authentication
Totally impossible to develop any new tool in one step Totally impossible to migrate to any new system in one step; → parallel realization → Develop a prototype by EuroFEL, implement at other facilities later Base on Federated Single-Sign-On System by Shibboleth (SAML), widely used in the academic world; expertise at SWITCH Introduce photon/neutron community as new domain Only one identity provider + one new fedaration
- universities + facilities
EU-unique user identification
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Role of Facility Partners
Photon Facilities and Authentication
are national institutes are eager to preserve their autonomy are competing for the best users see user data and proposals as “theirs” have strong reservations against central data storage in general and will never agree to central proposal storage!
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Confidentialityo High competition, especially structural biologyo Time-window structured access to experiments and data
User friendlinesso Part-time users, small teams, no guru
Flexible, diverse solutionso Responding to diverse requests
Facility friendliness o Limited resourceso Prevent any ‘bypass’ solutions
Keep local as much as possible Distributed actions
o Users: manage their personal entrieso Facilities: manage their authorizations
Required Solution Characteristics
Photon Facilities and Authentication
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
IT Projects Authentication (EU-unique (identification)
Proposal handling (thousands of proposals / year) Coaching (support of novice users)
Remote experiment login (young scientists; Fedex-style experiments)
But more than authentication (e.g. fire wall, experiment standardization, component protocols …)
Remote data access (terabytes of data) But more than authentication (e.g. data format, catalogues …)
Photon Facilities and Authentication
EuroFELUmbrellaprototype
Nextgeneration
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Photon Facilities and Authentication
The Central / Local Issue
Central: Unique EU-wide identification Central: Common access portal Central: Update of user info on one place
Facility-local: proposal storage Facility-local: local authorization issues Facility-local: storage of experimental data
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
The Umbrella Concept
User
UOffice2 UOffice1UOffice3
Fig.1
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
The Umbrella components I, EAAAuthentication
Photon Facilities and Authentication
Single sign on Unique user identification on EU scale Dual EAA and local-WUO operation Local WUOs stay fully autonomous No cross-facility information exchange User controls his/her personal info Authorization info = local No specific local software Flexible (two-level: soft, hard) Prevent ‘special’ databases
UnamePasswEmailBirthday
PhoneSmail…RegistrationsFacility Roles…
Fac A B CLo
cal
Cen
tral
AAA ≡ Authentication+Authorization+AccountingEAA ≡ European AAA
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
The Umbrella components II, EUUProposal handling
Photon Facilities and Authentication
EUU: export, modify it and submit Local (facility-specific) and general (scientific) part Flexibility and confidentiality Export-type mechanism: up-to-date format Work on formal agreement Local WUOs stay fully autonomous No specific local software
UUU ≡ Unified User UmbrellaEUU ≡ EuroFEL UUU = prototype
Proposer infoTime request…BeamlineSample
GoalMethodResultsPrev. Work…G
ener
al
Loca
l
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
The Umbrella components IIICoaching
Photon Facilities and Authentication
Support of novice users via FAQ (static) and Coaching (dynamic) Coaches give only advice, responsibility is always fully with the user On entry a question category tree is offered to the user Experienced coaches needed
o Must be protected against excessive loado They are, however, free to identify themselves o Limited number of iterations
Coaches are honored on a peer basis, like proposal referees Interesting question can be added to the FAQ, if the questioner agrees
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
User User User
User
AAA AAA
AA
AAA
AA AA
A
Authentication
Authorization
Accounting
Authentication
Separate
Single Sign On
Common User Access Control
UOffice2
UOffice2
UOffice1
UOffice1
UOffice3
UOffice3
Authorization
Accounting
WP2 Face to Face Meeting, August 26/27 2010, PSI H.J. Weyer
User
EUU
CoachingRef. Database
ProposalsEuroFELbranded
WUO1
Cen
tral P
art
Loca
l Par
t
Shibboleth IdPUser db
Affiliation db Facility neutral
EAA
WUO2 WUO3
A
A
A A A
A
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
EuroFEL Authentication and
Authorization(EAA)
Interface toCentral DB
Central EAATool
Interfaceto Affiliation
DB
Interfaceto WUO DB
Parallel WUOAnd EAAOperation
Adaption ofWUO part
User Updateservice
Authentication and Authorization
BasicCommunication
Protocol
Local WUO Updateservice
WUO ≡ Web-Based User Office, existing local user officeEAA ≡ EuroFEL Authentication
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
EuroFEL Unified User Umbrella
(EUU)
Communicationprotocol
Interfaceto DUOWUO‘s
Interfaceto Affiliation
DB
Interfaceto EAA
DialogWith user
TransferProposal to
WUO Export proposalFrom WUO
Unified User Umbrella and Coaching
EuroFEL Coaching
Interfaceto Affiliation
DB
Interfaceto Affiliation
DB
Interfaceto Affiliation
DB
Interfaceto SMISWUO‘s
WUO ≡ Web-Based User Office, existing local user officeDUO ≡ WUO as developed at PSISMIS ≡ WUO as developed at ESRFEAA ≡ EuroFEL Authentication
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Proposed EUU/EAA Roadmap
1.06
.10
EAA (European
Authenticati
on and Authoriz
ation
)1.
10.1
0
1.10
.10
1.01
.11
1.04
.11
1.04
.12
1.04
.13
Planning / Desi
gn
EUU (European
User Umbrel
la)
Prototype ready
Implem
entation
0.5 FTE 0.1 FTE
EuroFEL / WP2
0.5 FTE
EGI Technical Forum 2010, September 14, 2010, Amsterdam H.J. Weyer
Status and Outlook(September 2010)
Architecture document + road map for prototype ready Start development of 1st- generation Umbrella prototype
Shibboleth deadline March 31, 2011
Discussion 2nd-generation Umbrella (remote functionalities) ‘Actors’:
o PaN-Datao EuroFELo ESFRI-Clustero HDRI Helmholtz
Tools:o GRID?o Specific development?
Type:o Facility-friendly + user-friendlyo Two-level?
Slim, simple Strong, full-beauty IT
Photon Facilities and Authentication