The Catania Science Gateway Framework Riccardo Bruno riccardo
The Catania Science Gateway Framework Riccardo Bruno (riccardo. bruno@ct. infn. it) INFN Catania
Outline § Science Gateway concept and aim § The Catania Science Gateway Framework (CSGF) § CSGF Architecture and Components § AAI, SAGA/JSAGA, Grid&Cloud Engine , e. Token. Server, APIs § CSGF implementations § CSGF@INDIGO-Data. Cloud 29/11/2020 2
Science Gateways § Definition “A Science Gateway is a community-developed set of tools, applications, and data that is integrated via a portal or a suite of applications, usually in a graphical user interface, that is further customized to meet the needs of a specific community. ” Teragrid/XSEDE § Aim to serve science § Ease the use of new emerging technologies and let them be accessible to scientific communities through well known means such web interfaces, mobile applications, etc. INDIGO-Data. Cloud 29/11/2020 3
The Catania Science Gateway Framework (CSGF) http: //www. catania-science-gateways. it § Born in 2010 to hide Grid complexity (especially security-wise) § Designed to be: § Sustainable (Fully based on standards) § Scalable (Glassfish) § Secure (AAI/Traceability) § Interoperable (One system, many infrastructures) § Accessible anytime and anywhere (Mobile devices) INDIGO-Data. Cloud 29/11/2020 4
CSGF Architecture Infrastructures Applications App 1 Grid SGW x VO a App 2 VO b App 2 API Frontend … App i App k App j App k App x … SGW y App x SGW z … HPC Cloud Tenant a Tenant b … App n API Services INDIGO-Data. Cloud 29/11/2020 5
CSGF Components Users having different roles and privileges 3 Portlets 1 AAI • Administrators • Power users • Basic users • VRC members etc. 2 Grid&Cloud Engine Thanks to the CSGF, the interoperability of different distributed e-Infrastructures has been successfully demonstrated INDIGO-Data. Cloud Grid 29/11/2020 Cloud HPC 6
AAI in CSGF 1 Identity Federations Auth. N/Auth. Z Authenticatio n handled separately SAML 2. 0 Id. P 1 Id. P 2 Authorization 1. Sign In … Id. P n 2. Select e. ID or Your institute Id. Fs 3. Select your Id. F and Id. P eid-stork. eu 4. Use Id. P to get authorized by Id. P INDIGO-Data. Cloud 29/11/2020 7
2 CSGF Grid&Cloud Engine e. Token Server (GSI Access) Science Gateway Interface Data Engine Job Engine User. Tracking Compliant with the EGI Portal and User Traceability policies JSAGA API INDIGO-Data. Cloud Robot certificate Proxies Accounting Auditing Grid/Cloud/HPC 29/11/2020 8
CSGF Portlets 3 Java API REST APIs Portlet examples and templates are available on Source. Forge https: //sourceforge. net/projects/ctsciencegtwys/ Science Gateway Interface Documentation for developers http: //www. catania-science-gateways. it/documents • Development environment • Portlet templates • Job submission example (multi-infrastructure) • Parallel application (MPI example) • Simple workflows (parametric and collections) • Execution on Cloud (OCCI) The suggested approach consists in customising one of the available portlets or reuse their code to develop new ones INDIGO-Data. Cloud 29/11/2020 10
3 CSGF Special Portlets (My. Workspace) User Jobs User Job Map User’ Data Help INDIGO-Data. Cloud 29/11/2020 11
Summary of adopted standards § The framework for Science Gateways developed at Catania is fully web-based and adopts official worldwide standards and protocols, through their most common implementations 1 2 3 § The OASIS Security Assertion Markup Language (SAML) standard and its Shibboleth, Simple. SAMLphp and STORK implementations § § The Lightweight Direct Access Protocol, and its Open. LDAP implementation § The Open Grid Forum (OGF) Simple API for Grid Applications (SAGA) standard and its JSAGA implementation § The Open Grid Forum (OGF) Open Cloud Computing Interface (OCCI) standard and its r. OCCI implementation § The JSR 168 and JSR 286 standards (also known as "portlet 1. 0" and "portlet 2. 0" standards) The Cryptographic Token Interface Standard (PKCS#11) standard and its Cryptoki implementation INDIGO-Data. Cloud 29/11/2020 12
Interoperability with the CSGF INDIGO-Data. Cloud 29/11/2020 13
Implementations http: //gridp. garr. it/service-providers. html INDIGO-Data. Cloud 29/11/2020 14
Live demo … INDIGO-Data. Cloud 29/11/2020 15
The CSGF @ INDIGO § The CSGF will be the baseline to build the general purpose Science Gateway of INDIGO and demonstrate WP 6 API’s § Changes will be applied to the current framework to both the AAI and the Grid & Cloud Engine to make use of WP 4 and WP 5 API’s INDIGO-Data. Cloud 29/11/2020 16
Grid & Cloud Engine Proposed Changes § Current Java APIs will be re-engineered to integrate WP 4 and WP 5 APIs § RESTful calls will be developed to interface WP 4 and WP 5 APIs § RESTful calls should interface both Web- and Mobilebased applications § Harmonize the Users Tracking database with WP 4 and WP 5 keeping the compliance with EGI policies INDIGO-Data. Cloud 29/11/2020 17
AAI Proposed improvements § Move the libraries for the infrastructure interaction into a separate service § The new service has to provide RESTful API’s for SGs and mobile applications § Integrate all the API’s of the Paa. S and Iaa. S components and add all further needed logic § Include other technologies to authenticate users on different e. Infrastructures § These should not require end-user explicit authentication § Extend the authorisation supporting different services § Role DB could be available in the Paa. S § Something like Microsoft Azure Active Directory Service § EGI LTo. S User Management Portal compatibility § Authorisation roles distributed inside SAML token (through AARC project) INDIGO-Data. Cloud 29/11/2020 18
AAI Proposed architecture Community Identity Providers SGW INDIGO App n App 3 App 2 App 1 User Auth. Z WP 6 SGW 1 SGW n Auth. Z Could be the same API Frontend ? WP 5 WP 4 INDIGO-Data. Cloud IAM 29/11/2020 19
AAI Proposed architecture § Communities are free to select any Auth. N/Auth. Z methods for their users § A reference implementation using SAML will be deployed by WP 6 in the general purpose SG § The Auth. Z service should contain the role(s) each user has in the SG § The SG is responsible to translate the roles to action in the infrastructure § Authentication to the e-infrastructure to be agreed with WP 4 and WP 5 INDIGO-Data. Cloud 29/11/2020 20
Thank you! Questions? INDIGO-Data. Cloud 29/11/2020 21
- Slides: 20